[PATCH] QAT: Fix uninitialized variable in qat driver

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hit a warning when building QAT, indicating that sz_out might be uninitalized
before use.  Looks like if you hit an error path and jump to err: you might find
yourself trying to unmap an arbirarily long dma region.  Its safe on intel since
intel defines the invalid dma address as zero, but other arches don't, and if
qat makes its way to one of those, that can cause all sorts of corruption.

Fix is pretty easy, just init sz_out to zero, and gate the unmapping on sz_out
being non-zero

Signed-off-by: Neil Horman <nhorman@xxxxxxxxxxxxx>
CC: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
CC: "David S. Miller" <davem@xxxxxxxxxxxxx>
CC: Tadeusz Struk <tadeusz.struk@xxxxxxxxx>
CC: qat-linux@xxxxxxxxx (open list:QAT DRIVER)
---
 drivers/crypto/qat/qat_common/qat_algs.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/drivers/crypto/qat/qat_common/qat_algs.c b/drivers/crypto/qat/qat_common/qat_algs.c
index 067402c..35ab752 100644
--- a/drivers/crypto/qat/qat_common/qat_algs.c
+++ b/drivers/crypto/qat/qat_common/qat_algs.c
@@ -667,8 +667,9 @@ static int qat_alg_sgl_to_bufl(struct qat_crypto_instance *inst,
 	dma_addr_t blp;
 	dma_addr_t bloutp = 0;
 	struct scatterlist *sg;
-	size_t sz_out, sz = sizeof(struct qat_alg_buf_list) +
-			((1 + n + assoc_n) * sizeof(struct qat_alg_buf));
+	size_t sz_out = 0;
+	size_t sz = sizeof(struct qat_alg_buf_list) +
+			  ((1 + n + assoc_n) * sizeof(struct qat_alg_buf));
 
 	if (unlikely(!n))
 		return -EINVAL;
@@ -793,7 +794,7 @@ err:
 				dma_unmap_single(dev, buflout->bufers[i].addr,
 						 buflout->bufers[i].len,
 						 DMA_BIDIRECTIONAL);
-		if (!dma_mapping_error(dev, bloutp))
+		if (sz_out && !dma_mapping_error(dev, bloutp))
 			dma_unmap_single(dev, bloutp, sz_out, DMA_TO_DEVICE);
 		kfree(buflout);
 	}
-- 
2.1.0

--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux