From patchwork Fri Jun 26 17:56:48 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Neil Horman X-Patchwork-Id: 6682631 X-Patchwork-Delegate: herbert@gondor.apana.org.au Return-Path: X-Original-To: patchwork-linux-crypto@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork2.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.136]) by patchwork2.web.kernel.org (Postfix) with ESMTP id 22C05C05AC for ; Fri, 26 Jun 2015 17:57:16 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id A27B22069D for ; Fri, 26 Jun 2015 17:57:14 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 8D77C20680 for ; Fri, 26 Jun 2015 17:57:13 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751913AbbFZR5M (ORCPT ); Fri, 26 Jun 2015 13:57:12 -0400 Received: from charlotte.tuxdriver.com ([70.61.120.58]:42903 "EHLO smtp.tuxdriver.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751585AbbFZR5L (ORCPT ); Fri, 26 Jun 2015 13:57:11 -0400 Received: from hmsreliant.think-freely.org ([2001:470:8:a08:7aac:c0ff:fec2:933b] helo=localhost) by smtp.tuxdriver.com with esmtpsa (TLSv1:AES128-SHA:128) (Exim 4.63) (envelope-from ) id 1Z8Xs8-0001CR-2M; Fri, 26 Jun 2015 13:57:06 -0400 From: Neil Horman To: linux-crypto@vger.kernel.org Cc: Neil Horman , Herbert Xu , "David S. Miller" , Tadeusz Struk , qat-linux@intel.com (open list:QAT DRIVER) Subject: [PATCH] QAT: Fix uninitialized variable in qat driver Date: Fri, 26 Jun 2015 13:56:48 -0400 Message-Id: <1435341408-21649-1-git-send-email-nhorman@tuxdriver.com> X-Mailer: git-send-email 2.1.0 X-Spam-Score: -2.9 (--) X-Spam-Status: No, score=-8.3 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_HI, RP_MATCHES_RCVD, UNPARSEABLE_RELAY autolearn=ham version=3.3.1 Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Hit a warning when building QAT, indicating that sz_out might be uninitalized before use. Looks like if you hit an error path and jump to err: you might find yourself trying to unmap an arbirarily long dma region. Its safe on intel since intel defines the invalid dma address as zero, but other arches don't, and if qat makes its way to one of those, that can cause all sorts of corruption. Fix is pretty easy, just init sz_out to zero, and gate the unmapping on sz_out being non-zero Signed-off-by: Neil Horman CC: Herbert Xu CC: "David S. Miller" CC: Tadeusz Struk CC: qat-linux@intel.com (open list:QAT DRIVER) --- drivers/crypto/qat/qat_common/qat_algs.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/drivers/crypto/qat/qat_common/qat_algs.c b/drivers/crypto/qat/qat_common/qat_algs.c index 067402c..35ab752 100644 --- a/drivers/crypto/qat/qat_common/qat_algs.c +++ b/drivers/crypto/qat/qat_common/qat_algs.c @@ -667,8 +667,9 @@ static int qat_alg_sgl_to_bufl(struct qat_crypto_instance *inst, dma_addr_t blp; dma_addr_t bloutp = 0; struct scatterlist *sg; - size_t sz_out, sz = sizeof(struct qat_alg_buf_list) + - ((1 + n + assoc_n) * sizeof(struct qat_alg_buf)); + size_t sz_out = 0; + size_t sz = sizeof(struct qat_alg_buf_list) + + ((1 + n + assoc_n) * sizeof(struct qat_alg_buf)); if (unlikely(!n)) return -EINVAL; @@ -793,7 +794,7 @@ err: dma_unmap_single(dev, buflout->bufers[i].addr, buflout->bufers[i].len, DMA_BIDIRECTIONAL); - if (!dma_mapping_error(dev, bloutp)) + if (sz_out && !dma_mapping_error(dev, bloutp)) dma_unmap_single(dev, bloutp, sz_out, DMA_TO_DEVICE); kfree(buflout); }