From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <luca.boccassi@gmail.com>
Received: from mail-wr0-f196.google.com (mail-wr0-f196.google.com
 [209.85.128.196]) by dpdk.org (Postfix) with ESMTP id 5DD711DBB
 for <stable@dpdk.org>; Mon, 30 Apr 2018 16:44:23 +0200 (CEST)
Received: by mail-wr0-f196.google.com with SMTP id c14-v6so8288079wrd.4
 for <stable@dpdk.org>; Mon, 30 Apr 2018 07:44:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=from:to:cc:subject:date:message-id:in-reply-to:references;
 bh=dKK4ZRMxAVFC46DSai8roqzshXxGgC0tmEXPOc/Dz6I=;
 b=h32lCTeLYC3Z+ABcFD9y9foQrm8PZ8Pea0GAaz09q8Yk/ICmtVePSApwF6ZziLIY0q
 vdMKSI4kHo37Vcg3VKQkgYVMqStaaq/4nxQhSRxqaLmrxAAOzHQ0dNv5vHmUGodREFNW
 WV0h/SpijOrE2z3BkI4tLThEAW2cNFA+OQYpXjR63tcf8VqNUuLC2XGpLx0oGL2wpVfm
 Rc8X7PBDmWYHCSTnQ09PpVARwWOoYwHCgEut46HxUVpJxYLCSJI57FjZb14npIYwgQIt
 Qth9XheTufqwW+JA3viXP5cHSTWt21HcX1aCXCIFkHMEhlCRp5UUHfh5LSIsUqGQQ6AX
 +6VQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
 :references;
 bh=dKK4ZRMxAVFC46DSai8roqzshXxGgC0tmEXPOc/Dz6I=;
 b=YcxBHtpSyNAvYYiAevea6swRvrYO91eF4yAPdnt8d/jh1fY3MB46TiNtgSMlWps3Qx
 VkYxyV6sh+y41rA9EoUMlKF7+l4HucqUBjVNZMZUZ2QDksVeSP7N9Cdp6q5x8D5xW9s7
 da+lbrGhWRfmmNeQxxcuGhTYLip5HNYeMYTDbUfrgktDOmo31SLKzbnBnckFBAvzo1XH
 E24I7pfbTmCLXF1qivv7xmn2xyzaxCgGnPyTAm3XUMFT0VV8nWX92ROdJ+u9XjjwJeWm
 G9d3sN/QxglA1WENR2wm4f8opB8+ZD8nuhsZsdd8s3pSSbYfqQ9pK72aeBXEY6HMww1L
 DphA==
X-Gm-Message-State: ALQs6tD1n6B2oN/Xq1zTHwHMq5ZYEJqanre+EZYcS2zXmg0/eQ94GKI1
 WorITNt8idKw0tq1k8R0wUhVxYX2HvM=
X-Google-Smtp-Source: AB8JxZoxUb4dHY13Z+xUv+UfTClmtiIFQnLCY+EQBSklra236vOzI23Z63WwgjEErIurQAQ3ZVYmFg==
X-Received: by 2002:adf:a3d7:: with SMTP id
 m23-v6mr9521475wrb.209.1525099463695; 
 Mon, 30 Apr 2018 07:44:23 -0700 (PDT)
Received: from localhost ([2a00:23c5:be9a:5200:ce4c:82c0:d567:ecbb])
 by smtp.gmail.com with ESMTPSA id q7-v6sm5894077wrf.49.2018.04.30.07.44.22
 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
 Mon, 30 Apr 2018 07:44:22 -0700 (PDT)
From: luca.boccassi@gmail.com
To: Sunil Kumar Kori <sunil.kori@nxp.com>
Cc: Akhil Goyal <akhil.goyal@nxp.com>,
	dpdk stable <stable@dpdk.org>
Date: Mon, 30 Apr 2018 15:41:29 +0100
Message-Id: <20180430144223.18657-74-luca.boccassi@gmail.com>
X-Mailer: git-send-email 2.14.2
In-Reply-To: <20180430144223.18657-1-luca.boccassi@gmail.com>
References: <20180430140606.4615-80-luca.boccassi@gmail.com>
 <20180430144223.18657-1-luca.boccassi@gmail.com>
Subject: [dpdk-stable] patch 'crypto/dpaa2_sec: improve error handling' has
	been queued to stable release 18.02.2
X-BeenThere: stable@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: patches for DPDK stable branches <stable.dpdk.org>
List-Unsubscribe: <https://dpdk.org/ml/options/stable>,
 <mailto:stable-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://dpdk.org/ml/archives/stable/>
List-Post: <mailto:stable@dpdk.org>
List-Help: <mailto:stable-request@dpdk.org?subject=help>
List-Subscribe: <https://dpdk.org/ml/listinfo/stable>,
 <mailto:stable-request@dpdk.org?subject=subscribe>
X-List-Received-Date: Mon, 30 Apr 2018 14:44:24 -0000

Hi,

FYI, your patch has been queued to stable release 18.02.2

Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet.
It will be pushed if I get no objections before 05/02/18. So please
shout if anyone has objections.

Thanks.

Luca Boccassi

---
>>From 15c0c24744a894430bb74965612857b2696a1974 Mon Sep 17 00:00:00 2001
From: Sunil Kumar Kori <sunil.kori@nxp.com>
Date: Thu, 5 Apr 2018 14:05:49 +0530
Subject: [PATCH] crypto/dpaa2_sec: improve error handling

[ upstream commit c3b894155f7698c1e5a0a796527258f38e07179a ]

Fixed as reported by NXP's internal coverity.
Also part of dpdk coverity.

Coverity issue: 268331
Coverity issue: 268333

Fixes: 8d1f3a5d751b ("crypto/dpaa2_sec: support crypto operation")

Signed-off-by: Sunil Kumar Kori <sunil.kori@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
---
 drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c | 27 +++++++++++++++++++++++----
 1 file changed, 23 insertions(+), 4 deletions(-)

diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
index a64074bfe..f3073aa27 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
@@ -1624,7 +1624,7 @@ dpaa2_sec_auth_init(struct rte_cryptodev *dev,
 {
 	struct dpaa2_sec_dev_private *dev_priv = dev->data->dev_private;
 	struct alginfo authdata;
-	unsigned int bufsize, i;
+	int bufsize, i;
 	struct ctxt_priv *priv;
 	struct sec_flow_context *flc;
 
@@ -1720,6 +1720,10 @@ dpaa2_sec_auth_init(struct rte_cryptodev *dev,
 	bufsize = cnstr_shdsc_hmac(priv->flc_desc[DESC_INITFINAL].desc,
 				   1, 0, &authdata, !session->dir,
 				   session->digest_length);
+	if (bufsize < 0) {
+		DPAA2_SEC_ERR("Crypto: Invalid buffer length");
+		goto error_out;
+	}
 
 	flc->word1_sdl = (uint8_t)bufsize;
 	flc->word2_rflc_31_0 = lower_32_bits(
@@ -1750,7 +1754,7 @@ dpaa2_sec_aead_init(struct rte_cryptodev *dev,
 	struct dpaa2_sec_aead_ctxt *ctxt = &session->ext_params.aead_ctxt;
 	struct dpaa2_sec_dev_private *dev_priv = dev->data->dev_private;
 	struct alginfo aeaddata;
-	unsigned int bufsize, i;
+	int bufsize, i;
 	struct ctxt_priv *priv;
 	struct sec_flow_context *flc;
 	struct rte_crypto_aead_xform *aead_xform = &xform->aead;
@@ -1841,6 +1845,11 @@ dpaa2_sec_aead_init(struct rte_cryptodev *dev,
 				priv->flc_desc[0].desc, 1, 0,
 				&aeaddata, session->iv.length,
 				session->digest_length);
+	if (bufsize < 0) {
+		DPAA2_SEC_ERR("Crypto: Invalid buffer length");
+		goto error_out;
+	}
+
 	flc->word1_sdl = (uint8_t)bufsize;
 	flc->word2_rflc_31_0 = lower_32_bits(
 			(uint64_t)&(((struct dpaa2_sec_qp *)
@@ -1870,7 +1879,7 @@ dpaa2_sec_aead_chain_init(struct rte_cryptodev *dev,
 	struct dpaa2_sec_aead_ctxt *ctxt = &session->ext_params.aead_ctxt;
 	struct dpaa2_sec_dev_private *dev_priv = dev->data->dev_private;
 	struct alginfo authdata, cipherdata;
-	unsigned int bufsize, i;
+	int bufsize, i;
 	struct ctxt_priv *priv;
 	struct sec_flow_context *flc;
 	struct rte_crypto_cipher_xform *cipher_xform;
@@ -2062,6 +2071,10 @@ dpaa2_sec_aead_chain_init(struct rte_cryptodev *dev,
 					      ctxt->auth_only_len,
 					      session->digest_length,
 					      session->dir);
+		if (bufsize < 0) {
+			DPAA2_SEC_ERR("Crypto: Invalid buffer length");
+			goto error_out;
+		}
 	} else {
 		RTE_LOG(ERR, PMD, "Hash before cipher not supported\n");
 		goto error_out;
@@ -2153,7 +2166,7 @@ dpaa2_sec_set_ipsec_session(struct rte_cryptodev *dev,
 	struct ipsec_encap_pdb encap_pdb;
 	struct ipsec_decap_pdb decap_pdb;
 	struct alginfo authdata, cipherdata;
-	unsigned int bufsize;
+	int bufsize;
 	struct sec_flow_context *flc;
 
 	PMD_INIT_FUNC_TRACE();
@@ -2343,6 +2356,12 @@ dpaa2_sec_set_ipsec_session(struct rte_cryptodev *dev,
 				1, 0, &decap_pdb, &cipherdata, &authdata);
 	} else
 		goto out;
+
+	if (bufsize < 0) {
+		DPAA2_SEC_ERR("Crypto: Invalid buffer length");
+		goto out;
+	}
+
 	flc->word1_sdl = (uint8_t)bufsize;
 
 	/* Enable the stashing control bit */
-- 
2.14.2