From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga03.intel.com (mga03.intel.com [134.134.136.65]) by dpdk.org (Postfix) with ESMTP id 8ABD35F28; Wed, 24 Oct 2018 01:39:48 +0200 (CEST) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga004.fm.intel.com ([10.253.24.48]) by orsmga103.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 23 Oct 2018 16:39:47 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.54,418,1534834800"; d="scan'208";a="100113968" Received: from sivswdev01.ir.intel.com (HELO localhost.localdomain) ([10.237.217.45]) by fmsmga004.fm.intel.com with ESMTP; 23 Oct 2018 16:39:45 -0700 From: Fiona Trahe To: dev@dpdk.org Cc: akhil.goyal@nxp.com, tomaszx.jozwiak@intel.com, arkadiuszx.kusztal@intel.com, tomaszx.cel@intel.com, Fiona Trahe , stable@dpdk.org Date: Wed, 24 Oct 2018 00:39:42 +0100 Message-Id: <1540337982-12678-1-git-send-email-fiona.trahe@intel.com> X-Mailer: git-send-email 1.7.0.7 Subject: [dpdk-dev] [PATCH] common/qat: fix for invalid response from firmware X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Oct 2018 23:39:49 -0000 Check that the firmware response has a bit set indicating it's valid before dereferencing the rest of the response contents. Fixes: 0bdd36e12245 ("crypto/qat: make dequeue function generic") Cc: stable@dpdk.org Signed-off-by: Fiona Trahe --- drivers/common/qat/qat_qp.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/drivers/common/qat/qat_qp.c b/drivers/common/qat/qat_qp.c index 1d83aac..9c58c64 100644 --- a/drivers/common/qat/qat_qp.c +++ b/drivers/common/qat/qat_qp.c @@ -634,15 +634,23 @@ qat_dequeue_op_burst(void *qp, void **ops, uint16_t nb_ops) uint32_t head; uint32_t resp_counter = 0; uint8_t *resp_msg; + uint8_t hdr_flags; rx_queue = &(tmp_qp->rx_q); tx_queue = &(tmp_qp->tx_q); head = rx_queue->head; resp_msg = (uint8_t *)rx_queue->base_addr + rx_queue->head; + hdr_flags = ((struct icp_qat_fw_comn_resp_hdr *)resp_msg)->hdr_flags; while (*(uint32_t *)resp_msg != ADF_RING_EMPTY_SIG && resp_counter != nb_ops) { + if (unlikely(!ICP_QAT_FW_COMN_VALID_FLAG_GET(hdr_flags))) { + /* Fatal firmware error */ + QAT_LOG(ERR, "QAT Firmware returned invalid response"); + return 0; + } + if (tmp_qp->service_type == QAT_SERVICE_SYMMETRIC) qat_sym_process_response(ops, resp_msg); else if (tmp_qp->service_type == QAT_SERVICE_COMPRESSION) -- 2.7.4