common/qat: fix for invalid response from firmware
Checks
Commit Message
Check that the firmware response has a bit set indicating
it's valid before dereferencing the rest of the response contents.
Fixes: 0bdd36e12245 ("crypto/qat: make dequeue function generic")
Cc: stable@dpdk.org
Signed-off-by: Fiona Trahe <fiona.trahe@intel.com>
---
drivers/common/qat/qat_qp.c | 8 ++++++++
1 file changed, 8 insertions(+)
Comments
> -----Original Message-----
> From: Trahe, Fiona
> Sent: Wednesday, October 24, 2018 1:40 AM
> To: dev@dpdk.org
> Cc: akhil.goyal@nxp.com; Jozwiak, TomaszX <tomaszx.jozwiak@intel.com>;
> Kusztal, ArkadiuszX <arkadiuszx.kusztal@intel.com>; Cel, TomaszX
> <tomaszx.cel@intel.com>; Trahe, Fiona <fiona.trahe@intel.com>;
> stable@dpdk.org
> Subject: [PATCH] common/qat: fix for invalid response from firmware
>
> Check that the firmware response has a bit set indicating it's valid before
> dereferencing the rest of the response contents.
>
> Fixes: 0bdd36e12245 ("crypto/qat: make dequeue function generic")
> Cc: stable@dpdk.org
>
> Signed-off-by: Fiona Trahe <fiona.trahe@intel.com>
> ---
> drivers/common/qat/qat_qp.c | 8 ++++++++
> 1 file changed, 8 insertions(+)
>
> diff --git a/drivers/common/qat/qat_qp.c b/drivers/common/qat/qat_qp.c
> index 1d83aac..9c58c64 100644
> --- a/drivers/common/qat/qat_qp.c
> +++ b/drivers/common/qat/qat_qp.c
> --
> 2.7.4
Acked-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
24/10/2018 17:11, Kusztal, ArkadiuszX:
> From: Trahe, Fiona
> >
> > Check that the firmware response has a bit set indicating it's valid before
> > dereferencing the rest of the response contents.
> >
> > Fixes: 0bdd36e12245 ("crypto/qat: make dequeue function generic")
> > Cc: stable@dpdk.org
> >
> > Signed-off-by: Fiona Trahe <fiona.trahe@intel.com>
>
> Acked-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Applied, thanks
@@ -634,15 +634,23 @@ qat_dequeue_op_burst(void *qp, void **ops, uint16_t nb_ops)
uint32_t head;
uint32_t resp_counter = 0;
uint8_t *resp_msg;
+ uint8_t hdr_flags;
rx_queue = &(tmp_qp->rx_q);
tx_queue = &(tmp_qp->tx_q);
head = rx_queue->head;
resp_msg = (uint8_t *)rx_queue->base_addr + rx_queue->head;
+ hdr_flags = ((struct icp_qat_fw_comn_resp_hdr *)resp_msg)->hdr_flags;
while (*(uint32_t *)resp_msg != ADF_RING_EMPTY_SIG &&
resp_counter != nb_ops) {
+ if (unlikely(!ICP_QAT_FW_COMN_VALID_FLAG_GET(hdr_flags))) {
+ /* Fatal firmware error */
+ QAT_LOG(ERR, "QAT Firmware returned invalid response");
+ return 0;
+ }
+
if (tmp_qp->service_type == QAT_SERVICE_SYMMETRIC)
qat_sym_process_response(ops, resp_msg);
else if (tmp_qp->service_type == QAT_SERVICE_COMPRESSION)