crypto/qat: fix allocation check and leak

There are several func calls to rte_zmalloc() which don't do null
point check on the return value. And before return, the memory is not
freed. Fix it by adding null point check and rte_free().

Fixes: 1703e94ac5ce ("qat: add driver for QuickAssist devices")
Fixes: e09231eaa2af ("crypto/qat: add SGL capability")
Cc: stable@dpdk.org
Signed-off-by: Yong Wang <wang.yong19@zte.com.cn>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Acked-by: Ferruh Yigit <ferruh.yigit@intel.com>

diff --git a/drivers/crypto/qat/qat_adf/qat_algs_build_desc.c b/drivers/crypto/qat/qat_adf/qat_algs_build_desc.c
index db6c9a3..26f854c 100644 (file)
--- a/drivers/crypto/qat/qat_adf/qat_algs_build_desc.c
+++ b/drivers/crypto/qat/qat_adf/qat_algs_build_desc.c
@@ -359,6 +359,11 @@ static int qat_alg_do_precomputes(enum icp_qat_hw_auth_algo hash_alg,
 
                in = rte_zmalloc("working mem for key",
                                ICP_QAT_HW_AES_XCBC_MAC_STATE2_SZ, 16);
+               if (in == NULL) {
+                       PMD_DRV_LOG(ERR, "Failed to alloc memory");
+                       return -ENOMEM;
+               }
+
                rte_memcpy(in, qat_aes_xcbc_key_seed,
                                ICP_QAT_HW_AES_XCBC_MAC_STATE2_SZ);
                for (x = 0; x < HASH_XCBC_PRECOMP_KEY_NUM; x++) {
@@ -389,6 +394,11 @@ static int qat_alg_do_precomputes(enum icp_qat_hw_auth_algo hash_alg,
                                ICP_QAT_HW_GALOIS_E_CTR0_SZ);
                in = rte_zmalloc("working mem for key",
                                ICP_QAT_HW_GALOIS_H_SZ, 16);
+               if (in == NULL) {
+                       PMD_DRV_LOG(ERR, "Failed to alloc memory");
+                       return -ENOMEM;
+               }
+
                memset(in, 0, ICP_QAT_HW_GALOIS_H_SZ);
                if (AES_set_encrypt_key(auth_key, auth_keylen << 3,
                        &enc_key) != 0) {

diff --git a/drivers/crypto/qat/qat_qp.c b/drivers/crypto/qat/qat_qp.c
index 0941a58..87b9ce0 100644 (file)
--- a/drivers/crypto/qat/qat_qp.c
+++ b/drivers/crypto/qat/qat_qp.c
@@ -151,6 +151,11 @@ int qat_crypto_sym_qp_setup(struct rte_cryptodev *dev, uint16_t queue_pair_id,
        qp->op_cookies = rte_zmalloc("qat PMD op cookie pointer",
                        qp_conf->nb_descriptors * sizeof(*qp->op_cookies),
                        RTE_CACHE_LINE_SIZE);
+       if (qp->op_cookies == NULL) {
+               PMD_DRV_LOG(ERR, "Failed to alloc mem for cookie");
+               rte_free(qp);
+               return -ENOMEM;
+       }
 
        qp->mmap_bar_addr = pci_dev->mem_resource[0].addr;
        qp->inflights16 = 0;
@@ -192,7 +197,7 @@ int qat_crypto_sym_qp_setup(struct rte_cryptodev *dev, uint16_t queue_pair_id,
        for (i = 0; i < qp->nb_descriptors; i++) {
                if (rte_mempool_get(qp->op_cookie_pool, &qp->op_cookies[i])) {
                        PMD_DRV_LOG(ERR, "QAT PMD Cannot get op_cookie");
-                       return -EFAULT;
+                       goto create_err;
                }
 
                struct qat_crypto_op_cookie *sql_cookie =
@@ -217,6 +222,9 @@ int qat_crypto_sym_qp_setup(struct rte_cryptodev *dev, uint16_t queue_pair_id,
        return 0;
 
 create_err:
+       if (qp->op_cookie_pool)
+               rte_mempool_free(qp->op_cookie_pool);
+       rte_free(qp->op_cookies);
        rte_free(qp);
        return -EFAULT;
 }