From: Yong Wang <wang.yong19@zte.com.cn>
Date: Thu, 25 Jan 2018 06:53:04 +0000 (-0500)
Subject: crypto/qat: fix allocation check and leak
X-Git-Url: http://git.droids-corp.org/?a=commitdiff_plain;h=963898f0e316611df9dc2964d059b4e16835b95a;p=dpdk.git

crypto/qat: fix allocation check and leak

There are several func calls to rte_zmalloc() which don't do null
point check on the return value. And before return, the memory is not
freed. Fix it by adding null point check and rte_free().

Fixes: 1703e94ac5ce ("qat: add driver for QuickAssist devices")
Fixes: e09231eaa2af ("crypto/qat: add SGL capability")
Cc: stable@dpdk.org

Signed-off-by: Yong Wang <wang.yong19@zte.com.cn>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Acked-by: Ferruh Yigit <ferruh.yigit@intel.com>
---

diff --git a/drivers/crypto/qat/qat_adf/qat_algs_build_desc.c b/drivers/crypto/qat/qat_adf/qat_algs_build_desc.c
index db6c9a32e3..26f854c211 100644
--- a/drivers/crypto/qat/qat_adf/qat_algs_build_desc.c
+++ b/drivers/crypto/qat/qat_adf/qat_algs_build_desc.c
@@ -359,6 +359,11 @@ static int qat_alg_do_precomputes(enum icp_qat_hw_auth_algo hash_alg,
 
 		in = rte_zmalloc("working mem for key",
 				ICP_QAT_HW_AES_XCBC_MAC_STATE2_SZ, 16);
+		if (in == NULL) {
+			PMD_DRV_LOG(ERR, "Failed to alloc memory");
+			return -ENOMEM;
+		}
+
 		rte_memcpy(in, qat_aes_xcbc_key_seed,
 				ICP_QAT_HW_AES_XCBC_MAC_STATE2_SZ);
 		for (x = 0; x < HASH_XCBC_PRECOMP_KEY_NUM; x++) {
@@ -389,6 +394,11 @@ static int qat_alg_do_precomputes(enum icp_qat_hw_auth_algo hash_alg,
 				ICP_QAT_HW_GALOIS_E_CTR0_SZ);
 		in = rte_zmalloc("working mem for key",
 				ICP_QAT_HW_GALOIS_H_SZ, 16);
+		if (in == NULL) {
+			PMD_DRV_LOG(ERR, "Failed to alloc memory");
+			return -ENOMEM;
+		}
+
 		memset(in, 0, ICP_QAT_HW_GALOIS_H_SZ);
 		if (AES_set_encrypt_key(auth_key, auth_keylen << 3,
 			&enc_key) != 0) {
diff --git a/drivers/crypto/qat/qat_qp.c b/drivers/crypto/qat/qat_qp.c
index 0941a58a0e..87b9ce0bb1 100644
--- a/drivers/crypto/qat/qat_qp.c
+++ b/drivers/crypto/qat/qat_qp.c
@@ -151,6 +151,11 @@ int qat_crypto_sym_qp_setup(struct rte_cryptodev *dev, uint16_t queue_pair_id,
 	qp->op_cookies = rte_zmalloc("qat PMD op cookie pointer",
 			qp_conf->nb_descriptors * sizeof(*qp->op_cookies),
 			RTE_CACHE_LINE_SIZE);
+	if (qp->op_cookies == NULL) {
+		PMD_DRV_LOG(ERR, "Failed to alloc mem for cookie");
+		rte_free(qp);
+		return -ENOMEM;
+	}
 
 	qp->mmap_bar_addr = pci_dev->mem_resource[0].addr;
 	qp->inflights16 = 0;
@@ -192,7 +197,7 @@ int qat_crypto_sym_qp_setup(struct rte_cryptodev *dev, uint16_t queue_pair_id,
 	for (i = 0; i < qp->nb_descriptors; i++) {
 		if (rte_mempool_get(qp->op_cookie_pool, &qp->op_cookies[i])) {
 			PMD_DRV_LOG(ERR, "QAT PMD Cannot get op_cookie");
-			return -EFAULT;
+			goto create_err;
 		}
 
 		struct qat_crypto_op_cookie *sql_cookie =
@@ -217,6 +222,9 @@ int qat_crypto_sym_qp_setup(struct rte_cryptodev *dev, uint16_t queue_pair_id,
 	return 0;
 
 create_err:
+	if (qp->op_cookie_pool)
+		rte_mempool_free(qp->op_cookie_pool);
+	rte_free(qp->op_cookies);
 	rte_free(qp);
 	return -EFAULT;
 }