[PATCH] crypto: qat - add missing INIT_LIST_HEAD in probe()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

From: Shwethax Shetty <shwethax.shetty@xxxxxxxxx>

If a list is not properly initialized before use, traversing it can lead
to undefined behavior, including NULL pointer dereferences. In this
case, the `adf_ctl_stop_devices()` function attempts to iterate over a
list to retrieve `accel_dev`, but if the list hasn't been initialized,
it may result in a kernel panic.

This issue was observed during testing, with the following stack trace:

    BUG: kernel NULL pointer dereference, address: 0000000000000214
    RIP: 0010:adf_ctl_stop_devices+0x65/0x240 [intel_qat]
    4xxx 0000:86:00.0: pci_iomap_range() calls ioremap_driver_hardened()
    ? __die+0x24/0x70
    ? page_fault_oops+0x82/0x160
    ? do_user_addr_fault+0x65/0x690
    ? exc_page_fault+0x78/0x170
    4xxx 0000:86:00.0: pci_iomap_range() calls ioremap_driver_hardened()
    ? asm_exc_page_fault+0x26/0x30
    ? adf_ctl_stop_devices+0x65/0x240 [intel_qat]
    4xxx 0000:86:00.0: pci_iomap_range() calls ioremap_driver_hardened()
    ? adf_ctl_stop_devices+0x65/0x240 [intel_qat]
    adf_ctl_ioctl+0x6a9/0x790 [intel_qat]

To prevent this, add the missing `INIT_LIST_HEAD()` in `adf_probe()` to
ensure the list is correctly initialized before use.

Fixes: 7afa232e76ce ("crypto: qat - Intel(R) QAT DH895xcc accelerator")
Fixes: dd0f368398ea ("crypto: qat - Add qat dh895xcc VF driver")
Fixes: a6dabee6c8ba ("crypto: qat - add support for c62x accel type")
Fixes: 3771df3cff75 ("crypto: qat - add support for c62xvf accel type")
Fixes: 890c55f4dc0e ("crypto: qat - add support for c3xxx accel type")
Fixes: 8b206f2d666f ("crypto: qat - add support for c3xxxvf accel type")
Fixes: 8c8268166e83 ("crypto: qat - add qat_4xxx driver")
Fixes: fcf60f4bcf54 ("crypto: qat - add support for 420xx devices")
Signed-off-by: Shwethax Shetty <shwethax.shetty@xxxxxxxxx>
Reviewed-by: Srikanth Thokala <srikanth.thokala@xxxxxxxxx>
Reviewed-by: Ahsan Atta <ahsan.atta@xxxxxxxxx>
Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@xxxxxxxxx>
---
 drivers/crypto/intel/qat/qat_420xx/adf_drv.c      | 1 +
 drivers/crypto/intel/qat/qat_4xxx/adf_drv.c       | 1 +
 drivers/crypto/intel/qat/qat_c3xxx/adf_drv.c      | 1 +
 drivers/crypto/intel/qat/qat_c3xxxvf/adf_drv.c    | 1 +
 drivers/crypto/intel/qat/qat_c62x/adf_drv.c       | 1 +
 drivers/crypto/intel/qat/qat_c62xvf/adf_drv.c     | 1 +
 drivers/crypto/intel/qat/qat_dh895xcc/adf_drv.c   | 1 +
 drivers/crypto/intel/qat/qat_dh895xccvf/adf_drv.c | 1 +
 8 files changed, 8 insertions(+)

diff --git a/drivers/crypto/intel/qat/qat_420xx/adf_drv.c b/drivers/crypto/intel/qat/qat_420xx/adf_drv.c
index cfa00daeb4fb..5b88828931f9 100644
--- a/drivers/crypto/intel/qat/qat_420xx/adf_drv.c
+++ b/drivers/crypto/intel/qat/qat_420xx/adf_drv.c
@@ -55,6 +55,7 @@ static int adf_probe(struct pci_dev *pdev, const struct pci_device_id *ent)
 		return -ENOMEM;
 
 	INIT_LIST_HEAD(&accel_dev->crypto_list);
+	INIT_LIST_HEAD(&accel_dev->list);
 	accel_pci_dev = &accel_dev->accel_pci_dev;
 	accel_pci_dev->pci_dev = pdev;
 
diff --git a/drivers/crypto/intel/qat/qat_4xxx/adf_drv.c b/drivers/crypto/intel/qat/qat_4xxx/adf_drv.c
index c9be5dcddb27..80326a4f932a 100644
--- a/drivers/crypto/intel/qat/qat_4xxx/adf_drv.c
+++ b/drivers/crypto/intel/qat/qat_4xxx/adf_drv.c
@@ -57,6 +57,7 @@ static int adf_probe(struct pci_dev *pdev, const struct pci_device_id *ent)
 		return -ENOMEM;
 
 	INIT_LIST_HEAD(&accel_dev->crypto_list);
+	INIT_LIST_HEAD(&accel_dev->list);
 	accel_pci_dev = &accel_dev->accel_pci_dev;
 	accel_pci_dev->pci_dev = pdev;
 
diff --git a/drivers/crypto/intel/qat/qat_c3xxx/adf_drv.c b/drivers/crypto/intel/qat/qat_c3xxx/adf_drv.c
index bceb5dd8b148..597a6a2b9b46 100644
--- a/drivers/crypto/intel/qat/qat_c3xxx/adf_drv.c
+++ b/drivers/crypto/intel/qat/qat_c3xxx/adf_drv.c
@@ -84,6 +84,7 @@ static int adf_probe(struct pci_dev *pdev, const struct pci_device_id *ent)
 		return -ENOMEM;
 
 	INIT_LIST_HEAD(&accel_dev->crypto_list);
+	INIT_LIST_HEAD(&accel_dev->list);
 	accel_pci_dev = &accel_dev->accel_pci_dev;
 	accel_pci_dev->pci_dev = pdev;
 
diff --git a/drivers/crypto/intel/qat/qat_c3xxxvf/adf_drv.c b/drivers/crypto/intel/qat/qat_c3xxxvf/adf_drv.c
index c622793e94a8..acb73fb94687 100644
--- a/drivers/crypto/intel/qat/qat_c3xxxvf/adf_drv.c
+++ b/drivers/crypto/intel/qat/qat_c3xxxvf/adf_drv.c
@@ -98,6 +98,7 @@ static int adf_probe(struct pci_dev *pdev, const struct pci_device_id *ent)
 	pf = adf_devmgr_pci_to_accel_dev(pdev->physfn);
 	accel_pci_dev = &accel_dev->accel_pci_dev;
 	accel_pci_dev->pci_dev = pdev;
+	INIT_LIST_HEAD(&accel_dev->list);
 
 	/* Add accel device to accel table */
 	if (adf_devmgr_add_dev(accel_dev, pf)) {
diff --git a/drivers/crypto/intel/qat/qat_c62x/adf_drv.c b/drivers/crypto/intel/qat/qat_c62x/adf_drv.c
index 23ccb72b6ea2..6fe5854b46f9 100644
--- a/drivers/crypto/intel/qat/qat_c62x/adf_drv.c
+++ b/drivers/crypto/intel/qat/qat_c62x/adf_drv.c
@@ -86,6 +86,7 @@ static int adf_probe(struct pci_dev *pdev, const struct pci_device_id *ent)
 	INIT_LIST_HEAD(&accel_dev->crypto_list);
 	accel_pci_dev = &accel_dev->accel_pci_dev;
 	accel_pci_dev->pci_dev = pdev;
+	INIT_LIST_HEAD(&accel_dev->list);
 
 	/* Add accel device to accel table.
 	 * This should be called before adf_cleanup_accel is called */
diff --git a/drivers/crypto/intel/qat/qat_c62xvf/adf_drv.c b/drivers/crypto/intel/qat/qat_c62xvf/adf_drv.c
index 4840d44bbd5b..905bc7e0aa67 100644
--- a/drivers/crypto/intel/qat/qat_c62xvf/adf_drv.c
+++ b/drivers/crypto/intel/qat/qat_c62xvf/adf_drv.c
@@ -98,6 +98,7 @@ static int adf_probe(struct pci_dev *pdev, const struct pci_device_id *ent)
 	pf = adf_devmgr_pci_to_accel_dev(pdev->physfn);
 	accel_pci_dev = &accel_dev->accel_pci_dev;
 	accel_pci_dev->pci_dev = pdev;
+	INIT_LIST_HEAD(&accel_dev->list);
 
 	/* Add accel device to accel table */
 	if (adf_devmgr_add_dev(accel_dev, pf)) {
diff --git a/drivers/crypto/intel/qat/qat_dh895xcc/adf_drv.c b/drivers/crypto/intel/qat/qat_dh895xcc/adf_drv.c
index b59e0cc49e52..2c4385c42dc9 100644
--- a/drivers/crypto/intel/qat/qat_dh895xcc/adf_drv.c
+++ b/drivers/crypto/intel/qat/qat_dh895xcc/adf_drv.c
@@ -86,6 +86,7 @@ static int adf_probe(struct pci_dev *pdev, const struct pci_device_id *ent)
 	INIT_LIST_HEAD(&accel_dev->crypto_list);
 	accel_pci_dev = &accel_dev->accel_pci_dev;
 	accel_pci_dev->pci_dev = pdev;
+	INIT_LIST_HEAD(&accel_dev->list);
 
 	/* Add accel device to accel table.
 	 * This should be called before adf_cleanup_accel is called */
diff --git a/drivers/crypto/intel/qat/qat_dh895xccvf/adf_drv.c b/drivers/crypto/intel/qat/qat_dh895xccvf/adf_drv.c
index 7cd528ee31e7..4cfdc0088ba5 100644
--- a/drivers/crypto/intel/qat/qat_dh895xccvf/adf_drv.c
+++ b/drivers/crypto/intel/qat/qat_dh895xccvf/adf_drv.c
@@ -98,6 +98,7 @@ static int adf_probe(struct pci_dev *pdev, const struct pci_device_id *ent)
 	pf = adf_devmgr_pci_to_accel_dev(pdev->physfn);
 	accel_pci_dev = &accel_dev->accel_pci_dev;
 	accel_pci_dev->pci_dev = pdev;
+	INIT_LIST_HEAD(&accel_dev->list);
 
 	/* Add accel device to accel table */
 	if (adf_devmgr_add_dev(accel_dev, pf)) {

base-commit: 60a2ff0c7e1bc0615558a4f4c65f031bcd00200d
-- 
2.50.0
[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]
  Powered by Linux