Received: by 2002:a05:7412:419a:b0:f3:1519:9f41 with SMTP id i26csp4659671rdh;
        Wed, 29 Nov 2023 07:22:03 -0800 (PST)
X-Google-Smtp-Source: AGHT+IEzCvg3b9n/ZkjIjwytyDQeIzPIb7X0VrR1EGm41keR8jtHXHg1zOdH0u9jYxkQcp/w2i7C
X-Received: by 2002:a05:6e02:f84:b0:35c:c669:8658 with SMTP id v4-20020a056e020f8400b0035cc6698658mr10456574ilo.11.1701271322382;
        Wed, 29 Nov 2023 07:22:02 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1701271322; cv=none;
        d=google.com; s=arc-20160816;
        b=pZaisiSRYlzurrrDFMkft3AC5aZE5M7SOhYihICEiwttGHsFzZ4Qy5vqOLZP4RjsiQ
         njqmwun4muDN05AaTgVlc1n0ZPBd6NHfXn5LVmvMClHVbG8LYjWGIdF1L117tIY0BLVK
         4ocBohWP/n1TuiGwoGwuuTNpjj+8VrSleTCGQNHkw3cDny//Z9pWzV2lunezDewZOTpv
         7KFdq2knwiFk7X7PCFq/beyyVFbIAj6HpRE/ZjZH37xcjnH/HTeB8tR3IWptV7k0aSKX
         PRg8zu4RsqB0V06Tq+QkGy0oL9x/V8B+KcaTum2zYts5RSR2eI/7tl4FeI0P1C+/eWuB
         mYMQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :message-id:date:subject:cc:to:from;
        bh=PIBWCubcDObO1zEswJYqTbKHW/j4xGorbYQE7SjlL0E=;
        fh=6FyO0wd9Kk/FNtd22ji0aApFi0F/pH+83rOWkkMumQw=;
        b=Wndd3z7UjnsG/ui+kSCo7tFNp5YpEhtFe9wO9mtN2ZpOpp91LvQ2CiNY4sRHQEh3/t
         tU3goeL+L0icO4JXyGexOZWwX3ovl1i/T0pKZ2vy4CB3bZj3mt3Ztcjuu+s6B0iF5M0H
         BYOyEnb+3AkrJevCPkXLILVmjVYaeFUtQiFgMXiKV0gy+gIEvy1XarwId+yuoySqHoNL
         ptKjwNHm7G6kQWFYn4yjs15EmQGXPwH9Dyt8GZp8oRb1l2GLPo3hovO/ZMnHtbno8D12
         wfa3mqCq/v8QZU2KxJJXWlSF6rPRwsMK3sfXC7AqNfyEentc4IGwt9zFuURbxzGfHtHa
         qVcA==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.31 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from morse.vger.email (morse.vger.email. [23.128.96.31])
        by mx.google.com with ESMTPS id f36-20020a635564000000b005be2531664esi13975103pgm.261.2023.11.29.07.22.01
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 29 Nov 2023 07:22:02 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.31 as permitted sender) client-ip=23.128.96.31;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.31 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0])
	by morse.vger.email (Postfix) with ESMTP id 41BC180579F7;
	Wed, 29 Nov 2023 07:22:00 -0800 (PST)
X-Virus-Status: Clean
X-Virus-Scanned: clamav-milter 0.103.11 at morse.vger.email
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S234820AbjK2PVr (ORCPT <rfc822;aaronngray.lists@gmail.com>
        + 99 others); Wed, 29 Nov 2023 10:21:47 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47660 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S234629AbjK2PVp (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 29 Nov 2023 10:21:45 -0500
Received: from exchange.fintech.ru (exchange.fintech.ru [195.54.195.159])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C05CEC9;
        Wed, 29 Nov 2023 07:21:51 -0800 (PST)
Received: from Ex16-01.fintech.ru (10.0.10.18) by exchange.fintech.ru
 (195.54.195.159) with Microsoft SMTP Server (TLS) id 14.3.498.0; Wed, 29 Nov
 2023 18:21:50 +0300
Received: from localhost (10.0.253.138) by Ex16-01.fintech.ru (10.0.10.18)
 with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.4; Wed, 29 Nov
 2023 18:21:49 +0300
From:   Nikita Zhandarovich <n.zhandarovich@fintech.ru>
To:     Antoine Tenart <atenart@kernel.org>
CC:     Nikita Zhandarovich <n.zhandarovich@fintech.ru>,
        Herbert Xu <herbert@gondor.apana.org.au>,
        "David S. Miller" <davem@davemloft.net>,
        <linux-crypto@vger.kernel.org>, <linux-kernel@vger.kernel.org>
Subject: [PATCH] crypto: safexcel - Add error handling for dma_map_sg() calls
Date:   Wed, 29 Nov 2023 07:21:45 -0800
Message-ID: <20231129152145.7767-1-n.zhandarovich@fintech.ru>
X-Mailer: git-send-email 2.25.1
MIME-Version: 1.0
Content-Transfer-Encoding: 7BIT
Content-Type:   text/plain; charset=US-ASCII
X-Originating-IP: [10.0.253.138]
X-ClientProxiedBy: Ex16-02.fintech.ru (10.0.10.19) To Ex16-01.fintech.ru
 (10.0.10.18)
X-Spam-Status: No, score=-0.8 required=5.0 tests=HEADER_FROM_DIFFERENT_DOMAINS,
	MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE
	autolearn=unavailable autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on morse.vger.email
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (morse.vger.email [0.0.0.0]); Wed, 29 Nov 2023 07:22:00 -0800 (PST)

Macro dma_map_sg() may return 0 on error. This patch enables
checks in case of the macro failure and ensures unmapping of
previously mapped buffers with dma_unmap_sg().

Found by Linux Verification Center (linuxtesting.org) with static
analysis tool SVACE.

Fixes: 49186a7d9e46 ("crypto: inside_secure - Avoid dma map if size is zero")
Signed-off-by: Nikita Zhandarovich <n.zhandarovich@fintech.ru>

 drivers/crypto/inside-secure/safexcel_cipher.c | 19 +++++++++++--------
 1 file changed, 11 insertions(+), 8 deletions(-)

diff --git a/drivers/crypto/inside-secure/safexcel_cipher.c b/drivers/crypto/inside-secure/safexcel_cipher.c
index 272c28b5a088..ca660f31c15f 100644
--- a/drivers/crypto/inside-secure/safexcel_cipher.c
+++ b/drivers/crypto/inside-secure/safexcel_cipher.c
@@ -742,9 +742,9 @@ static int safexcel_send_req(struct crypto_async_request *base, int ring,
 				max(totlen_src, totlen_dst));
 			return -EINVAL;
 		}
-		if (sreq->nr_src > 0)
-			dma_map_sg(priv->dev, src, sreq->nr_src,
-				   DMA_BIDIRECTIONAL);
+		if ((sreq->nr_src > 0) &&
+		    (!dma_map_sg(priv->dev, src, sreq->nr_src, DMA_BIDIRECTIONAL)))
+			return -ENOMEM;
 	} else {
 		if (unlikely(totlen_src && (sreq->nr_src <= 0))) {
 			dev_err(priv->dev, "Source buffer not large enough (need %d bytes)!",
@@ -752,8 +752,9 @@ static int safexcel_send_req(struct crypto_async_request *base, int ring,
 			return -EINVAL;
 		}
 
-		if (sreq->nr_src > 0)
-			dma_map_sg(priv->dev, src, sreq->nr_src, DMA_TO_DEVICE);
+		if ((sreq->nr_src > 0) &&
+		    (!dma_map_sg(priv->dev, src, sreq->nr_src, DMA_TO_DEVICE)))
+			return -ENOMEM;
 
 		if (unlikely(totlen_dst && (sreq->nr_dst <= 0))) {
 			dev_err(priv->dev, "Dest buffer not large enough (need %d bytes)!",
@@ -762,9 +763,11 @@ static int safexcel_send_req(struct crypto_async_request *base, int ring,
 			goto unmap;
 		}
 
-		if (sreq->nr_dst > 0)
-			dma_map_sg(priv->dev, dst, sreq->nr_dst,
-				   DMA_FROM_DEVICE);
+		if ((sreq->nr_dst > 0) &&
+		    (!dma_map_sg(priv->dev, dst, sreq->nr_dst, DMA_FROM_DEVICE))) {
+			ret = -ENOMEM;
+			goto unmap;
+		}
 	}
 
 	memcpy(ctx->base.ctxr->data, ctx->key, ctx->key_len);