diff options
author | Brian Behlendorf <[email protected]> | 2018-05-01 20:44:24 -0700 |
---|---|---|
committer | GitHub <[email protected]> | 2018-05-01 20:44:24 -0700 |
commit | bc8a6a60e9f0fd219e10f355384d87a41d4f5882 (patch) | |
tree | 67615329d59db506d8a5ad5cde6fe28ee2c0d761 | |
parent | 2c24b5b1487646f68960f25e13a1b0df645d4f49 (diff) |
Fix inst_num overflow in qat_crypt.c
This patch fixes the same issue which was previously addressed in
6051. The variable "inst_num" was of the incorrect type and
"atomic_inc_32_nv()" could cause an overflow damaging its neighbor.
Cast the return value of atomic_inc_32_nv() to Cpa32U.
Fix a few types for num_inst for clarity.
Reviewed-by: Weigang Li <[email protected]>
Signed-off-by: Brian Behlendorf <[email protected]>
Closes #7468
-rw-r--r-- | module/zfs/qat_compress.c | 8 | ||||
-rw-r--r-- | module/zfs/qat_crypt.c | 11 |
2 files changed, 8 insertions, 11 deletions
diff --git a/module/zfs/qat_compress.c b/module/zfs/qat_compress.c index 115316297..8c1410c9e 100644 --- a/module/zfs/qat_compress.c +++ b/module/zfs/qat_compress.c @@ -71,9 +71,8 @@ qat_dc_clean(void) { Cpa16U buff_num = 0; Cpa16U num_inter_buff_lists = 0; - Cpa16U i = 0; - for (i = 0; i < num_inst; i++) { + for (Cpa16U i = 0; i < num_inst; i++) { cpaDcStopInstance(dc_inst_handles[i]); QAT_PHYS_CONTIG_FREE(session_handles[i]); /* free intermediate buffers */ @@ -111,7 +110,6 @@ qat_dc_init(void) Cpa16U buff_num = 0; Cpa32U buff_meta_size = 0; CpaDcSessionSetupData sd = {0}; - Cpa16U i; status = cpaDcGetNumInstances(&num_inst); if (status != CPA_STATUS_SUCCESS) @@ -128,7 +126,7 @@ qat_dc_init(void) if (status != CPA_STATUS_SUCCESS) return (-1); - for (i = 0; i < num_inst; i++) { + for (Cpa16U i = 0; i < num_inst; i++) { cpaDcSetAddressTranslation(dc_inst_handles[i], (void*)virt_to_phys); @@ -286,7 +284,7 @@ qat_compress_impl(qat_compress_dir_t dir, char *src, int src_len, num_add_buf * sizeof (struct page *)) != CPA_STATUS_SUCCESS) goto fail; - i = atomic_inc_32_nv(&inst_num) % num_inst; + i = (Cpa32U)atomic_inc_32_nv(&inst_num) % num_inst; dc_inst_handle = dc_inst_handles[i]; session_handle = session_handles[i]; diff --git a/module/zfs/qat_crypt.c b/module/zfs/qat_crypt.c index e77644161..98d837713 100644 --- a/module/zfs/qat_crypt.c +++ b/module/zfs/qat_crypt.c @@ -47,7 +47,7 @@ #define MAX_PAGE_NUM 1024 -static Cpa16U inst_num = 0; +static Cpa32U inst_num = 0; static Cpa16U num_inst = 0; static CpaInstanceHandle cy_inst_handles[QAT_CRYPT_MAX_INSTANCES]; static boolean_t qat_crypt_init_done = B_FALSE; @@ -93,7 +93,7 @@ qat_checksum_use_accel(size_t s_len) void qat_crypt_clean(void) { - for (Cpa32U i = 0; i < num_inst; i++) + for (Cpa16U i = 0; i < num_inst; i++) cpaCyStopInstance(cy_inst_handles[i]); num_inst = 0; @@ -103,7 +103,6 @@ qat_crypt_clean(void) int qat_crypt_init(void) { - Cpa32U i; CpaStatus status = CPA_STATUS_FAIL; status = cpaCyGetNumInstances(&num_inst); @@ -121,7 +120,7 @@ qat_crypt_init(void) if (status != CPA_STATUS_SUCCESS) return (-1); - for (i = 0; i < num_inst; i++) { + for (Cpa16U i = 0; i < num_inst; i++) { status = cpaCySetAddressTranslation(cy_inst_handles[i], (void *)virt_to_phys); if (status != CPA_STATUS_SUCCESS) @@ -322,7 +321,7 @@ qat_crypt(qat_encrypt_dir_t dir, uint8_t *src_buf, uint8_t *dst_buf, QAT_STAT_INCR(decrypt_total_in_bytes, enc_len); } - i = atomic_inc_32_nv(&inst_num) % num_inst; + i = (Cpa32U)atomic_inc_32_nv(&inst_num) % num_inst; cy_inst_handle = cy_inst_handles[i]; status = qat_init_crypt_session_ctx(dir, cy_inst_handle, @@ -468,7 +467,7 @@ qat_checksum(uint64_t cksum, uint8_t *buf, uint64_t size, zio_cksum_t *zcp) QAT_STAT_BUMP(cksum_requests); QAT_STAT_INCR(cksum_total_in_bytes, size); - i = atomic_inc_32_nv(&inst_num) % num_inst; + i = (Cpa32U)atomic_inc_32_nv(&inst_num) % num_inst; cy_inst_handle = cy_inst_handles[i]; status = qat_init_checksum_session_ctx(cy_inst_handle, |