re: net/mlx5: IPsec, Refactor SA handle creation and destruction
From: Colin Ian King
Date: Tue Apr 21 2020 - 10:00:18 EST
Hi,
Static analysis with Coverity has detected a potential issue with the
following commit:
commit 7dfee4b1d79e1800818abcfb47747b162c9a2d31
Author: Raed Salem <raeds@xxxxxxxxxxxx>
Date: Wed Oct 23 17:04:13 2019 +0300
net/mlx5: IPsec, Refactor SA handle creation and destruction
The issue is in mlx5_fpga_is_ipsec_device() in
drivers/net/ethernet/mellanox/mlx5/core/fpga/ipsec.c as follows:
710 Bitwise-and with zero
bit_and_with_zero: accel_xfrm->attrs.action &
MLX5_ACCEL_ESP_ACTION_DECRYPT is always 0. This occurs as the logical
operand of if.
711 if (accel_xfrm->attrs.action & MLX5_ACCEL_ESP_ACTION_DECRYPT) {
Logically dead code (DEADCODE)
712 err = ida_simple_get(&fipsec->halloc, 1, 0, GFP_KERNEL);
713 if (err < 0) {
714 context = ERR_PTR(err);
715 goto exists;
716 }
717
718 sa_ctx->sa_handle = err;
719 if (sa_handle)
720 *sa_handle = sa_ctx->sa_handle;
721 }
in include/linux/mlx5/accel.h MLX5_ACCEL_ESP_ACTION_DECRYPT is defined
as zero:
50 enum mlx5_accel_esp_action {
51 MLX5_ACCEL_ESP_ACTION_DECRYPT,
52 MLX5_ACCEL_ESP_ACTION_ENCRYPT,
53 };
I believe there are some other instances of this bit-wise and-ing with
zero, e.g. in mlx5_fpga_ipsec_release_sa_ctx() we have:
855 if (sa_ctx->fpga_xfrm->accel_xfrm.attrs.action &
856 MLX5_ACCEL_ESP_ACTION_DECRYPT)
Colin