RE: net/mlx5: IPsec, Refactor SA handle creation and destruction

From: Raed Salem
Date: Thu Apr 23 2020 - 03:21:21 EST


> -----Original Message-----
> From: Colin Ian King [mailto:colin.king@xxxxxxxxxxxxx]
> Sent: Tuesday, April 21, 2020 5:00 PM
> To: Raed Salem <raeds@xxxxxxxxxxxx>
> Cc: Boris Pismenny <borisp@xxxxxxxxxxxx>; Saeed Mahameed
> <saeedm@xxxxxxxxxxxx>; Leon Romanovsky <leon@xxxxxxxxxx>; Tariq
> Toukan <tariqt@xxxxxxxxxxxx>; netdev@xxxxxxxxxxxxxxx; linux-
> rdma@xxxxxxxxxxxxxxx; linux-kernel@xxxxxxxxxxxxxxx
> Subject: re: net/mlx5: IPsec, Refactor SA handle creation and destruction
>
> Hi,
>
> Static analysis with Coverity has detected a potential issue with the following
> commit:
>
> commit 7dfee4b1d79e1800818abcfb47747b162c9a2d31
> Author: Raed Salem <raeds@xxxxxxxxxxxx>
> Date: Wed Oct 23 17:04:13 2019 +0300
>
> net/mlx5: IPsec, Refactor SA handle creation and destruction
>
> The issue is in mlx5_fpga_is_ipsec_device() in
> drivers/net/ethernet/mellanox/mlx5/core/fpga/ipsec.c as follows:
>
>
> 710 Bitwise-and with zero
> bit_and_with_zero: accel_xfrm->attrs.action &
> MLX5_ACCEL_ESP_ACTION_DECRYPT is always 0. This occurs as the logical
> operand of if.
>
> 711 if (accel_xfrm->attrs.action & MLX5_ACCEL_ESP_ACTION_DECRYPT) {
> Logically dead code (DEADCODE)
>
> 712 err = ida_simple_get(&fipsec->halloc, 1, 0, GFP_KERNEL);
> 713 if (err < 0) {
> 714 context = ERR_PTR(err);
> 715 goto exists;
> 716 }
> 717
> 718 sa_ctx->sa_handle = err;
> 719 if (sa_handle)
> 720 *sa_handle = sa_ctx->sa_handle;
> 721 }
>
> in include/linux/mlx5/accel.h MLX5_ACCEL_ESP_ACTION_DECRYPT is defined
> as zero:
>
> 50 enum mlx5_accel_esp_action {
> 51 MLX5_ACCEL_ESP_ACTION_DECRYPT,
> 52 MLX5_ACCEL_ESP_ACTION_ENCRYPT,
> 53 };
>
>
> I believe there are some other instances of this bit-wise and-ing with zero,
> e.g. in mlx5_fpga_ipsec_release_sa_ctx() we have:
>
> 855 if (sa_ctx->fpga_xfrm->accel_xfrm.attrs.action &
> 856 MLX5_ACCEL_ESP_ACTION_DECRYPT)
>
> Colin

Thanks for the catch ... will Post a fix