The local variable 'i' is initialized with -EINVAL, but the for loop immediately overwrites it and -EINVAL is never returned.
If no empty compression mode can be found, the function would return the out-of-bounds index IAA_COMP_MODES_MAX, which would cause an invalid array access in add_iaa_compression_mode().
Fix both issues by returning either a valid index or -EINVAL.
Cc: stable@vger.kernel.org Fixes: b190447e0fa3 ("crypto: iaa - Add compression mode management along with fixed mode") Signed-off-by: Thorsten Blum thorsten.blum@linux.dev --- drivers/crypto/intel/iaa/iaa_crypto_main.c | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-)
diff --git a/drivers/crypto/intel/iaa/iaa_crypto_main.c b/drivers/crypto/intel/iaa/iaa_crypto_main.c index 23f585219fb4..8ee2a55ec449 100644 --- a/drivers/crypto/intel/iaa/iaa_crypto_main.c +++ b/drivers/crypto/intel/iaa/iaa_crypto_main.c @@ -221,15 +221,13 @@ static struct iaa_compression_mode *iaa_compression_modes[IAA_COMP_MODES_MAX];
static int find_empty_iaa_compression_mode(void) { - int i = -EINVAL; + int i;
- for (i = 0; i < IAA_COMP_MODES_MAX; i++) { - if (iaa_compression_modes[i]) - continue; - break; - } + for (i = 0; i < IAA_COMP_MODES_MAX; i++) + if (!iaa_compression_modes[i]) + return i;
- return i; + return -EINVAL; }
static struct iaa_compression_mode *find_iaa_compression_mode(const char *name, int *idx)
-----Original Message----- From: Thorsten Blum thorsten.blum@linux.dev Sent: Thursday, November 27, 2025 6:02 AM To: Accardi, Kristen C kristen.c.accardi@intel.com; Gomes, Vinicius vinicius.gomes@intel.com; Sridhar, Kanchana P kanchana.p.sridhar@intel.com; Herbert Xu herbert@gondor.apana.org.au; David S. Miller davem@davemloft.net; Tom Zanussi tom.zanussi@linux.intel.com Cc: Thorsten Blum thorsten.blum@linux.dev; stable@vger.kernel.org; linux-crypto@vger.kernel.org; linux-kernel@vger.kernel.org Subject: [PATCH] crypto: iaa - Fix out-of-bounds index in find_empty_iaa_compression_mode
The local variable 'i' is initialized with -EINVAL, but the for loop immediately overwrites it and -EINVAL is never returned.
If no empty compression mode can be found, the function would return the out-of-bounds index IAA_COMP_MODES_MAX, which would cause an invalid array access in add_iaa_compression_mode().
Fix both issues by returning either a valid index or -EINVAL.
Cc: stable@vger.kernel.org Fixes: b190447e0fa3 ("crypto: iaa - Add compression mode management along with fixed mode") Signed-off-by: Thorsten Blum thorsten.blum@linux.dev
Acked-by: Kanchana P Sridhar kanchana.p.sridhar@intel.com
drivers/crypto/intel/iaa/iaa_crypto_main.c | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-)
diff --git a/drivers/crypto/intel/iaa/iaa_crypto_main.c b/drivers/crypto/intel/iaa/iaa_crypto_main.c index 23f585219fb4..8ee2a55ec449 100644 --- a/drivers/crypto/intel/iaa/iaa_crypto_main.c +++ b/drivers/crypto/intel/iaa/iaa_crypto_main.c @@ -221,15 +221,13 @@ static struct iaa_compression_mode *iaa_compression_modes[IAA_COMP_MODES_MAX];
static int find_empty_iaa_compression_mode(void) {
- int i = -EINVAL;
- int i;
- for (i = 0; i < IAA_COMP_MODES_MAX; i++) {
if (iaa_compression_modes[i])continue;break;- }
- for (i = 0; i < IAA_COMP_MODES_MAX; i++)
if (!iaa_compression_modes[i])return i;
- return i;
- return -EINVAL;
}
static struct iaa_compression_mode *find_iaa_compression_mode(const char *name, int *idx) -- Thorsten Blum thorsten.blum@linux.dev GPG: 1D60 735E 8AEF 3BE4 73B6 9D84 7336 78FD 8DFE EAD4
linux-stable-mirror@lists.linaro.org
-
Sridhar, Kanchana P -
Thorsten Blum