From: Raed Salem Date: Wed, 22 Apr 2020 06:19:08 +0000 (+0300) Subject: net/mlx5: IPsec, Fix coverity issue X-Git-Tag: v5.8-rc1~165^2~380^2~14 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=72d3fef16158b9c1852855a3846757ec165c16e1;p=thirdparty%2Flinux.git net/mlx5: IPsec, Fix coverity issue The cited commit introduced the following coverity issue at functions mlx5_fpga_is_ipsec_device() and mlx5_fpga_ipsec_release_sa_ctx(): - bit_and_with_zero: accel_xfrm->attrs.action & MLX5_ACCEL_ESP_ACTION_DECRYPT is always 0. As MLX5_ACCEL_ESP_ACTION_DECRYPT is not a bitwise flag and was wrongly used with bitwise operation, the above expression is always zero value as MLX5_ACCEL_ESP_ACTION_DECRYPT is zero. Fix by using "==" comparison operator instead. Fixes: 7dfee4b1d79e ("net/mlx5: IPsec, Refactor SA handle creation and destruction") Signed-off-by: Raed Salem Signed-off-by: Saeed Mahameed --- diff --git a/drivers/net/ethernet/mellanox/mlx5/core/fpga/ipsec.c b/drivers/net/ethernet/mellanox/mlx5/core/fpga/ipsec.c index 0604216eb94f1..b463787d6ca16 100644 --- a/drivers/net/ethernet/mellanox/mlx5/core/fpga/ipsec.c +++ b/drivers/net/ethernet/mellanox/mlx5/core/fpga/ipsec.c @@ -708,7 +708,7 @@ void *mlx5_fpga_ipsec_create_sa_ctx(struct mlx5_core_dev *mdev, goto exists; } - if (accel_xfrm->attrs.action & MLX5_ACCEL_ESP_ACTION_DECRYPT) { + if (accel_xfrm->attrs.action == MLX5_ACCEL_ESP_ACTION_DECRYPT) { err = ida_simple_get(&fipsec->halloc, 1, 0, GFP_KERNEL); if (err < 0) { context = ERR_PTR(err); @@ -759,7 +759,7 @@ delete_hash: rhash_sa)); unlock_hash: mutex_unlock(&fipsec->sa_hash_lock); - if (accel_xfrm->attrs.action & MLX5_ACCEL_ESP_ACTION_DECRYPT) + if (accel_xfrm->attrs.action == MLX5_ACCEL_ESP_ACTION_DECRYPT) ida_simple_remove(&fipsec->halloc, sa_ctx->sa_handle); exists: mutex_unlock(&fpga_xfrm->lock);