From 99df914899f56efe63afd9e0fef79148fa6ca162 Mon Sep 17 00:00:00 2001
From: Mark Johnston <markj@FreeBSD.org>
Date: Fri, 1 Jul 2022 11:09:39 -0400
Subject: [PATCH] crypto: Validate return values from CRYPTODEV_PROCESS()

Errors are always handled by the completion callback, so we should check
that they're not also passed back to the caller.

No functional change intended.

Reviewed by:	kp, mav, jhb
MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D35382
---
 sys/opencrypto/crypto.c | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/sys/opencrypto/crypto.c b/sys/opencrypto/crypto.c
index ff7ce0f9b81..7231b390302 100644
--- a/sys/opencrypto/crypto.c
+++ b/sys/opencrypto/crypto.c
@@ -1527,6 +1527,7 @@ crypto_task_invoke(void *ctx, int pending)
 static int
 crypto_invoke(struct cryptocap *cap, struct cryptop *crp, int hint)
 {
+	int error;
 
 	KASSERT(crp != NULL, ("%s: crp == NULL", __func__));
 	KASSERT(crp->crp_callback != NULL,
@@ -1575,13 +1576,19 @@ crypto_invoke(struct cryptocap *cap, struct cryptop *crp, int hint)
 
 		crp->crp_etype = EAGAIN;
 		crypto_done(crp);
-		return 0;
+		error = 0;
 	} else {
 		/*
-		 * Invoke the driver to process the request.
+		 * Invoke the driver to process the request.  Errors are
+		 * signaled by setting crp_etype before invoking the completion
+		 * callback.
 		 */
-		return CRYPTODEV_PROCESS(cap->cc_dev, crp, hint);
+		error = CRYPTODEV_PROCESS(cap->cc_dev, crp, hint);
+		KASSERT(error == 0 || error == ERESTART,
+		    ("%s: invalid error %d from CRYPTODEV_PROCESS",
+		    __func__, error));
 	}
+	return (error);
 }
 
 void