| Message ID | 20190318011147.15690-1-liq3ea@163.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | backends: cryptodev: fix oob access issue | expand |
Hi Michael, Could you pls apply this patch in your tree? Thanks, -Gonglei > -----Original Message----- > From: Li Qiang [mailto:liq3ea@163.com] > Sent: Monday, March 18, 2019 9:12 AM > To: Gonglei (Arei) <arei.gonglei@huawei.com> > Cc: qemu-devel@nongnu.org; Li Qiang <liq3ea@163.com> > Subject: [PATCH] backends: cryptodev: fix oob access issue > > The 'queue_index' of create/close_session function > is from guest and can be exceed 'MAX_CRYPTO_QUEUE_NUM'. > This leads oob access. This patch avoid this. > > Signed-off-by: Li Qiang <liq3ea@163.com> > --- > backends/cryptodev-builtin.c | 4 ++++ > backends/cryptodev-vhost-user.c | 4 ++++ > 2 files changed, 8 insertions(+) > Reviewed-by: Gonglei <arei.gonglei@huawei.com> > diff --git a/backends/cryptodev-builtin.c b/backends/cryptodev-builtin.c > index 9fb0bd57a6..c3a65b2f5f 100644 > --- a/backends/cryptodev-builtin.c > +++ b/backends/cryptodev-builtin.c > @@ -249,6 +249,8 @@ static int64_t cryptodev_builtin_sym_create_session( > CryptoDevBackendSymSessionInfo *sess_info, > uint32_t queue_index, Error **errp) > { > + assert(queue_index < MAX_CRYPTO_QUEUE_NUM); > + > CryptoDevBackendBuiltin *builtin = > CRYPTODEV_BACKEND_BUILTIN(backend); > int64_t session_id = -1; > @@ -280,6 +282,8 @@ static int cryptodev_builtin_sym_close_session( > uint64_t session_id, > uint32_t queue_index, Error **errp) > { > + assert(queue_index < MAX_CRYPTO_QUEUE_NUM); > + > CryptoDevBackendBuiltin *builtin = > CRYPTODEV_BACKEND_BUILTIN(backend); > > diff --git a/backends/cryptodev-vhost-user.c b/backends/cryptodev-vhost-user.c > index 1052a5d0e9..36a40eeb4d 100644 > --- a/backends/cryptodev-vhost-user.c > +++ b/backends/cryptodev-vhost-user.c > @@ -236,6 +236,8 @@ static int64_t > cryptodev_vhost_user_sym_create_session( > CryptoDevBackendSymSessionInfo *sess_info, > uint32_t queue_index, Error **errp) > { > + assert(queue_index < MAX_CRYPTO_QUEUE_NUM); > + > CryptoDevBackendClient *cc = > backend->conf.peers.ccs[queue_index]; > CryptoDevBackendVhost *vhost_crypto; > @@ -262,6 +264,8 @@ static int cryptodev_vhost_user_sym_close_session( > uint64_t session_id, > uint32_t queue_index, Error **errp) > { > + assert(queue_index < MAX_CRYPTO_QUEUE_NUM); > + > CryptoDevBackendClient *cc = > backend->conf.peers.ccs[queue_index]; > CryptoDevBackendVhost *vhost_crypto; > -- > 2.17.1 >
diff --git a/backends/cryptodev-builtin.c b/backends/cryptodev-builtin.c index 9fb0bd57a6..c3a65b2f5f 100644 --- a/backends/cryptodev-builtin.c +++ b/backends/cryptodev-builtin.c @@ -249,6 +249,8 @@ static int64_t cryptodev_builtin_sym_create_session( CryptoDevBackendSymSessionInfo *sess_info, uint32_t queue_index, Error **errp) { + assert(queue_index < MAX_CRYPTO_QUEUE_NUM); + CryptoDevBackendBuiltin *builtin = CRYPTODEV_BACKEND_BUILTIN(backend); int64_t session_id = -1; @@ -280,6 +282,8 @@ static int cryptodev_builtin_sym_close_session( uint64_t session_id, uint32_t queue_index, Error **errp) { + assert(queue_index < MAX_CRYPTO_QUEUE_NUM); + CryptoDevBackendBuiltin *builtin = CRYPTODEV_BACKEND_BUILTIN(backend); diff --git a/backends/cryptodev-vhost-user.c b/backends/cryptodev-vhost-user.c index 1052a5d0e9..36a40eeb4d 100644 --- a/backends/cryptodev-vhost-user.c +++ b/backends/cryptodev-vhost-user.c @@ -236,6 +236,8 @@ static int64_t cryptodev_vhost_user_sym_create_session( CryptoDevBackendSymSessionInfo *sess_info, uint32_t queue_index, Error **errp) { + assert(queue_index < MAX_CRYPTO_QUEUE_NUM); + CryptoDevBackendClient *cc = backend->conf.peers.ccs[queue_index]; CryptoDevBackendVhost *vhost_crypto; @@ -262,6 +264,8 @@ static int cryptodev_vhost_user_sym_close_session( uint64_t session_id, uint32_t queue_index, Error **errp) { + assert(queue_index < MAX_CRYPTO_QUEUE_NUM); + CryptoDevBackendClient *cc = backend->conf.peers.ccs[queue_index]; CryptoDevBackendVhost *vhost_crypto;
The 'queue_index' of create/close_session function is from guest and can be exceed 'MAX_CRYPTO_QUEUE_NUM'. This leads oob access. This patch avoid this. Signed-off-by: Li Qiang <liq3ea@163.com> --- backends/cryptodev-builtin.c | 4 ++++ backends/cryptodev-vhost-user.c | 4 ++++ 2 files changed, 8 insertions(+)