From nobody Thu May  2 23:10:07 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender) client-ip=209.51.188.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists.gnu.org;
Authentication-Results: mx.zohomail.com;
	dkim=fail;
	spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted
 sender)  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	dmarc=fail(p=none dis=none)  header.from=163.com
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by
 mx.zohomail.com
	with SMTPS id 15528143597103.9277256455736733;
 Sun, 17 Mar 2019 02:19:19 -0700 (PDT)
Received: from localhost ([127.0.0.1]:52208 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <qemu-devel-bounces+importer=patchew.org@nongnu.org>)
	id 1h5Rwp-0005M5-LL
	for importer@patchew.org; Sun, 17 Mar 2019 05:19:15 -0400
Received: from eggs.gnu.org ([209.51.188.92]:47942)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <liq3ea@163.com>) id 1h5Rny-00070u-Sn
	for qemu-devel@nongnu.org; Sun, 17 Mar 2019 05:10:07 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <liq3ea@163.com>) id 1h5Rnw-0004YM-Tn
	for qemu-devel@nongnu.org; Sun, 17 Mar 2019 05:10:06 -0400
Received: from m12-17.163.com ([220.181.12.17]:51891)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <liq3ea@163.com>) id 1h5Rnv-0004Vv-EI
	for qemu-devel@nongnu.org; Sun, 17 Mar 2019 05:10:04 -0400
Received: from localhost.localdomain (unknown [115.206.1.253])
	by smtp13 (Coremail) with SMTP id EcCowACHTqbkDo5cCKywLA--.55193S2;
	Sun, 17 Mar 2019 17:09:57 +0800 (CST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=163.com;
	s=s110527; h=From:Subject:Date:Message-Id; bh=AJb4NFYiUMKBNZU8af
	vLLQ46uhDbbj2wzZQQARDBCjM=; b=UzIxcT9FwpM3Ay8qCyFKK7PQ6/bgxFim8O
	hgivllXboF8W8+jmngfKK6UjK3cUXrAacKaIsXbY+mjSYH7LsgFpZ2k5iiuqnH1u
	EzXgHDfL9IIdPS8NhwOgU4PGpSCfbIzrwXh7GdPWeJo8lntiS4yRSDBGbRe+Pyi0
	SD7Wm+nDE=
From: Li Qiang <liq3ea@163.com>
To: arei.gonglei@huawei.com
Date: Sun, 17 Mar 2019 02:09:48 -0700
Message-Id: <20190317090948.38023-1-liq3ea@163.com>
X-Mailer: git-send-email 2.17.1
X-CM-TRANSID: EcCowACHTqbkDo5cCKywLA--.55193S2
X-Coremail-Antispam: 1Uf129KBjvdXoWrKr1UZr4fWr1DCFW3Zr48tFb_yoWkZFc_Gr
	W8uF95Kw409Fn2g3yDZrWfJrs5tFyxJr45KFWjkr4jqr13Jw43uanYyrn7Ars8uFsrKry5
	Crs5ur4UtF4IvjkaLaAFLSUrUUUUUb8apTn2vfkv8UJUUUU8Yxn0WfASr-VFAUDa7-sFnT
	9fnUUvcSsGvfC2KfnxnUUI43ZEXa7xRRKZX3UUUUU==
X-Originating-IP: [115.206.1.253]
X-CM-SenderInfo: 5oltjvrd6rljoofrz/1tbitBV6bVSIbCdSOQAAsK
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x
X-Received-From: 220.181.12.17
Subject: [Qemu-devel] [PATCH] cryptodev-vhost-user: fix a oob access
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel/>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Cc: Li Qiang <liq3ea@163.com>, qemu-devel@nongnu.org
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: "Qemu-devel" <qemu-devel-bounces+importer=patchew.org@nongnu.org>
X-ZohoMail-DKIM: fail (Header signature does not verify)
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"

The 'queue_index' of create/close_session function
is from guest and can be exceed 'MAX_CRYPTO_QUEUE_NUM'.
This leads oob access. This patch avoid this.

Signed-off-by: Li Qiang <liq3ea@163.com>
---
 backends/cryptodev-vhost-user.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/backends/cryptodev-vhost-user.c b/backends/cryptodev-vhost-use=
r.c
index 1052a5d0e9..36a40eeb4d 100644
--- a/backends/cryptodev-vhost-user.c
+++ b/backends/cryptodev-vhost-user.c
@@ -236,6 +236,8 @@ static int64_t cryptodev_vhost_user_sym_create_session(
            CryptoDevBackendSymSessionInfo *sess_info,
            uint32_t queue_index, Error **errp)
 {
+    assert(queue_index < MAX_CRYPTO_QUEUE_NUM);
+
     CryptoDevBackendClient *cc =3D
                    backend->conf.peers.ccs[queue_index];
     CryptoDevBackendVhost *vhost_crypto;
@@ -262,6 +264,8 @@ static int cryptodev_vhost_user_sym_close_session(
            uint64_t session_id,
            uint32_t queue_index, Error **errp)
 {
+    assert(queue_index < MAX_CRYPTO_QUEUE_NUM);
+
     CryptoDevBackendClient *cc =3D
                   backend->conf.peers.ccs[queue_index];
     CryptoDevBackendVhost *vhost_crypto;
--=20
2.17.1