From nobody Wed May 8 03:24:52 2024 Delivered-To: importer@patchew.org Received-SPF: temperror (zoho.com: Error in retrieving data from DNS) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=temperror (zoho.com: Error in retrieving data from DNS) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=163.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1552871589083137.09981748193502; Sun, 17 Mar 2019 18:13:09 -0700 (PDT) Received: from localhost ([127.0.0.1]:34008 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1h5gpi-00033P-Iu for importer@patchew.org; Sun, 17 Mar 2019 21:12:54 -0400 Received: from eggs.gnu.org ([209.51.188.92]:42102) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1h5gon-0002mP-6y for qemu-devel@nongnu.org; Sun, 17 Mar 2019 21:11:58 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1h5gom-0001qh-He for qemu-devel@nongnu.org; Sun, 17 Mar 2019 21:11:57 -0400 Received: from m12-15.163.com ([220.181.12.15]:53485) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1h5gol-0001oQ-Pm for qemu-devel@nongnu.org; Sun, 17 Mar 2019 21:11:56 -0400 Received: from test-VirtualBox.hz.ali.com (unknown [42.120.75.44]) by smtp11 (Coremail) with SMTP id D8CowAAHwoJV8I5c2p1kAg--.23688S2; Mon, 18 Mar 2019 09:11:50 +0800 (CST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=163.com; s=s110527; h=From:Subject:Date:Message-Id; bh=kH/6twtdVKKniaUsdt uZmYunGrL8k6X9YS58hX86XoA=; b=V5RsCZCeybWH+4jrPE84qv+2FIAJZbF3DT CfIjzn1vulk57r0ffEvz2Q4ywR90Fx57JHgVYF/Ec5cA9YQW1/bObzD3ZT5coLZu aamgK3nCYiGQOKKcXxJU70aRw9o9uyQDSX1jgN/wgEzCI3E74WwdkvmFsZi+XeXz bPIRhCsls= From: Li Qiang To: arei.gonglei@huawei.com Date: Mon, 18 Mar 2019 09:11:47 +0800 Message-Id: <20190318011147.15690-1-liq3ea@163.com> X-Mailer: git-send-email 2.17.1 X-CM-TRANSID: D8CowAAHwoJV8I5c2p1kAg--.23688S2 X-Coremail-Antispam: 1Uf129KBjvJXoW7ZrW7tw1xWr4ktw47Zw13urg_yoW8ZFy5pr 4YyFWaqw1DKay2k39YyFyrZr10gay3Cr18Xw4fJa18A34UZryIvF92gF10kFy0qFn2yw4r Wa10gay8J3WxuFJanT9S1TB71UUUUUUqnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2 9KBjDUYxBIdaVFxhVjvjDU0xZFpf9x0zRLL0OUUUUU= X-Originating-IP: [42.120.75.44] X-CM-SenderInfo: 5oltjvrd6rljoofrz/1tbitA97bVSIbC+0AAAAsG X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x X-Received-From: 220.181.12.15 Subject: [Qemu-devel] [PATCH] backends: cryptodev: fix oob access issue X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Li Qiang , qemu-devel@nongnu.org Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" The 'queue_index' of create/close_session function is from guest and can be exceed 'MAX_CRYPTO_QUEUE_NUM'. This leads oob access. This patch avoid this. Signed-off-by: Li Qiang Reviewed-by: Gonglei --- backends/cryptodev-builtin.c | 4 ++++ backends/cryptodev-vhost-user.c | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/backends/cryptodev-builtin.c b/backends/cryptodev-builtin.c index 9fb0bd57a6..c3a65b2f5f 100644 --- a/backends/cryptodev-builtin.c +++ b/backends/cryptodev-builtin.c @@ -249,6 +249,8 @@ static int64_t cryptodev_builtin_sym_create_session( CryptoDevBackendSymSessionInfo *sess_info, uint32_t queue_index, Error **errp) { + assert(queue_index < MAX_CRYPTO_QUEUE_NUM); + CryptoDevBackendBuiltin *builtin =3D CRYPTODEV_BACKEND_BUILTIN(backend); int64_t session_id =3D -1; @@ -280,6 +282,8 @@ static int cryptodev_builtin_sym_close_session( uint64_t session_id, uint32_t queue_index, Error **errp) { + assert(queue_index < MAX_CRYPTO_QUEUE_NUM); + CryptoDevBackendBuiltin *builtin =3D CRYPTODEV_BACKEND_BUILTIN(backend); =20 diff --git a/backends/cryptodev-vhost-user.c b/backends/cryptodev-vhost-use= r.c index 1052a5d0e9..36a40eeb4d 100644 --- a/backends/cryptodev-vhost-user.c +++ b/backends/cryptodev-vhost-user.c @@ -236,6 +236,8 @@ static int64_t cryptodev_vhost_user_sym_create_session( CryptoDevBackendSymSessionInfo *sess_info, uint32_t queue_index, Error **errp) { + assert(queue_index < MAX_CRYPTO_QUEUE_NUM); + CryptoDevBackendClient *cc =3D backend->conf.peers.ccs[queue_index]; CryptoDevBackendVhost *vhost_crypto; @@ -262,6 +264,8 @@ static int cryptodev_vhost_user_sym_close_session( uint64_t session_id, uint32_t queue_index, Error **errp) { + assert(queue_index < MAX_CRYPTO_QUEUE_NUM); + CryptoDevBackendClient *cc =3D backend->conf.peers.ccs[queue_index]; CryptoDevBackendVhost *vhost_crypto; --=20 2.17.1