backends/cryptodev.c | 10 ++++++++++ 1 file changed, 10 insertions(+)
Generally guest side should discover which services the device is
able to offer, then do requests on device.
However it's also possible to break this rule in a guest. Handle
unexpected request here to avoid NULL pointer dereference.
Fixes: e7a775fd ('cryptodev: Account statistics')
Cc: Gonglei <arei.gonglei@huawei.com>
Cc: Mauro Matteo Cascella <mcascell@redhat.com>
Cc: Xiao Lei <nop.leixiao@gmail.com>
Cc: Yongkang Jia <kangel@zju.edu.cn>
Reported-by: Yiming Tao <taoym@zju.edu.cn>
Signed-off-by: zhenwei pi <pizhenwei@bytedance.com>
---
backends/cryptodev.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/backends/cryptodev.c b/backends/cryptodev.c
index 94ca393cee..d3fe92d8c0 100644
--- a/backends/cryptodev.c
+++ b/backends/cryptodev.c
@@ -191,6 +191,11 @@ static int cryptodev_backend_account(CryptoDevBackend *backend,
if (algtype == QCRYPTODEV_BACKEND_ALG_ASYM) {
CryptoDevBackendAsymOpInfo *asym_op_info = op_info->u.asym_op_info;
len = asym_op_info->src_len;
+
+ if (unlikely(!backend->asym_stat)) {
+ error_report("cryptodev: Unexpected asym operation");
+ return -VIRTIO_CRYPTO_NOTSUPP;
+ }
switch (op_info->op_code) {
case VIRTIO_CRYPTO_AKCIPHER_ENCRYPT:
CryptodevAsymStatIncEncrypt(backend, len);
@@ -210,6 +215,11 @@ static int cryptodev_backend_account(CryptoDevBackend *backend,
} else if (algtype == QCRYPTODEV_BACKEND_ALG_SYM) {
CryptoDevBackendSymOpInfo *sym_op_info = op_info->u.sym_op_info;
len = sym_op_info->src_len;
+
+ if (unlikely(!backend->sym_stat)) {
+ error_report("cryptodev: Unexpected sym operation");
+ return -VIRTIO_CRYPTO_NOTSUPP;
+ }
switch (op_info->op_code) {
case VIRTIO_CRYPTO_CIPHER_ENCRYPT:
CryptodevSymStatIncEncrypt(backend, len);
--
2.34.1
> On Apr 27, 2023, at 16:05, zhenwei pi <pizhenwei@bytedance.com> wrote:
>
> Generally guest side should discover which services the device is
> able to offer, then do requests on device.
>
> However it's also possible to break this rule in a guest. Handle
> unexpected request here to avoid NULL pointer dereference.
>
> Fixes: e7a775fd ('cryptodev: Account statistics')
> Cc: Gonglei <arei.gonglei@huawei.com>
> Cc: Mauro Matteo Cascella <mcascell@redhat.com>
> Cc: Xiao Lei <nop.leixiao@gmail.com>
> Cc: Yongkang Jia <kangel@zju.edu.cn>
> Reported-by: Yiming Tao <taoym@zju.edu.cn>
> Signed-off-by: zhenwei pi <pizhenwei@bytedance.com>
> ---
> backends/cryptodev.c | 10 ++++++++++
> 1 file changed, 10 insertions(+)
>
> diff --git a/backends/cryptodev.c b/backends/cryptodev.c
> index 94ca393cee..d3fe92d8c0 100644
> --- a/backends/cryptodev.c
> +++ b/backends/cryptodev.c
> @@ -191,6 +191,11 @@ static int cryptodev_backend_account(CryptoDevBackend *backend,
> if (algtype == QCRYPTODEV_BACKEND_ALG_ASYM) {
> CryptoDevBackendAsymOpInfo *asym_op_info = op_info->u.asym_op_info;
> len = asym_op_info->src_len;
> +
> + if (unlikely(!backend->asym_stat)) {
> + error_report("cryptodev: Unexpected asym operation");
> + return -VIRTIO_CRYPTO_NOTSUPP;
> + }
> switch (op_info->op_code) {
> case VIRTIO_CRYPTO_AKCIPHER_ENCRYPT:
> CryptodevAsymStatIncEncrypt(backend, len);
> @@ -210,6 +215,11 @@ static int cryptodev_backend_account(CryptoDevBackend *backend,
> } else if (algtype == QCRYPTODEV_BACKEND_ALG_SYM) {
> CryptoDevBackendSymOpInfo *sym_op_info = op_info->u.sym_op_info;
> len = sym_op_info->src_len;
> +
> + if (unlikely(!backend->sym_stat)) {
> + error_report("cryptodev: Unexpected sym operation");
> + return -VIRTIO_CRYPTO_NOTSUPP;
> + }
> switch (op_info->op_code) {
> case VIRTIO_CRYPTO_CIPHER_ENCRYPT:
> CryptodevSymStatIncEncrypt(backend, len);
> --
> 2.34.1
>
Reviewed-by: Lei He <helei.sig11@bytedance.com>
Best regards,
Lei He
--
helei.sig11@bytedance.com
Hi Michael
Could you please apply this patch?
On 5/26/23 11:38, Lei He wrote:
>
>> On Apr 27, 2023, at 16:05, zhenwei pi <pizhenwei@bytedance.com> wrote:
>>
>> Generally guest side should discover which services the device is
>> able to offer, then do requests on device.
>>
>> However it's also possible to break this rule in a guest. Handle
>> unexpected request here to avoid NULL pointer dereference.
>>
>> Fixes: e7a775fd ('cryptodev: Account statistics')
>> Cc: Gonglei <arei.gonglei@huawei.com>
>> Cc: Mauro Matteo Cascella <mcascell@redhat.com>
>> Cc: Xiao Lei <nop.leixiao@gmail.com>
>> Cc: Yongkang Jia <kangel@zju.edu.cn>
>> Reported-by: Yiming Tao <taoym@zju.edu.cn>
>> Signed-off-by: zhenwei pi <pizhenwei@bytedance.com>
>> ---
>> backends/cryptodev.c | 10 ++++++++++
>> 1 file changed, 10 insertions(+)
>>
>> diff --git a/backends/cryptodev.c b/backends/cryptodev.c
>> index 94ca393cee..d3fe92d8c0 100644
>> --- a/backends/cryptodev.c
>> +++ b/backends/cryptodev.c
>> @@ -191,6 +191,11 @@ static int cryptodev_backend_account(CryptoDevBackend *backend,
>> if (algtype == QCRYPTODEV_BACKEND_ALG_ASYM) {
>> CryptoDevBackendAsymOpInfo *asym_op_info = op_info->u.asym_op_info;
>> len = asym_op_info->src_len;
>> +
>> + if (unlikely(!backend->asym_stat)) {
>> + error_report("cryptodev: Unexpected asym operation");
>> + return -VIRTIO_CRYPTO_NOTSUPP;
>> + }
>> switch (op_info->op_code) {
>> case VIRTIO_CRYPTO_AKCIPHER_ENCRYPT:
>> CryptodevAsymStatIncEncrypt(backend, len);
>> @@ -210,6 +215,11 @@ static int cryptodev_backend_account(CryptoDevBackend *backend,
>> } else if (algtype == QCRYPTODEV_BACKEND_ALG_SYM) {
>> CryptoDevBackendSymOpInfo *sym_op_info = op_info->u.sym_op_info;
>> len = sym_op_info->src_len;
>> +
>> + if (unlikely(!backend->sym_stat)) {
>> + error_report("cryptodev: Unexpected sym operation");
>> + return -VIRTIO_CRYPTO_NOTSUPP;
>> + }
>> switch (op_info->op_code) {
>> case VIRTIO_CRYPTO_CIPHER_ENCRYPT:
>> CryptodevSymStatIncEncrypt(backend, len);
>> --
>> 2.34.1
>>
>
> Reviewed-by: Lei He <helei.sig11@bytedance.com>
>
>
> Best regards,
> Lei He
> --
> helei.sig11@bytedance.com
>
>
>
--
zhenwei pi
© 2016 - 2024 Red Hat, Inc.