[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH] backends: cryptodev: fix oob access issue
From: |
Gonglei (Arei) |
Subject: |
Re: [Qemu-devel] [PATCH] backends: cryptodev: fix oob access issue |
Date: |
Mon, 18 Mar 2019 01:33:46 +0000 |
Hi Michael,
Could you pls apply this patch in your tree?
Thanks,
-Gonglei
> -----Original Message-----
> From: Li Qiang [mailto:address@hidden
> Sent: Monday, March 18, 2019 9:12 AM
> To: Gonglei (Arei) <address@hidden>
> Cc: address@hidden; Li Qiang <address@hidden>
> Subject: [PATCH] backends: cryptodev: fix oob access issue
>
> The 'queue_index' of create/close_session function
> is from guest and can be exceed 'MAX_CRYPTO_QUEUE_NUM'.
> This leads oob access. This patch avoid this.
>
> Signed-off-by: Li Qiang <address@hidden>
> ---
> backends/cryptodev-builtin.c | 4 ++++
> backends/cryptodev-vhost-user.c | 4 ++++
> 2 files changed, 8 insertions(+)
>
Reviewed-by: Gonglei <address@hidden>
> diff --git a/backends/cryptodev-builtin.c b/backends/cryptodev-builtin.c
> index 9fb0bd57a6..c3a65b2f5f 100644
> --- a/backends/cryptodev-builtin.c
> +++ b/backends/cryptodev-builtin.c
> @@ -249,6 +249,8 @@ static int64_t cryptodev_builtin_sym_create_session(
> CryptoDevBackendSymSessionInfo *sess_info,
> uint32_t queue_index, Error **errp)
> {
> + assert(queue_index < MAX_CRYPTO_QUEUE_NUM);
> +
> CryptoDevBackendBuiltin *builtin =
> CRYPTODEV_BACKEND_BUILTIN(backend);
> int64_t session_id = -1;
> @@ -280,6 +282,8 @@ static int cryptodev_builtin_sym_close_session(
> uint64_t session_id,
> uint32_t queue_index, Error **errp)
> {
> + assert(queue_index < MAX_CRYPTO_QUEUE_NUM);
> +
> CryptoDevBackendBuiltin *builtin =
> CRYPTODEV_BACKEND_BUILTIN(backend);
>
> diff --git a/backends/cryptodev-vhost-user.c b/backends/cryptodev-vhost-user.c
> index 1052a5d0e9..36a40eeb4d 100644
> --- a/backends/cryptodev-vhost-user.c
> +++ b/backends/cryptodev-vhost-user.c
> @@ -236,6 +236,8 @@ static int64_t
> cryptodev_vhost_user_sym_create_session(
> CryptoDevBackendSymSessionInfo *sess_info,
> uint32_t queue_index, Error **errp)
> {
> + assert(queue_index < MAX_CRYPTO_QUEUE_NUM);
> +
> CryptoDevBackendClient *cc =
> backend->conf.peers.ccs[queue_index];
> CryptoDevBackendVhost *vhost_crypto;
> @@ -262,6 +264,8 @@ static int cryptodev_vhost_user_sym_close_session(
> uint64_t session_id,
> uint32_t queue_index, Error **errp)
> {
> + assert(queue_index < MAX_CRYPTO_QUEUE_NUM);
> +
> CryptoDevBackendClient *cc =
> backend->conf.peers.ccs[queue_index];
> CryptoDevBackendVhost *vhost_crypto;
> --
> 2.17.1
>