From: zhenwei pi <zhenwei.pi@linux.dev>
To: qemu-devel@nongnu.org
Cc: mst@redhat.com, arei.gonglei@huawei.com,
nakamurajames123@gmail.com, qemu-security@nongnu.org,
mcascell@redhat.com, zhenwei pi <zhenwei.pi@linux.dev>
Subject: [PATCH 2/2] cryptodev-builtin: Limit the maximum size
Date: Sun, 14 Dec 2025 17:09:39 +0800 [thread overview]
Message-ID: <20251214090939.408436-3-zhenwei.pi@linux.dev> (raw)
In-Reply-To: <20251214090939.408436-1-zhenwei.pi@linux.dev>
This backend driver is used for demonstration purposes only, unlimited
size leads QEMU OOM.
Fixes: 1653a5f3fc7 ("cryptodev: introduce a new cryptodev backend")
Reported-by: AM 이재영 <nakamurajames123@gmail.com>
Signed-off-by: zhenwei pi <zhenwei.pi@linux.dev>
---
backends/cryptodev-builtin.c | 9 +++------
1 file changed, 3 insertions(+), 6 deletions(-)
diff --git a/backends/cryptodev-builtin.c b/backends/cryptodev-builtin.c
index 0414c01e06..55a3fbd27b 100644
--- a/backends/cryptodev-builtin.c
+++ b/backends/cryptodev-builtin.c
@@ -53,6 +53,8 @@ typedef struct CryptoDevBackendBuiltinSession {
#define CRYPTODEV_BUITLIN_MAX_AUTH_KEY_LEN 512
#define CRYPTODEV_BUITLIN_MAX_CIPHER_KEY_LEN 64
+/* demonstration purposes only, use a limited size to avoid QEMU OOM */
+#define CRYPTODEV_BUITLIN_MAX_REQUEST_SIZE (1024 * 1024)
struct CryptoDevBackendBuiltin {
CryptoDevBackend parent_obj;
@@ -98,12 +100,7 @@ static void cryptodev_builtin_init(
1u << QCRYPTODEV_BACKEND_SERVICE_TYPE_MAC;
backend->conf.cipher_algo_l = 1u << VIRTIO_CRYPTO_CIPHER_AES_CBC;
backend->conf.hash_algo = 1u << VIRTIO_CRYPTO_HASH_SHA1;
- /*
- * Set the Maximum length of crypto request.
- * Why this value? Just avoid to overflow when
- * memory allocation for each crypto request.
- */
- backend->conf.max_size = LONG_MAX - sizeof(CryptoDevBackendOpInfo);
+ backend->conf.max_size = CRYPTODEV_BUITLIN_MAX_REQUEST_SIZE;
backend->conf.max_cipher_key_len = CRYPTODEV_BUITLIN_MAX_CIPHER_KEY_LEN;
backend->conf.max_auth_key_len = CRYPTODEV_BUITLIN_MAX_AUTH_KEY_LEN;
cryptodev_builtin_init_akcipher(backend);
--
2.43.0
prev parent reply other threads:[~2025-12-14 15:00 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-12-14 9:09 [PATCH 0/2] Avoid QEMU OOM on huge request from guest zhenwei pi
2025-12-14 9:09 ` [PATCH 1/2] hw/virtio/virtio-crypto: verify asym request size zhenwei pi
2025-12-18 10:43 ` Mauro Matteo Cascella
2025-12-19 0:24 ` zhenwei pi
2025-12-20 17:45 ` Michael Tokarev
2025-12-14 9:09 ` zhenwei pi [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20251214090939.408436-3-zhenwei.pi@linux.dev \
--to=zhenwei.pi@linux.dev \
--cc=arei.gonglei@huawei.com \
--cc=mcascell@redhat.com \
--cc=mst@redhat.com \
--cc=nakamurajames123@gmail.com \
--cc=qemu-devel@nongnu.org \
--cc=qemu-security@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.