From: "Gonglei (Arei)" <arei.gonglei@huawei.com>
To: zhenwei pi <zhenwei.pi@linux.dev>,
"qemu-devel@nongnu.org" <qemu-devel@nongnu.org>
Cc: "mst@redhat.com" <mst@redhat.com>,
"mcascell@redhat.com" <mcascell@redhat.com>,
"nakamurajames123@gmail.com" <nakamurajames123@gmail.com>,
zhenwei pi <pizhenwei@tensorfer.com>
Subject: RE: [PATCH v2 2/2] cryptodev-builtin: Limit the maximum size
Date: Mon, 22 Dec 2025 01:29:54 +0000 [thread overview]
Message-ID: <60bb168c3ffb4eaba31c7699750c9625@huawei.com> (raw)
In-Reply-To: <20251221024321.143196-3-zhenwei.pi@linux.dev>
Hi,
> -----Original Message-----
> From: zhenwei pi <zhenwei.pi@linux.dev>
> Sent: Sunday, December 21, 2025 10:43 AM
> To: qemu-devel@nongnu.org
> Cc: mst@redhat.com; Gonglei (Arei) <arei.gonglei@huawei.com>;
> mcascell@redhat.com; nakamurajames123@gmail.com; zhenwei pi
> <pizhenwei@tensorfer.com>; zhenwei pi <zhenwei.pi@linux.dev>
> Subject: [PATCH v2 2/2] cryptodev-builtin: Limit the maximum size
>
> From: zhenwei pi <pizhenwei@tensorfer.com>
>
> This backend driver is used for demonstration purposes only, unlimited size leads
> QEMU OOM.
>
> Fixes: CVE-2025-14876
Actually, I don't think this fix has anything to do with the CVE. You can consider it an improvement.
> Fixes: 1653a5f3fc7 ("cryptodev: introduce a new cryptodev backend")
> Reported-by: 이재영 <nakamurajames123@gmail.com>
> Signed-off-by: zhenwei pi <zhenwei.pi@linux.dev>
> ---
> backends/cryptodev-builtin.c | 9 +++------
> 1 file changed, 3 insertions(+), 6 deletions(-)
>
> diff --git a/backends/cryptodev-builtin.c b/backends/cryptodev-builtin.c index
> 0414c01e06..55a3fbd27b 100644
> --- a/backends/cryptodev-builtin.c
> +++ b/backends/cryptodev-builtin.c
> @@ -53,6 +53,8 @@ typedef struct CryptoDevBackendBuiltinSession {
>
> #define CRYPTODEV_BUITLIN_MAX_AUTH_KEY_LEN 512
> #define CRYPTODEV_BUITLIN_MAX_CIPHER_KEY_LEN 64
> +/* demonstration purposes only, use a limited size to avoid QEMU OOM */
> +#define CRYPTODEV_BUITLIN_MAX_REQUEST_SIZE (1024 * 1024)
>
> struct CryptoDevBackendBuiltin {
> CryptoDevBackend parent_obj;
> @@ -98,12 +100,7 @@ static void cryptodev_builtin_init(
> 1u <<
> QCRYPTODEV_BACKEND_SERVICE_TYPE_MAC;
> backend->conf.cipher_algo_l = 1u << VIRTIO_CRYPTO_CIPHER_AES_CBC;
> backend->conf.hash_algo = 1u << VIRTIO_CRYPTO_HASH_SHA1;
> - /*
> - * Set the Maximum length of crypto request.
> - * Why this value? Just avoid to overflow when
> - * memory allocation for each crypto request.
> - */
> - backend->conf.max_size = LONG_MAX - sizeof(CryptoDevBackendOpInfo);
> + backend->conf.max_size = CRYPTODEV_BUITLIN_MAX_REQUEST_SIZE;
> backend->conf.max_cipher_key_len =
> CRYPTODEV_BUITLIN_MAX_CIPHER_KEY_LEN;
> backend->conf.max_auth_key_len =
> CRYPTODEV_BUITLIN_MAX_AUTH_KEY_LEN;
> cryptodev_builtin_init_akcipher(backend);
> --
> 2.43.0
next prev parent reply other threads:[~2025-12-22 1:30 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-12-21 2:43 [PATCH v2 0/2] Avoid QEMU OOM on huge request from guest zhenwei pi
2025-12-21 2:43 ` [PATCH v2 1/2] hw/virtio/virtio-crypto: verify asym request size zhenwei pi
2025-12-21 2:43 ` [PATCH v2 2/2] cryptodev-builtin: Limit the maximum size zhenwei pi
2025-12-22 1:29 ` Gonglei (Arei) [this message]
2025-12-22 9:06 ` zhenwei pi
2026-02-05 21:48 ` [PATCH v2 0/2] Avoid QEMU OOM on huge request from guest Michael Tokarev
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=60bb168c3ffb4eaba31c7699750c9625@huawei.com \
--to=arei.gonglei@huawei.com \
--cc=mcascell@redhat.com \
--cc=mst@redhat.com \
--cc=nakamurajames123@gmail.com \
--cc=pizhenwei@tensorfer.com \
--cc=qemu-devel@nongnu.org \
--cc=zhenwei.pi@linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.