Re: [PATCH v2 2/2] cryptodev-builtin: Limit the maximum size

All of lore.kernel.org
 help / color / mirror / Atom feed

From: zhenwei pi <zhenwei.pi@linux.dev>
To: "Gonglei (Arei)" <arei.gonglei@huawei.com>,
	"qemu-devel@nongnu.org" <qemu-devel@nongnu.org>
Cc: "mst@redhat.com" <mst@redhat.com>,
	"mcascell@redhat.com" <mcascell@redhat.com>,
	"nakamurajames123@gmail.com" <nakamurajames123@gmail.com>,
	zhenwei pi <pizhenwei@tensorfer.com>
Subject: Re: [PATCH v2 2/2] cryptodev-builtin: Limit the maximum size
Date: Mon, 22 Dec 2025 17:06:16 +0800	[thread overview]
Message-ID: <c29a39ec-20ec-4222-a6c8-9bd6c6cd6a03@linux.dev> (raw)
In-Reply-To: <60bb168c3ffb4eaba31c7699750c9625@huawei.com>


On 12/22/25 09:29, Gonglei (Arei) wrote:
> Hi,
> 
>> -----Original Message-----
>> From: zhenwei pi <zhenwei.pi@linux.dev>
>> Sent: Sunday, December 21, 2025 10:43 AM
>> To: qemu-devel@nongnu.org
>> Cc: mst@redhat.com; Gonglei (Arei) <arei.gonglei@huawei.com>;
>> mcascell@redhat.com; nakamurajames123@gmail.com; zhenwei pi
>> <pizhenwei@tensorfer.com>; zhenwei pi <zhenwei.pi@linux.dev>
>> Subject: [PATCH v2 2/2] cryptodev-builtin: Limit the maximum size
>>
>> From: zhenwei pi <pizhenwei@tensorfer.com>
>>
>> This backend driver is used for demonstration purposes only, unlimited size leads
>> QEMU OOM.
>>
>> Fixes: CVE-2025-14876
> 
> Actually, I don't think this fix has anything to do with the CVE. You can consider it an improvement.
> 

The original size is almost LONG_MAX, it does not limit memory usage of 
QEMU. So I used to think it was also a part of this CVE.

I also have no objection to removing this tag from here.

>> Fixes: 1653a5f3fc7 ("cryptodev: introduce a new cryptodev backend")
>> Reported-by: 이재영 <nakamurajames123@gmail.com>
>> Signed-off-by: zhenwei pi <zhenwei.pi@linux.dev>
>> ---
>>   backends/cryptodev-builtin.c | 9 +++------
>>   1 file changed, 3 insertions(+), 6 deletions(-)
>>
>> diff --git a/backends/cryptodev-builtin.c b/backends/cryptodev-builtin.c index
>> 0414c01e06..55a3fbd27b 100644
>> --- a/backends/cryptodev-builtin.c
>> +++ b/backends/cryptodev-builtin.c
>> @@ -53,6 +53,8 @@ typedef struct CryptoDevBackendBuiltinSession {
>>
>>   #define CRYPTODEV_BUITLIN_MAX_AUTH_KEY_LEN    512
>>   #define CRYPTODEV_BUITLIN_MAX_CIPHER_KEY_LEN  64
>> +/* demonstration purposes only, use a limited size to avoid QEMU OOM */
>> +#define CRYPTODEV_BUITLIN_MAX_REQUEST_SIZE  (1024 * 1024)
>>
>>   struct CryptoDevBackendBuiltin {
>>       CryptoDevBackend parent_obj;
>> @@ -98,12 +100,7 @@ static void cryptodev_builtin_init(
>>                            1u <<
>> QCRYPTODEV_BACKEND_SERVICE_TYPE_MAC;
>>       backend->conf.cipher_algo_l = 1u << VIRTIO_CRYPTO_CIPHER_AES_CBC;
>>       backend->conf.hash_algo = 1u << VIRTIO_CRYPTO_HASH_SHA1;
>> -    /*
>> -     * Set the Maximum length of crypto request.
>> -     * Why this value? Just avoid to overflow when
>> -     * memory allocation for each crypto request.
>> -     */
>> -    backend->conf.max_size = LONG_MAX - sizeof(CryptoDevBackendOpInfo);
>> +    backend->conf.max_size = CRYPTODEV_BUITLIN_MAX_REQUEST_SIZE;
>>       backend->conf.max_cipher_key_len =
>> CRYPTODEV_BUITLIN_MAX_CIPHER_KEY_LEN;
>>       backend->conf.max_auth_key_len =
>> CRYPTODEV_BUITLIN_MAX_AUTH_KEY_LEN;
>>       cryptodev_builtin_init_akcipher(backend);
>> --
>> 2.43.0
>

next prev parent reply	other threads:[~2025-12-22  9:07 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-12-21  2:43 [PATCH v2 0/2] Avoid QEMU OOM on huge request from guest zhenwei pi
2025-12-21  2:43 ` [PATCH v2 1/2] hw/virtio/virtio-crypto: verify asym request size zhenwei pi
2025-12-21  2:43 ` [PATCH v2 2/2] cryptodev-builtin: Limit the maximum size zhenwei pi
2025-12-22  1:29   ` Gonglei (Arei)
2025-12-22  9:06     ` zhenwei pi [this message]
2026-02-05 21:48 ` [PATCH v2 0/2] Avoid QEMU OOM on huge request from guest Michael Tokarev

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=c29a39ec-20ec-4222-a6c8-9bd6c6cd6a03@linux.dev \
    --to=zhenwei.pi@linux.dev \
    --cc=arei.gonglei@huawei.com \
    --cc=mcascell@redhat.com \
    --cc=mst@redhat.com \
    --cc=nakamurajames123@gmail.com \
    --cc=pizhenwei@tensorfer.com \
    --cc=qemu-devel@nongnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.