From: zhenwei pi <zhenwei.pi@linux.dev>
To: qemu-devel@nongnu.org
Cc: mst@redhat.com, arei.gonglei@huawei.com,
nakamurajames123@gmail.com, qemu-security@nongnu.org,
mcascell@redhat.com, zhenwei pi <zhenwei.pi@linux.dev>
Subject: [PATCH 2/2] cryptodev-builtin: Limit the maximum size
Date: Sun, 14 Dec 2025 17:09:39 +0800 [thread overview]
Message-ID: <20251214090939.408436-3-zhenwei.pi@linux.dev> (raw)
In-Reply-To: <20251214090939.408436-1-zhenwei.pi@linux.dev>
This backend driver is used for demonstration purposes only, unlimited
size leads QEMU OOM.
Fixes: 1653a5f3fc7 ("cryptodev: introduce a new cryptodev backend")
Reported-by: AM 이재영 <nakamurajames123@gmail.com>
Signed-off-by: zhenwei pi <zhenwei.pi@linux.dev>
---
backends/cryptodev-builtin.c | 9 +++------
1 file changed, 3 insertions(+), 6 deletions(-)
diff --git a/backends/cryptodev-builtin.c b/backends/cryptodev-builtin.c
index 0414c01e06..55a3fbd27b 100644
--- a/backends/cryptodev-builtin.c
+++ b/backends/cryptodev-builtin.c
@@ -53,6 +53,8 @@ typedef struct CryptoDevBackendBuiltinSession {
#define CRYPTODEV_BUITLIN_MAX_AUTH_KEY_LEN 512
#define CRYPTODEV_BUITLIN_MAX_CIPHER_KEY_LEN 64
+/* demonstration purposes only, use a limited size to avoid QEMU OOM */
+#define CRYPTODEV_BUITLIN_MAX_REQUEST_SIZE (1024 * 1024)
struct CryptoDevBackendBuiltin {
CryptoDevBackend parent_obj;
@@ -98,12 +100,7 @@ static void cryptodev_builtin_init(
1u << QCRYPTODEV_BACKEND_SERVICE_TYPE_MAC;
backend->conf.cipher_algo_l = 1u << VIRTIO_CRYPTO_CIPHER_AES_CBC;
backend->conf.hash_algo = 1u << VIRTIO_CRYPTO_HASH_SHA1;
- /*
- * Set the Maximum length of crypto request.
- * Why this value? Just avoid to overflow when
- * memory allocation for each crypto request.
- */
- backend->conf.max_size = LONG_MAX - sizeof(CryptoDevBackendOpInfo);
+ backend->conf.max_size = CRYPTODEV_BUITLIN_MAX_REQUEST_SIZE;
backend->conf.max_cipher_key_len = CRYPTODEV_BUITLIN_MAX_CIPHER_KEY_LEN;
backend->conf.max_auth_key_len = CRYPTODEV_BUITLIN_MAX_AUTH_KEY_LEN;
cryptodev_builtin_init_akcipher(backend);
--
2.43.0
prev parent reply other threads:[~2025-12-14 15:00 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-12-14 9:09 [PATCH 0/2] Avoid QEMU OOM on huge request from guest zhenwei pi
2025-12-14 9:09 ` [PATCH 1/2] hw/virtio/virtio-crypto: verify asym request size zhenwei pi
2025-12-14 9:09 ` zhenwei pi [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20251214090939.408436-3-zhenwei.pi@linux.dev \
--to=zhenwei.pi@linux.dev \
--cc=arei.gonglei@huawei.com \
--cc=mcascell@redhat.com \
--cc=mst@redhat.com \
--cc=nakamurajames123@gmail.com \
--cc=qemu-devel@nongnu.org \
--cc=qemu-security@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).