From patchwork Thu Apr 18 20:02:13 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: Michael Tokarev <mjt@tls.msk.ru>
X-Patchwork-Id: 789858
Delivered-To: patch@linaro.org
Received: by 2002:adf:e6ca:0:b0:346:15ad:a2a with SMTP id y10csp747558wrm;
 Thu, 18 Apr 2024 13:04:20 -0700 (PDT)
X-Forwarded-Encrypted: i=2;
 AJvYcCUjM885Zkp8UsDTScOHmp1kwqVRjQY/wLnWf/9/Tah1iSgKQ+6JcXu6FE3g25K3rq7h1WIHTUfpLGPs+CQhhqfY
X-Google-Smtp-Source: AGHT+IGZIGoSAM64dmVMNJ+gBTaHyiIGlCKYAXvK1oeksWRrC5Zv+/9F+cCdzt9LgMinyNhHhahX
X-Received: by 2002:a67:f3c3:0:b0:47b:b7ac:1733 with SMTP id
 j3-20020a67f3c3000000b0047bb7ac1733mr23697vsn.1.1713470660726;
 Thu, 18 Apr 2024 13:04:20 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1713470660; cv=none;
 d=google.com; s=arc-20160816;
 b=hLBW0TL0aZkKhaO9fxSxDFDUgNSsEG75HnV9RyKRt8qsOVrWW/9IxOGAySKTDCROjX
 SihkaQEg89HxIQyFs9T3oWlIe0h8laqUDs10BbDfVnXBdVwo+dV9oBb+V59tEJJcnHXp
 SAryHywXZOZBFUng7b11CkxF+tgb54/SdoBjnqLKGua3LntGcPCG0yJ68E7iMytwhGf2
 loeTapp4KMawckVDATxo5d86cwG3kAVovQrMjtPXWS1f/EXoNlj5B/PsJiPEmWxIuECr
 I/VBDMinKkeQqJcQXDbNYB4ghfjGuuJ+vzk6eEVtPKyDQZQlBShKIRbpI+5Cuu8GwGSN
 Diug==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
 h=sender:errors-to:list-subscribe:list-help:list-post:list-archive
 :list-unsubscribe:list-id:precedence:content-transfer-encoding
 :mime-version:references:in-reply-to:message-id:date:subject:cc:to
 :from; bh=YPzkY6tlXuarV1+AgE4dUlu+ou5WZCQG6UdI/auKwn4=;
 fh=kcvrXg0b8ORyB3OpqOAjaCjQlgwib6p5RTCo7Fn5FsQ=;
 b=Q/tfYexxfoPAU6A/bKb3bjW+0/9iSTORQhcl0PEdCh9t8gyT/J7IuyLtRCVMv1A1od
 S9nrtvZIF+Y1Tg5Zt5x6pw3LAugGr861bFQZ2dYnX3CXTT6VUcnSF2oxNdCozZ1a49Aw
 t0qXsLHD7trKw5MKXsDuag8iGTtf3W/SMHYDb/GW01h3eg10jXgVUCACC0hupLtwEal/
 rYFMT2ZoKaLWRRugFIuIXAG4MDnOl+W++m12CF0yQjquJtADHUoCCHfiGmpQykxgupFo
 Buc3dpzU2s+hnmWWSiz9di5n2E98VM9NzPj3GoDofkKjiHJu79rTYQ67Be2QRKvmxfJN
 9rhQ==; dara=google.com
ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as
 permitted sender)
 smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"
Return-Path: <qemu-devel-bounces+patch=linaro.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17])
 by mx.google.com with ESMTPS id
 o17-20020a056102345100b00476c54668e7si397703vsj.551.2024.04.18.13.04.20
 for <patch@linaro.org>
 (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256);
 Thu, 18 Apr 2024 13:04:20 -0700 (PDT)
Received-SPF: pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as
 permitted sender) client-ip=209.51.188.17;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as
 permitted sender)
 smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"
Received: from localhost ([::1] helo=lists1p.gnu.org)
 by lists.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <qemu-devel-bounces@nongnu.org>)
 id 1rxXyY-0001jW-Pq; Thu, 18 Apr 2024 16:03:19 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mjt@tls.msk.ru>)
 id 1rxXyG-0001ac-DD; Thu, 18 Apr 2024 16:03:05 -0400
Received: from isrv.corpit.ru ([86.62.121.231])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mjt@tls.msk.ru>)
 id 1rxXyD-0005PR-6K; Thu, 18 Apr 2024 16:03:00 -0400
Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2])
 by isrv.corpit.ru (Postfix) with ESMTP id 079295FE14;
 Thu, 18 Apr 2024 23:02:28 +0300 (MSK)
Received: from tls.msk.ru (mjt.wg.tls.msk.ru [192.168.177.130])
 by tsrv.corpit.ru (Postfix) with SMTP id 67541B93FA;
 Thu, 18 Apr 2024 23:02:25 +0300 (MSK)
Received: (nullmailer pid 952875 invoked by uid 1000);
 Thu, 18 Apr 2024 20:02:24 -0000
From: Michael Tokarev <mjt@tls.msk.ru>
To: qemu-devel@nongnu.org
Cc: qemu-stable@nongnu.org,
 =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= <philmd@linaro.org>,
 Zheyu Ma <zheyuma97@gmail.com>, zhenwei pi <pizhenwei@bytedance.com>,
 Michael Tokarev <mjt@tls.msk.ru>
Subject: [Stable-7.2.11 53/59] backends/cryptodev: Do not abort for invalid
 session ID
Date: Thu, 18 Apr 2024 23:02:13 +0300
Message-Id: <20240418200224.952785-12-mjt@tls.msk.ru>
X-Mailer: git-send-email 2.39.2
In-Reply-To: <qemu-stable-7.2.11-20240418230159@cover.tls.msk.ru>
References: <qemu-stable-7.2.11-20240418230159@cover.tls.msk.ru>
MIME-Version: 1.0
Received-SPF: pass client-ip=86.62.121.231; envelope-from=mjt@tls.msk.ru;
 helo=isrv.corpit.ru
X-Spam_score_int: -68
X-Spam_score: -6.9
X-Spam_bar: ------
X-Spam_report: (-6.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5,
 SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org
Sender: qemu-devel-bounces+patch=linaro.org@nongnu.org

From: Philippe Mathieu-Daudé <philmd@linaro.org>

Instead of aborting when a session ID is invalid,
return VIRTIO_CRYPTO_INVSESS ("Invalid session id").

Reproduced using:

  $ cat << EOF | qemu-system-i386 -display none \
     -machine q35,accel=qtest -m 512M -nodefaults \
     -object cryptodev-backend-builtin,id=cryptodev0 \
     -device virtio-crypto-pci,id=crypto0,cryptodev=cryptodev0 \
     -qtest stdio
  outl 0xcf8 0x80000804
  outw 0xcfc 0x06
  outl 0xcf8 0x80000820
  outl 0xcfc 0xe0008000
  write 0x10800e 0x1 0x01
  write 0xe0008016 0x1 0x01
  write 0xe0008020 0x4 0x00801000
  write 0xe0008028 0x4 0x00c01000
  write 0xe000801c 0x1 0x01
  write 0x110000 0x1 0x05
  write 0x110001 0x1 0x04
  write 0x108002 0x1 0x11
  write 0x108008 0x1 0x48
  write 0x10800c 0x1 0x01
  write 0x108018 0x1 0x10
  write 0x10801c 0x1 0x02
  write 0x10c002 0x1 0x01
  write 0xe000b005 0x1 0x00
  EOF
  Assertion failed: (session_id < MAX_NUM_SESSIONS && builtin->sessions[session_id]),
  function cryptodev_builtin_close_session, file cryptodev-builtin.c, line 430.

Cc: qemu-stable@nongnu.org
Reported-by: Zheyu Ma <zheyuma97@gmail.com>
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2274
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: zhenwei pi <pizhenwei@bytedance.com>
Message-Id: <20240409094757.9127-1-philmd@linaro.org>
(cherry picked from commit eaf2bd29538d039df80bb4b1584de33a61312bc6)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

diff --git a/backends/cryptodev-builtin.c b/backends/cryptodev-builtin.c
index cda6ca3b71..2e792be756 100644
--- a/backends/cryptodev-builtin.c
+++ b/backends/cryptodev-builtin.c
@@ -416,7 +416,9 @@ static int cryptodev_builtin_close_session(
                       CRYPTODEV_BACKEND_BUILTIN(backend);
     CryptoDevBackendBuiltinSession *session;
 
-    assert(session_id < MAX_NUM_SESSIONS && builtin->sessions[session_id]);
+    if (session_id >= MAX_NUM_SESSIONS || !builtin->sessions[session_id]) {
+        return -VIRTIO_CRYPTO_INVSESS;
+    }
 
     session = builtin->sessions[session_id];
     if (session->cipher) {