From patchwork Thu Apr 18 20:02:13 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Michael Tokarev X-Patchwork-Id: 789858 Delivered-To: patch@linaro.org Received: by 2002:adf:e6ca:0:b0:346:15ad:a2a with SMTP id y10csp747558wrm; Thu, 18 Apr 2024 13:04:20 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCUjM885Zkp8UsDTScOHmp1kwqVRjQY/wLnWf/9/Tah1iSgKQ+6JcXu6FE3g25K3rq7h1WIHTUfpLGPs+CQhhqfY X-Google-Smtp-Source: AGHT+IGZIGoSAM64dmVMNJ+gBTaHyiIGlCKYAXvK1oeksWRrC5Zv+/9F+cCdzt9LgMinyNhHhahX X-Received: by 2002:a67:f3c3:0:b0:47b:b7ac:1733 with SMTP id j3-20020a67f3c3000000b0047bb7ac1733mr23697vsn.1.1713470660726; Thu, 18 Apr 2024 13:04:20 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1713470660; cv=none; d=google.com; s=arc-20160816; b=hLBW0TL0aZkKhaO9fxSxDFDUgNSsEG75HnV9RyKRt8qsOVrWW/9IxOGAySKTDCROjX SihkaQEg89HxIQyFs9T3oWlIe0h8laqUDs10BbDfVnXBdVwo+dV9oBb+V59tEJJcnHXp SAryHywXZOZBFUng7b11CkxF+tgb54/SdoBjnqLKGua3LntGcPCG0yJ68E7iMytwhGf2 loeTapp4KMawckVDATxo5d86cwG3kAVovQrMjtPXWS1f/EXoNlj5B/PsJiPEmWxIuECr I/VBDMinKkeQqJcQXDbNYB4ghfjGuuJ+vzk6eEVtPKyDQZQlBShKIRbpI+5Cuu8GwGSN Diug== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from; bh=YPzkY6tlXuarV1+AgE4dUlu+ou5WZCQG6UdI/auKwn4=; fh=kcvrXg0b8ORyB3OpqOAjaCjQlgwib6p5RTCo7Fn5FsQ=; b=Q/tfYexxfoPAU6A/bKb3bjW+0/9iSTORQhcl0PEdCh9t8gyT/J7IuyLtRCVMv1A1od S9nrtvZIF+Y1Tg5Zt5x6pw3LAugGr861bFQZ2dYnX3CXTT6VUcnSF2oxNdCozZ1a49Aw t0qXsLHD7trKw5MKXsDuag8iGTtf3W/SMHYDb/GW01h3eg10jXgVUCACC0hupLtwEal/ rYFMT2ZoKaLWRRugFIuIXAG4MDnOl+W++m12CF0yQjquJtADHUoCCHfiGmpQykxgupFo Buc3dpzU2s+hnmWWSiz9di5n2E98VM9NzPj3GoDofkKjiHJu79rTYQ67Be2QRKvmxfJN 9rhQ==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org" Return-Path: Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17]) by mx.google.com with ESMTPS id o17-20020a056102345100b00476c54668e7si397703vsj.551.2024.04.18.13.04.20 for (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Thu, 18 Apr 2024 13:04:20 -0700 (PDT) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; Authentication-Results: mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org" Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rxXyY-0001jW-Pq; Thu, 18 Apr 2024 16:03:19 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rxXyG-0001ac-DD; Thu, 18 Apr 2024 16:03:05 -0400 Received: from isrv.corpit.ru ([86.62.121.231]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rxXyD-0005PR-6K; Thu, 18 Apr 2024 16:03:00 -0400 Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2]) by isrv.corpit.ru (Postfix) with ESMTP id 079295FE14; Thu, 18 Apr 2024 23:02:28 +0300 (MSK) Received: from tls.msk.ru (mjt.wg.tls.msk.ru [192.168.177.130]) by tsrv.corpit.ru (Postfix) with SMTP id 67541B93FA; Thu, 18 Apr 2024 23:02:25 +0300 (MSK) Received: (nullmailer pid 952875 invoked by uid 1000); Thu, 18 Apr 2024 20:02:24 -0000 From: Michael Tokarev To: qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org, =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= , Zheyu Ma , zhenwei pi , Michael Tokarev Subject: [Stable-7.2.11 53/59] backends/cryptodev: Do not abort for invalid session ID Date: Thu, 18 Apr 2024 23:02:13 +0300 Message-Id: <20240418200224.952785-12-mjt@tls.msk.ru> X-Mailer: git-send-email 2.39.2 In-Reply-To: References: MIME-Version: 1.0 Received-SPF: pass client-ip=86.62.121.231; envelope-from=mjt@tls.msk.ru; helo=isrv.corpit.ru X-Spam_score_int: -68 X-Spam_score: -6.9 X-Spam_bar: ------ X-Spam_report: (-6.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: qemu-devel-bounces+patch=linaro.org@nongnu.org From: Philippe Mathieu-Daudé Instead of aborting when a session ID is invalid, return VIRTIO_CRYPTO_INVSESS ("Invalid session id"). Reproduced using: $ cat << EOF | qemu-system-i386 -display none \ -machine q35,accel=qtest -m 512M -nodefaults \ -object cryptodev-backend-builtin,id=cryptodev0 \ -device virtio-crypto-pci,id=crypto0,cryptodev=cryptodev0 \ -qtest stdio outl 0xcf8 0x80000804 outw 0xcfc 0x06 outl 0xcf8 0x80000820 outl 0xcfc 0xe0008000 write 0x10800e 0x1 0x01 write 0xe0008016 0x1 0x01 write 0xe0008020 0x4 0x00801000 write 0xe0008028 0x4 0x00c01000 write 0xe000801c 0x1 0x01 write 0x110000 0x1 0x05 write 0x110001 0x1 0x04 write 0x108002 0x1 0x11 write 0x108008 0x1 0x48 write 0x10800c 0x1 0x01 write 0x108018 0x1 0x10 write 0x10801c 0x1 0x02 write 0x10c002 0x1 0x01 write 0xe000b005 0x1 0x00 EOF Assertion failed: (session_id < MAX_NUM_SESSIONS && builtin->sessions[session_id]), function cryptodev_builtin_close_session, file cryptodev-builtin.c, line 430. Cc: qemu-stable@nongnu.org Reported-by: Zheyu Ma Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2274 Signed-off-by: Philippe Mathieu-Daudé Reviewed-by: zhenwei pi Message-Id: <20240409094757.9127-1-philmd@linaro.org> (cherry picked from commit eaf2bd29538d039df80bb4b1584de33a61312bc6) Signed-off-by: Michael Tokarev diff --git a/backends/cryptodev-builtin.c b/backends/cryptodev-builtin.c index cda6ca3b71..2e792be756 100644 --- a/backends/cryptodev-builtin.c +++ b/backends/cryptodev-builtin.c @@ -416,7 +416,9 @@ static int cryptodev_builtin_close_session( CRYPTODEV_BACKEND_BUILTIN(backend); CryptoDevBackendBuiltinSession *session; - assert(session_id < MAX_NUM_SESSIONS && builtin->sessions[session_id]); + if (session_id >= MAX_NUM_SESSIONS || !builtin->sessions[session_id]) { + return -VIRTIO_CRYPTO_INVSESS; + } session = builtin->sessions[session_id]; if (session->cipher) {