RE: [PATCH v2 2/2] cryptodev-builtin: Limit the maximum size

Sun, 21 Dec 2025 17:31:34 -0800 

Hi,

> -----Original Message-----
> From: zhenwei pi <[email protected]>
> Sent: Sunday, December 21, 2025 10:43 AM
> To: [email protected]
> Cc: [email protected]; Gonglei (Arei) <[email protected]>;
> [email protected]; [email protected]; zhenwei pi
> <[email protected]>; zhenwei pi <[email protected]>
> Subject: [PATCH v2 2/2] cryptodev-builtin: Limit the maximum size
> 
> From: zhenwei pi <[email protected]>
> 
> This backend driver is used for demonstration purposes only, unlimited size 
> leads
> QEMU OOM.
> 
> Fixes: CVE-2025-14876

Actually, I don't think this fix has anything to do with the CVE. You can 
consider it an improvement.

> Fixes: 1653a5f3fc7 ("cryptodev: introduce a new cryptodev backend")
> Reported-by: 이재영 <[email protected]>
> Signed-off-by: zhenwei pi <[email protected]>
> ---
>  backends/cryptodev-builtin.c | 9 +++------
>  1 file changed, 3 insertions(+), 6 deletions(-)
> 
> diff --git a/backends/cryptodev-builtin.c b/backends/cryptodev-builtin.c index
> 0414c01e06..55a3fbd27b 100644
> --- a/backends/cryptodev-builtin.c
> +++ b/backends/cryptodev-builtin.c
> @@ -53,6 +53,8 @@ typedef struct CryptoDevBackendBuiltinSession {
> 
>  #define CRYPTODEV_BUITLIN_MAX_AUTH_KEY_LEN    512
>  #define CRYPTODEV_BUITLIN_MAX_CIPHER_KEY_LEN  64
> +/* demonstration purposes only, use a limited size to avoid QEMU OOM */
> +#define CRYPTODEV_BUITLIN_MAX_REQUEST_SIZE  (1024 * 1024)
> 
>  struct CryptoDevBackendBuiltin {
>      CryptoDevBackend parent_obj;
> @@ -98,12 +100,7 @@ static void cryptodev_builtin_init(
>                           1u <<
> QCRYPTODEV_BACKEND_SERVICE_TYPE_MAC;
>      backend->conf.cipher_algo_l = 1u << VIRTIO_CRYPTO_CIPHER_AES_CBC;
>      backend->conf.hash_algo = 1u << VIRTIO_CRYPTO_HASH_SHA1;
> -    /*
> -     * Set the Maximum length of crypto request.
> -     * Why this value? Just avoid to overflow when
> -     * memory allocation for each crypto request.
> -     */
> -    backend->conf.max_size = LONG_MAX - sizeof(CryptoDevBackendOpInfo);
> +    backend->conf.max_size = CRYPTODEV_BUITLIN_MAX_REQUEST_SIZE;
>      backend->conf.max_cipher_key_len =
> CRYPTODEV_BUITLIN_MAX_CIPHER_KEY_LEN;
>      backend->conf.max_auth_key_len =
> CRYPTODEV_BUITLIN_MAX_AUTH_KEY_LEN;
>      cryptodev_builtin_init_akcipher(backend);
> --
> 2.43.0

Reply via email to