From patchwork Thu Apr 18 17:49:35 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: Michael Tokarev <mjt@tls.msk.ru>
X-Patchwork-Id: 789809
Delivered-To: patch@linaro.org
Received: by 2002:adf:e6ca:0:b0:346:15ad:a2a with SMTP id y10csp694983wrm;
 Thu, 18 Apr 2024 10:51:36 -0700 (PDT)
X-Forwarded-Encrypted: i=2;
 AJvYcCV9j/TtgqbBmNu+laJjBfC+ztV5laApXbjtVqRHffWIBqBGtPRFE5QOQK/Sr6mGqXiKU6GyrzN/fxei8KXFDDML
X-Google-Smtp-Source: AGHT+IGoF5JJYTCNcAJZlvmWjlSeLXv5Bz9BGPXNZNwuUz1Lo/fG4sh9lNMmiWMK1MtbtgcbU6yP
X-Received: by 2002:a05:620a:1115:b0:78e:fd29:84bc with SMTP id
 o21-20020a05620a111500b0078efd2984bcmr3626983qkk.42.1713462696148;
 Thu, 18 Apr 2024 10:51:36 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1713462696; cv=none;
 d=google.com; s=arc-20160816;
 b=wnMrRrhxmbFwdTV9sTqb8VbhViWcRxqD0+zFiYKThvK71VzPspiQcMGEKUuDQ7J4AY
 YUVeSyKrtKeCKsCqUX5B2q+gzWlw5j0XFljyLzfvEDxs/Y+4CuH0J1DTtzXY+2EZtZk5
 VM84OZ8FfzuKUk1jAIEFkHwUMjIyGbVqXJte8DdbZLkv3RnWCFr4azk9RoSs8woBk5Xm
 H+p2b1MxTwTrrys++ilzr+SfcyRMLvhMkzQx7q/nPOIMnQfVFbOnMO+TbhWE7FTQY/yl
 OSSsuBKTU0Hf0MRBZbUQXSbGhZt6OwaPnuyI0Vrvpb5bgP11aZkyBttlUkI/yqafPeZS
 Pcag==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
 h=sender:errors-to:list-subscribe:list-help:list-post:list-archive
 :list-unsubscribe:list-id:precedence:content-transfer-encoding
 :mime-version:references:in-reply-to:message-id:date:subject:cc:to
 :from; bh=OyaXeZLI95+FLzkNX/is0hT1EF3rL9/DzI7x8+cky/k=;
 fh=kcvrXg0b8ORyB3OpqOAjaCjQlgwib6p5RTCo7Fn5FsQ=;
 b=vSe9RPMmPZI/3w14lCkc8DNKXG9gP9niQR3DrDqsXt3VKzdYOXi2zoi2gQpDVBb3FN
 epa6VW3q480ERbhjwiAXf6l2mE+rq76+Y9nslVImWy2OPmhwGdnQA46ag2VA3tKJa2bn
 JrCZZSiTi4I6Vjn+MvvVWWeiE0Gf2vYDUIUkOwqH86WWVmHq1V/8pe3ELQx1iGyeQS8y
 6+YMJv7CqWvEOu2+F9l2eLqu/JunwW/zZVXBforqMV6+5kQK4y4B+HQJ58pLj3KJkSFH
 oERfa3kNB/Kmveg/ffNXWuArKaQVPfNv1PZA7pT3zyyZa0Cwwo/GBKMjBFc3ArUISuIm
 E/kA==; dara=google.com
ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as
 permitted sender)
 smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"
Return-Path: <qemu-devel-bounces+patch=linaro.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17])
 by mx.google.com with ESMTPS id
 q6-20020a05620a038600b00789e614090bsi1933457qkm.696.2024.04.18.10.51.36
 for <patch@linaro.org>
 (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256);
 Thu, 18 Apr 2024 10:51:36 -0700 (PDT)
Received-SPF: pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as
 permitted sender) client-ip=209.51.188.17;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as
 permitted sender)
 smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"
Received: from localhost ([::1] helo=lists1p.gnu.org)
 by lists.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <qemu-devel-bounces@nongnu.org>)
 id 1rxVuo-0001X8-9X; Thu, 18 Apr 2024 13:51:18 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mjt@tls.msk.ru>)
 id 1rxVuk-0001SB-UG; Thu, 18 Apr 2024 13:51:15 -0400
Received: from isrv.corpit.ru ([86.62.121.231])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mjt@tls.msk.ru>)
 id 1rxVuj-0007eV-7C; Thu, 18 Apr 2024 13:51:14 -0400
Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2])
 by isrv.corpit.ru (Postfix) with ESMTP id A28ED5FD72;
 Thu, 18 Apr 2024 20:50:03 +0300 (MSK)
Received: from tls.msk.ru (mjt.wg.tls.msk.ru [192.168.177.130])
 by tsrv.corpit.ru (Postfix) with SMTP id 10D1AB934C;
 Thu, 18 Apr 2024 20:50:01 +0300 (MSK)
Received: (nullmailer pid 947857 invoked by uid 1000);
 Thu, 18 Apr 2024 17:49:55 -0000
From: Michael Tokarev <mjt@tls.msk.ru>
To: qemu-devel@nongnu.org
Cc: qemu-stable@nongnu.org,
 =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= <philmd@linaro.org>,
 Zheyu Ma <zheyuma97@gmail.com>, zhenwei pi <pizhenwei@bytedance.com>,
 Michael Tokarev <mjt@tls.msk.ru>
Subject: [Stable-8.2.3 105/116] backends/cryptodev: Do not abort for invalid
 session ID
Date: Thu, 18 Apr 2024 20:49:35 +0300
Message-Id: <20240418174955.947730-18-mjt@tls.msk.ru>
X-Mailer: git-send-email 2.39.2
In-Reply-To: <qemu-stable-8.2.3-20240418204921@cover.tls.msk.ru>
References: <qemu-stable-8.2.3-20240418204921@cover.tls.msk.ru>
MIME-Version: 1.0
Received-SPF: pass client-ip=86.62.121.231; envelope-from=mjt@tls.msk.ru;
 helo=isrv.corpit.ru
X-Spam_score_int: -68
X-Spam_score: -6.9
X-Spam_bar: ------
X-Spam_report: (-6.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5,
 SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org
Sender: qemu-devel-bounces+patch=linaro.org@nongnu.org

From: Philippe Mathieu-Daudé <philmd@linaro.org>

Instead of aborting when a session ID is invalid,
return VIRTIO_CRYPTO_INVSESS ("Invalid session id").

Reproduced using:

  $ cat << EOF | qemu-system-i386 -display none \
     -machine q35,accel=qtest -m 512M -nodefaults \
     -object cryptodev-backend-builtin,id=cryptodev0 \
     -device virtio-crypto-pci,id=crypto0,cryptodev=cryptodev0 \
     -qtest stdio
  outl 0xcf8 0x80000804
  outw 0xcfc 0x06
  outl 0xcf8 0x80000820
  outl 0xcfc 0xe0008000
  write 0x10800e 0x1 0x01
  write 0xe0008016 0x1 0x01
  write 0xe0008020 0x4 0x00801000
  write 0xe0008028 0x4 0x00c01000
  write 0xe000801c 0x1 0x01
  write 0x110000 0x1 0x05
  write 0x110001 0x1 0x04
  write 0x108002 0x1 0x11
  write 0x108008 0x1 0x48
  write 0x10800c 0x1 0x01
  write 0x108018 0x1 0x10
  write 0x10801c 0x1 0x02
  write 0x10c002 0x1 0x01
  write 0xe000b005 0x1 0x00
  EOF
  Assertion failed: (session_id < MAX_NUM_SESSIONS && builtin->sessions[session_id]),
  function cryptodev_builtin_close_session, file cryptodev-builtin.c, line 430.

Cc: qemu-stable@nongnu.org
Reported-by: Zheyu Ma <zheyuma97@gmail.com>
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2274
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: zhenwei pi <pizhenwei@bytedance.com>
Message-Id: <20240409094757.9127-1-philmd@linaro.org>
(cherry picked from commit eaf2bd29538d039df80bb4b1584de33a61312bc6)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

diff --git a/backends/cryptodev-builtin.c b/backends/cryptodev-builtin.c
index 39d0455280..a514bbb310 100644
--- a/backends/cryptodev-builtin.c
+++ b/backends/cryptodev-builtin.c
@@ -427,7 +427,9 @@ static int cryptodev_builtin_close_session(
                       CRYPTODEV_BACKEND_BUILTIN(backend);
     CryptoDevBackendBuiltinSession *session;
 
-    assert(session_id < MAX_NUM_SESSIONS && builtin->sessions[session_id]);
+    if (session_id >= MAX_NUM_SESSIONS || !builtin->sessions[session_id]) {
+        return -VIRTIO_CRYPTO_INVSESS;
+    }
 
     session = builtin->sessions[session_id];
     if (session->cipher) {