> +static CryptoDevBackendSymOpInfo * > +virtio_crypto_sym_op_helper(VirtIODevice *vdev, > + struct virtio_crypto_cipher_para *cipher_para, > + struct virtio_crypto_alg_chain_data_para *alg_chain_para, > + struct iovec *iov, unsigned int out_num) > +{ > + CryptoDevBackendSymOpInfo *op_info; > + uint32_t src_len = 0, dst_len = 0; > + uint32_t iv_len = 0; > + uint32_t aad_len = 0, hash_result_len = 0; > + uint32_t hash_start_src_offset = 0, len_to_hash = 0; > + uint32_t cipher_start_src_offset = 0, len_to_cipher = 0; > + > + size_t max_len, curr_size = 0; > + size_t s; > + > + /* Plain cipher */ > + if (cipher_para) { > + iv_len = virtio_ldl_p(vdev, &cipher_para->iv_len); > + src_len = virtio_ldl_p(vdev, &cipher_para->src_data_len); > + dst_len = virtio_ldl_p(vdev, &cipher_para->dst_data_len); > + } else if (alg_chain_para) { /* Algorithm chain */ > + iv_len = virtio_ldl_p(vdev, &alg_chain_para->iv_len); > + src_len = virtio_ldl_p(vdev, &alg_chain_para->src_data_len); > + dst_len = virtio_ldl_p(vdev, &alg_chain_para->dst_data_len); > + > + aad_len = virtio_ldl_p(vdev, &alg_chain_para->aad_len); > + hash_result_len = virtio_ldl_p(vdev, > + &alg_chain_para->hash_result_len); > + hash_start_src_offset = virtio_ldl_p(vdev, > + &alg_chain_para->hash_start_src_offset); > + cipher_start_src_offset = virtio_ldl_p(vdev, > + &alg_chain_para->cipher_start_src_offset); > + len_to_cipher = virtio_ldl_p(vdev, &alg_chain_para->len_to_cipher); > + len_to_hash = virtio_ldl_p(vdev, &alg_chain_para->len_to_hash); > + } else { > + return NULL; > + } > + > + max_len = iv_len + aad_len + src_len + dst_len + hash_result_len; > + if (max_len == LONG_MAX - sizeof(CryptoDevBackendSymOpInfo)) { > + virtio_error(vdev, "virtio-crypto too big length"); > + return NULL; > + } > + The check should be:
if (unlikely(max_len > LONG_MAX - sizeof(CryptoDevBackendSymOpInfo))) { virtio_error(vdev, "virtio-crypto too big length"); return NULL; } Regards, -Gonglei