crypto/virtio: fix out of bounds access bug

Message ID (mailing list archive)
State Superseded, archived
Delegated to: akhil goyal
Series crypto/virtio: fix out of bounds access bug |


Context Check Description
ci/checkpatch warning coding style issues
ci/Intel-compilation success Compilation OK
ci/github-robot: build success github build: passed
ci/iol-mellanox-Performance success Performance Testing PASS
ci/iol-broadcom-Functional success Functional Testing PASS
ci/iol-broadcom-Performance success Performance Testing PASS
ci/iol-intel-Performance success Performance Testing PASS
ci/iol-intel-Functional success Functional Testing PASS
ci/iol-aarch64-unit-testing success Testing PASS
ci/iol-x86_64-unit-testing success Testing PASS
ci/iol-x86_64-compile-testing success Testing PASS
ci/iol-abi-testing success Testing PASS
ci/iol-aarch64-compile-testing success Testing PASS
ci/intel-Testing success Testing PASS

Commit Message

Brian Dooley Feb. 21, 2022, 6:05 p.m. UTC
  Coverity flags an untrusted loop bound. Check length of session iv.

Coverity issue: 375802

Fixes: b063e843fa03 ("crypto/virtio: fix IV physical address")

Signed-off-by: Brian Dooley <>
 drivers/crypto/virtio/virtio_rxtx.c | 3 +++
 1 file changed, 3 insertions(+)


diff --git a/drivers/crypto/virtio/virtio_rxtx.c b/drivers/crypto/virtio/virtio_rxtx.c
index a65524a306..f3f2e75c00 100644
--- a/drivers/crypto/virtio/virtio_rxtx.c
+++ b/drivers/crypto/virtio/virtio_rxtx.c
@@ -264,6 +264,9 @@  virtqueue_crypto_sym_enqueue_xmit(
 		if (cop->phys_addr)
 			desc[idx].addr = cop->phys_addr + session->iv.offset;
 		else {
+			if (VIRTIO_CRYPTO_MAX_IV_SIZE < session->iv.length)
+				return -ENOMEM;
 					uint8_t *, session->iv.offset),