| Message ID | 20231017202505.340906-10-rick.p.edgecombe@intel.com (mailing list archive) |
|---|---|
| State | New |
| Headers | show
Return-Path: <owner-linux-mm@kvack.org> X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 19982CDB483 for <linux-mm@archiver.kernel.org>; Tue, 17 Oct 2023 20:25:51 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id B6C4A8006F; Tue, 17 Oct 2023 16:25:40 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id AF5DB8006D; Tue, 17 Oct 2023 16:25:40 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 8AD2B8006F; Tue, 17 Oct 2023 16:25:40 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id 6FB4D8006D for <linux-mm@kvack.org>; Tue, 17 Oct 2023 16:25:40 -0400 (EDT) Received: from smtpin10.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id 40BA9140E6A for <linux-mm@kvack.org>; Tue, 17 Oct 2023 20:25:40 +0000 (UTC) X-FDA: 81356084040.10.3CFA5AF Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.7]) by imf21.hostedemail.com (Postfix) with ESMTP id 2F3A81C0021 for <linux-mm@kvack.org>; Tue, 17 Oct 2023 20:25:38 +0000 (UTC) Authentication-Results: imf21.hostedemail.com; dkim=pass header.d=intel.com header.s=Intel header.b=YXuEGd1Y; dmarc=pass (policy=none) header.from=intel.com; spf=pass (imf21.hostedemail.com: domain of rick.p.edgecombe@intel.com designates 192.198.163.7 as permitted sender) smtp.mailfrom=rick.p.edgecombe@intel.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1697574338; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=52JQEUV6G5oXutFcAibbYbDTdVZXn8Kx/7l2gelzDac=; b=z3eCWrwZ92DEi9E2CNZJhkUsHhhrXpJxXo0APOCJnORQMJy65HEFHNGFxiVcW/CnHDY9+Q 0o0BMu623tF1psXNojXs/MNVqQWFQenZC00giE8kEa1pefKwm3U77rqBClVzODvR1p3RLx fKyXDySET5hqmnuhN5UhhERtjf4m1EA= ARC-Authentication-Results: i=1; imf21.hostedemail.com; dkim=pass header.d=intel.com header.s=Intel header.b=YXuEGd1Y; dmarc=pass (policy=none) header.from=intel.com; spf=pass (imf21.hostedemail.com: domain of rick.p.edgecombe@intel.com designates 192.198.163.7 as permitted sender) smtp.mailfrom=rick.p.edgecombe@intel.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1697574338; a=rsa-sha256; cv=none; b=lsi3UuQJkrqUFXs8VAq/AGkbgLBjguQ/N8avPdwTE52smvy33AuBH3DR3zCALzBmfZ12v3 Igge8upFrsCerWI2Nu8PZplexcynZvMrJBrpef4hjTUPBwB2gpX7N6V+9a/J4/GK1RDfKY Sg/wbnL+h0VGfmQMbsMZluxgHrTSyGg= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1697574338; x=1729110338; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=n7cfqZUhm+mNRuq80sD29C7/lYhruGMsgMoNg518Mk8=; b=YXuEGd1YuuA8OqolNFitTWvyC72DXCtDVrq4iC64qSq0H+WUXbWwob+q moFldGrUAkrqIsmMoMBrwZ6+cuYbWgJb5SdNWl1xgaz271bELU9leP1Ew xzjHZB5UBcLRhfA3PLkJz1TK4OaCFuGBDJeRzpeRCuibVL7Jf3clrDbTy mNqR85YNWgSggizAPJxn3LEW2iBDTt1tJg/EpOSRWV1fSyhnn8uv4TGKX z2snsrvYHjwgkdn6EsgEwlC3CYsavy99A7Qulh4pyuiTTo9VxKiittR0C muzvRKkUiEFuZ0p6cHvGUTg99J7FnvevMoN32XQfR/dDcVVhpZOGCrPtu A==; X-IronPort-AV: E=McAfee;i="6600,9927,10866"; a="7429597" X-IronPort-AV: E=Sophos;i="6.03,233,1694761200"; d="scan'208";a="7429597" Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by fmvoesa101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 17 Oct 2023 13:25:38 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10866"; a="900040475" X-IronPort-AV: E=Sophos;i="6.03,233,1694761200"; d="scan'208";a="900040475" Received: from rtdinh-mobl1.amr.corp.intel.com (HELO rpedgeco-desk4.intel.com) ([10.212.150.155]) by fmsmga001-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 17 Oct 2023 13:23:34 -0700 From: Rick Edgecombe <rick.p.edgecombe@intel.com> To: x86@kernel.org, tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, dave.hansen@linux.intel.com, hpa@zytor.com, luto@kernel.org, peterz@infradead.org, kirill.shutemov@linux.intel.com, elena.reshetova@intel.com, isaku.yamahata@intel.com, seanjc@google.com, Michael Kelley <mikelley@microsoft.com>, thomas.lendacky@amd.com, decui@microsoft.com, sathyanarayanan.kuppuswamy@linux.intel.com, linux-mm@kvack.org, linux-kernel@vger.kernel.org, linux-s390@vger.kernel.org Cc: rick.p.edgecombe@intel.com, "K. Y. Srinivasan" <kys@microsoft.com>, Haiyang Zhang <haiyangz@microsoft.com>, Wei Liu <wei.liu@kernel.org>, linux-hyperv@vger.kernel.org Subject: [RFC 09/10] hv_nstvsc: Don't free decrypted memory Date: Tue, 17 Oct 2023 13:25:04 -0700 Message-Id: <20231017202505.340906-10-rick.p.edgecombe@intel.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20231017202505.340906-1-rick.p.edgecombe@intel.com> References: <20231017202505.340906-1-rick.p.edgecombe@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Rspam-User: X-Rspamd-Server: rspam12 X-Rspamd-Queue-Id: 2F3A81C0021 X-Stat-Signature: 3eu7cpybka1pjr5jhbe1113jgabcjhnn X-HE-Tag: 1697574338-282644 X-HE-Meta: U2FsdGVkX19USR55xRwipD3loo7gzYiDgWj62/ddMj4AMtfSeOJHcbsXQ8rnkB9IJpYajLpCFCaPosfEiL77GZ4CpEPS6057Gd9mTKWxQHrsPyE7WrdcTcm1Ipt1IyMkvV35YxTohSoZwyBFQCWUmbu+pzkVNrso9IxF7iH1+dpKlZDBJRD9Uf05+oo1UFZceau6HK+OezwOY9gFtFUai+K5Ie42G9c8WhblNHORvpNjAzdSpJzFPucYXBnbpGY88xUX6z+ajlE7ohfc+niL9NE699mzn2QyNUyX4JxKjQwytbziejag+xbHODOQoLm/ZuMLnYl5hkivVTpU/PBD25K1cdUX7MeTPh9Q+RognRIJ50r4GDsMGMa0JquYwvRH+O6IHiUcotGLsXLiGB9A7EvFyX/Ccp6hcEHywpdu2NeotS/2Yq1bIfdqkPqBINaVbbC+ZALE1DrxM41TXz2gUfZMsJTn5KBnTbGEIPwgpXJhMkPJ9HAHJWJdkEw9Yx2v1/7Z/J58YWOFtyxBBCufjhs/GQnrpny6jnICQRxJb5TUVHNG7y/8fVRruPvMQBpnrdEzqhGEIWWNSpd7BtVTwkmOn8X9+yTr5TUfYNEv5QQdvImv3H1DCBGdiuDJ0myW1oLe7VZ5Q8Yd2okiwJv4ZZ6WT8HRfpDSKSrS5jfzxrtHs5EC/19SMPtM3bRWZg1sOmb+BxONuH2tqG4XuDZQthWfB0FP1N04+W4U5PZvXNToDWB430m56cRU4W3je5lrVvh0MQdU4dWA/tV7gUbRdTi27KuhGcDcztBixCRNnr4Wn1aWFgXxHhPkIq4shAt5Or2S3HL9ouiRqlZEmKck32YsWIZeaF1Sxl8n4me35n0GmSs9BR2ZmycXJTkYcqKCOZ1OQwmXKYLfKWvi5RCMEsksSFVMPx0G83ObJXNNJyllByDzjd9e7SwKXDQqo3HX5GLuRHVCYNaz7eCzhMQ ldGsFt8s +D3c2DAUyBU4O/sEGPe/tGx8hWFsl0RaBm6q0Ib8xtqqFEhBMsaMS+Ka+AvfB59fsgy3muoJJDHg8QDEr1PYWe/SOr3LuFIuVW/N5YzPQxA3uEhbzg0GsNk/FycX82hak7dxt9Py1an32CFAygNfDCPfPoPKySzmNIrZ9B3YlX9EC7LFaKLnK6QVBzMcpbxo6NWA4jWaa1bXxUarEePGx+o9rPfQddDMVHZiBOqV0X16pU66nvKjXfFeiGsFFoiCE8PPFr+a1KLsrDDw942NVSoCRudge4LSFdS4Y X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: <linux-mm.kvack.org> |
| Series |
Handle set_memory_XXcrypted() errors
|
expand
|
diff --git a/drivers/net/hyperv/netvsc.c b/drivers/net/hyperv/netvsc.c index 82e9796c8f5e..70b7f91fb96b 100644 --- a/drivers/net/hyperv/netvsc.c +++ b/drivers/net/hyperv/netvsc.c @@ -154,8 +154,11 @@ static void free_netvsc_device(struct rcu_head *head) int i; kfree(nvdev->extension); - vfree(nvdev->recv_buf); - vfree(nvdev->send_buf); + + if (!nvdev->recv_buf_gpadl_handle.decrypted) + vfree(nvdev->recv_buf); + if (!nvdev->send_buf_gpadl_handle.decrypted) + vfree(nvdev->send_buf); bitmap_free(nvdev->send_section_map); for (i = 0; i < VRSS_CHANNEL_MAX; i++) {
On TDX it is possible for the untrusted host to cause set_memory_encrypted() or set_memory_decrypted() to fail such that an error is returned and the resulting memory is shared. Callers need to take care to handle these errors to avoid returning decrypted (shared) memory to the page allocator, which could lead to functional or security issues. hv_nstvsc could free decrypted/shared pages if set_memory_decrypted() fails. Check the decrypted field in the gpadl before freeing in order to not leak the memory. Only compile tested. Cc: "K. Y. Srinivasan" <kys@microsoft.com> Cc: Haiyang Zhang <haiyangz@microsoft.com> Cc: Wei Liu <wei.liu@kernel.org> Cc: Dexuan Cui <decui@microsoft.com> Cc: linux-hyperv@vger.kernel.org Signed-off-by: Rick Edgecombe <rick.p.edgecombe@intel.com> --- drivers/net/hyperv/netvsc.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-)