Received: by 2002:a6b:500f:0:0:0:0:0 with SMTP id e15csp1845462iob;
        Thu, 19 May 2022 16:32:22 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJzg4Byin7AX0tRUGraa4W8NPFHY/gXhq3mwlt37MwbUKQFcndcawNUxlauMY8zk2YAvS9A1
X-Received: by 2002:a05:6a00:2186:b0:4f7:5544:1cc9 with SMTP id h6-20020a056a00218600b004f755441cc9mr7173179pfi.62.1653003141969;
        Thu, 19 May 2022 16:32:21 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1653003141; cv=none;
        d=google.com; s=arc-20160816;
        b=Erd7c1UsCRKMyQ51tEGnCFro9FOULEEHQH/Ko4bdZC+SHwyDGOhH84XkJtzZyM5NSc
         wKyRdaDGAcxD45me7e0ebdzG860uJC6wYy/ZqauA3r6BhuKmfrFfNHR8ZI3Ij8Uo4q+a
         SGZTm5FRpSmhz59ViLOVbq9Orw1UCSeMwnV6mneXzpNRKUMOC54HKqB2I5gVPyWQLt7b
         BCTkv3ydL3RXk/rCX7v6YLxWcjbc5jYCf+RSLxjWXtRRr/9YCtfG5o3coYoYmzNAHmay
         5CpnVtCIvwWo0Xiw1PX5Y68fs+C7BeenYuBIpxdf64hVWi9dUEnBbK/H32UC2/kmBgyl
         geQA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to
         :references:mime-version:dkim-signature;
        bh=21mvYV5KsNhLdpPcuH1GIlGrU0ZXZUibbxP2zX1vM6A=;
        b=E6i5NyB6vIe9KMP3h4nTmdjLG+7BulhARqV5/364QNFVwVWQJ+c4hWWZQCqDpUFmGz
         maakkgUsC5pCcXuCxegF5nCxcGXTYZ29K/cNAGkTlmoxgbVwIMok4Gptra3AZ5w7VMFo
         r7qDukJ/nlPmMiLjVezLhmF28gbYj+QdrFxp1OKPt8//PT2eSqfXHkGKnnMfk8qAiRD+
         soqa/jWoWSWq0vUzIux4hDOfU9vJr8Ke6brRRsfa2LJi0ZSrSHFYBqudxDDMb2N5BRuj
         Dq1UNYHGnWHVmSrEPpTkHCBUiOWCAJX/q9E0cyHN5dL0Ll0UcX+5vDm+ldi3opMMA9QB
         2DcQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@google.com header.s=20210112 header.b=n7z9pdTL;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id n2-20020a634002000000b003c6115ef99esi7620827pga.49.2022.05.19.16.32.10;
        Thu, 19 May 2022 16:32:21 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@google.com header.s=20210112 header.b=n7z9pdTL;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S242384AbiESRJE (ORCPT <rfc822;tarbal@gmail.com> + 99 others);
        Thu, 19 May 2022 13:09:04 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55374 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S242359AbiESRI7 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 19 May 2022 13:08:59 -0400
Received: from mail-lj1-x22f.google.com (mail-lj1-x22f.google.com [IPv6:2a00:1450:4864:20::22f])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 669589C2DA
        for <linux-kernel@vger.kernel.org>; Thu, 19 May 2022 10:08:58 -0700 (PDT)
Received: by mail-lj1-x22f.google.com with SMTP id g16so7000553lja.3
        for <linux-kernel@vger.kernel.org>; Thu, 19 May 2022 10:08:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20210112;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=21mvYV5KsNhLdpPcuH1GIlGrU0ZXZUibbxP2zX1vM6A=;
        b=n7z9pdTLw0VPyn2sJHa76u+47Fp2xaqLX6Kz0ujm6KegmVNUpVtZlMipOac9bgwEP2
         QXGr0cCwCzAOqvIYPQV85aa4Sz8KoOhDQZe6NitEg9/atZ+nDHIpRfUDb32PMhaVxNuF
         2/oJIuFAl9BsyDzdDZ9lYSfF4FNl++8+wo//Io1KaWEkNHs+hsWAx/+xMGKsav9FLyZx
         XczrNpN6Lld3vCqNQdaTkAOWo+1uOR0XmJs6uiNCV0aUwDlQLuj06IihBB/+fZ69EN+v
         HqzMyrFnwAC85q00F7wKhgKbODZyVNCrL+CfuPinTFbfcAV6jnJSLxKm0D6bl0g52txx
         2LfA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=21mvYV5KsNhLdpPcuH1GIlGrU0ZXZUibbxP2zX1vM6A=;
        b=UoERzdD7oCU9xxMSB+zUdVOvtCOLyK52/nDdY4mbz7T5awh4m+aYWA6/ckwOB/U3Cu
         cTByqE6h33O7hQ17/2QWNRG461RaqMdQ7OVPNDbWcwRMHi9tAxGQuvW914HEXEn/Evtl
         23vDnQnZhiDD1qX+cVYZMZ5+1MAULMSaSwUEMlnQpRk5OkTgLQeEzSo0uqRqkluaIIPQ
         qFcx3frdcIX3IO615Z1R1I7K3hJCgksjJ4htSvsKSdMmX8ccW+RWDwQpOdiei9hNfqq2
         xSwMngFaHfImC1etafjYYRBfLGaJDDDnzmSq1hNJnV75EKcrQ3n8XNWbVsf24J1+9Iqf
         w26Q==
X-Gm-Message-State: AOAM533iFZfCGSkp0wYANpJV/9eNC6oxReiHPb0wWTQI1zjEXy0vuCoy
        tinY7y+po/QsrHyQEjiyHiawrhpiwObKNHoQ2iyt0Q==
X-Received: by 2002:a2e:2e0f:0:b0:253:cc64:f47c with SMTP id
 u15-20020a2e2e0f000000b00253cc64f47cmr3301910lju.426.1652980136504; Thu, 19
 May 2022 10:08:56 -0700 (PDT)
MIME-Version: 1.0
References: <20220516154310.3685678-1-Ashish.Kalra@amd.com>
In-Reply-To: <20220516154310.3685678-1-Ashish.Kalra@amd.com>
From:   Peter Gonda <pgonda@google.com>
Date:   Thu, 19 May 2022 10:08:44 -0700
Message-ID: <CAMkAt6r8yaiL38AqZWpbe=UT_MAV8fuOSvPCLJBAsT9pisf2tg@mail.gmail.com>
Subject: Re: [PATCH v2] KVM: SVM: Use kzalloc for sev ioctl interfaces to
 prevent kernel memory leak.
To:     Ashish Kalra <Ashish.Kalra@amd.com>
Cc:     Paolo Bonzini <pbonzini@redhat.com>,
        Sean Christopherson <seanjc@google.com>,
        Thomas Gleixner <tglx@linutronix.de>,
        Ingo Molnar <mingo@redhat.com>,
        "H. Peter Anvin" <hpa@zytor.com>, Joerg Roedel <joro@8bytes.org>,
        "Lendacky, Thomas" <Thomas.Lendacky@amd.com>,
        Borislav Petkov <bp@alien8.de>,
        "the arch/x86 maintainers" <x86@kernel.org>,
        kvm list <kvm@vger.kernel.org>,
        LKML <linux-kernel@vger.kernel.org>,
        Andy Nguyen <theflow@google.com>,
        David Rientjes <rientjes@google.com>,
        John Allen <john.allen@amd.com>, stable@vger.kernel.org,
        Michael Roth <michael.roth@amd.com>
Content-Type: text/plain; charset="UTF-8"
X-Spam-Status: No, score=-17.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED,
        DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,
        ENV_AND_HDR_SPF_MATCH,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,
        T_SCC_BODY_TEXT_LINE,USER_IN_DEF_DKIM_WL,USER_IN_DEF_SPF_WL
        autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Mon, May 16, 2022 at 8:43 AM Ashish Kalra <Ashish.Kalra@amd.com> wrote:
>
> From: Ashish Kalra <ashish.kalra@amd.com>
>
> For some sev ioctl interfaces, the length parameter that is passed maybe
> less than or equal to SEV_FW_BLOB_MAX_SIZE, but larger than the data
> that PSP firmware returns. In this case, kmalloc will allocate memory
> that is the size of the input rather than the size of the data.
> Since PSP firmware doesn't fully overwrite the allocated buffer, these
> sev ioctl interface may return uninitialized kernel slab memory.
>
> Reported-by: Andy Nguyen <theflow@google.com>
> Suggested-by: David Rientjes <rientjes@google.com>
> Suggested-by: Peter Gonda <pgonda@google.com>
> Cc: kvm@vger.kernel.org
> Cc: stable@vger.kernel.org
> Cc: linux-kernel@vger.kernel.org
> Fixes: eaf78265a4ab3 ("KVM: SVM: Move SEV code to separate file")
> Fixes: 2c07ded06427d ("KVM: SVM: add support for SEV attestation command")
> Fixes: 4cfdd47d6d95a ("KVM: SVM: Add KVM_SEV SEND_START command")
> Fixes: d3d1af85e2c75 ("KVM: SVM: Add KVM_SEND_UPDATE_DATA command")
> Fixes: eba04b20e4861 ("KVM: x86: Account a variety of miscellaneous allocations")
> Signed-off-by: Ashish Kalra <ashish.kalra@amd.com>

Reviewed-by: Peter Gonda <pgonda@google.com>