Received: by 2002:ab2:710b:0:b0:1ef:a325:1205 with SMTP id z11csp519974lql; Mon, 11 Mar 2024 09:17:20 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCU09t8K0r5T6P/D98LD+xICTovaJoBlk797rRFdf9sddEoNrhI7fOZ4n0VVX+ol19MdghhRJnaVHLXCO0KILpQYU9Xl5GfiaiZ3YUxBbA== X-Google-Smtp-Source: AGHT+IHYXww0oNwHrtaaXC94rjgHECsdA1Phgjk+o+U2XTBngtPUqqYcJxbI16E5WeBMNO3m3NFz X-Received: by 2002:a17:902:ecc6:b0:1dd:76f0:4450 with SMTP id a6-20020a170902ecc600b001dd76f04450mr9744344plh.8.1710173840127; Mon, 11 Mar 2024 09:17:20 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1710173840; cv=pass; d=google.com; s=arc-20160816; b=zxdWh0nVaO+O6x7eYn3jwgLsLbbexzKrDN7yjfwfr14/+MX+mZOydL/cjnPJH5u37H ALeGFxo4X3bPwelw9D7czi+7xEYC//hPigmrTH2caB6lXVH7FXOx6AUQujsHbcf4gQ72 5WwR9numO/o+k7Xgf+C9UQBdZfrdqRQlXF2Hjca1oMPdXb5NUh1tYCU0abrlDRPwSPe2 T5vdcSbLHWJz02DG86xYthYXS6TFT237nrpoHhFIyeAxkrWz6XqHXuZ41gCBWTv28Zdp ZYTV2PPox6GySuQO2UOco1b0ZnL47ZcsTi9V1TG6hAyCT8kGWYdO6T587N72Kj7kY4Vg 55+A== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:reply-to:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=kId0KpnR3Bb1OkqKYK5w5Z53gK8zkbuePvbtyjE183w=; fh=HfzYJNAMQZWqtdI5FvoPyBfRp6pJ0x0THTNAdhaNC/w=; b=F6tJsQLK0O2VqmHbgUKHMIMIhnbINp62BZlW3fkGvT/DPmSM2upfmLCQ6yjeGYIp2A MRZNF6GL0dllR0ilBvntGy6LNYAlH3SA8cYjuH2cDKsi+mM7SMW7zJHglGj63AXIDfbg 8rFYrKcZPP8aa18HQFayVgdZ5ZjscVGptCkTAU2NhOFQYljM0FU3V/V35XOyPkDTEvVd I8cX9AC+1+sNjq8UWB9dhRHb3xQwzqrLKAmSXmBPleLhK4euNxnwIk5GKRP+kBxRqTA3 vlgp9Y7d1+mR/2FFumGB6YzkaUZubUQAIDrGJ1s2n1r1eGeB+RujQd4ulJclLfONBWtd Rh7A==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=IZctwDME; arc=pass (i=1 spf=pass spfdomain=gmail.com dkim=pass dkdomain=gmail.com dmarc=pass fromdomain=gmail.com); spf=pass (google.com: domain of linux-kernel+bounces-99200-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-99200-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [139.178.88.99]) by mx.google.com with ESMTPS id i7-20020a170902c94700b001dd8b3a397esi3821818pla.55.2024.03.11.09.17.19 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 11 Mar 2024 09:17:20 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-99200-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) client-ip=139.178.88.99; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=IZctwDME; arc=pass (i=1 spf=pass spfdomain=gmail.com dkim=pass dkdomain=gmail.com dmarc=pass fromdomain=gmail.com); spf=pass (google.com: domain of linux-kernel+bounces-99200-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-99200-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id C629528469C for ; Mon, 11 Mar 2024 16:17:19 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 87D624E1CA; Mon, 11 Mar 2024 16:16:31 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="IZctwDME" Received: from mail-pf1-f174.google.com (mail-pf1-f174.google.com [209.85.210.174]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D6561482F6; Mon, 11 Mar 2024 16:16:28 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.174 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710173790; cv=none; b=lL4jE6/6A5ORoWFEpHq2cfNcz2CJd9Nzwk7rNXpgHkIntf14Ls4x5xSUH3oWzpeFqkyOTGPr2BankSgwSACvh2zbMwGnwiAwPZjbqPqY6bQ2im407+BYLnpEqAmvMJRcM+JeQnJzznpLipUwQVSyyQplEzshBBkR3ZgpzUCs2zk= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710173790; c=relaxed/simple; bh=+2KIvQZzubEuGFm8VhvXKT8vwofQa29dh7mcoeFR1GM=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=DDXIzi9wnvpQq4U+VNKtBFthDWmQ2VXuCpP27+1HPm6Y0LegoJiczs3MT3KN84a1nh6yryoC58q/Iuft3uwsMT4NngkkyBTsuXht5V1cXUqjWlh1gq5N/xpld6earjaKyyHZ/EnFKs2FttAU4y+cUwGiehnS6bHyMwGAmvPTRfU= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=IZctwDME; arc=none smtp.client-ip=209.85.210.174 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Received: by mail-pf1-f174.google.com with SMTP id d2e1a72fcca58-6da202aa138so2910015b3a.2; Mon, 11 Mar 2024 09:16:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1710173788; x=1710778588; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:reply-to:references :in-reply-to:message-id:date:subject:cc:to:from:from:to:cc:subject :date:message-id:reply-to; bh=kId0KpnR3Bb1OkqKYK5w5Z53gK8zkbuePvbtyjE183w=; b=IZctwDMElFynF6ZzvF1tlJtCgi0BarWW0TnQvRjKa6Ju2H0ObP5+4uCf0uNS5jTQVP +Ajue+hCdc29GaXunurtZxqIgWjxyQWZqxOnetxGO0obce6DPcgUTHHI8jau66TU4eYZ +1Vy0qj0+IYXwV+lDwdIS4sPHzIxiNlh/socppc1mcxcdBhPyzOsynslelSwPeWLy/cg j0c77Z3NFrHUH8JPmZeGDS7R/g/z/QRIZQg+9+hLnX6a0FQE4FrS7NXE03b+tj7bBjly XMtAXrpL1crhO/pAg/BS70/kRoDEP55Xh8CKMYcC2ivQgAbb46XN2hqjvj/48HG1oSVY eSKw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1710173788; x=1710778588; h=content-transfer-encoding:mime-version:reply-to:references :in-reply-to:message-id:date:subject:cc:to:from:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=kId0KpnR3Bb1OkqKYK5w5Z53gK8zkbuePvbtyjE183w=; b=Ct8QPCtfnATIcBCQQoaaaGJJDenuNDuxwUxfBvnBgWnTG+xO6EOa0T9HImrNcxlm9e I7VsI8eCJSxdMRowrgS3FDYlSMNWwVnk50PxjSBuDO9KmQ0jHVsl3Yqsgp29F1r91KyX 6j8LaSGE5+RExS7+DdCYF3/YKJjqHD/vGD0R8jvbtgr6UG/PwL4/YXFyYpYIL/52tDoF CeyJqQoTZwtscCoYRdMg0FFEMPidW7F2BRXL9TbSqm025U0a68Jlh++teSxmPvHK69BE wWshzewckUeH0j2XOwwYflR3MW3KkiNjHedLbpUFVRx8ECCtKKueP2lKQChYzSwm7hUT NH8w== X-Forwarded-Encrypted: i=1; AJvYcCXj8DLxf1el++z7TwkFf2QjTGRqIWZi8ZLwarDw4dqlaJmmC2kywK+YhF2U8TNln+ECybXL/6/jUaTmkoK9JmOR+CoS4igJ1/FWY0/VheEyNG0ya/82ft0Q4gn8N36EwNzhSx1gIKo27uT3dD0ul97QtJKUM3m8aDeLOKqWL6DgY7ps X-Gm-Message-State: AOJu0YzZZIZ7p9x+8iANGwQUb6epdfqu23I15qc5oy4Ub90qr9+FFzjL CJwggD43r7CJ6niECUmVYlBH4m3UUDJXo5qoNIPhAP3OoXMnNd+U X-Received: by 2002:a05:6a20:3d01:b0:1a3:1129:9b2 with SMTP id y1-20020a056a203d0100b001a3112909b2mr6139316pzi.46.1710173788046; Mon, 11 Mar 2024 09:16:28 -0700 (PDT) Received: from localhost.localdomain (c-73-254-87-52.hsd1.wa.comcast.net. [73.254.87.52]) by smtp.gmail.com with ESMTPSA id m22-20020a056a00081600b006e52ce4ee2fsm4576325pfk.20.2024.03.11.09.16.27 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 11 Mar 2024 09:16:27 -0700 (PDT) From: mhkelley58@gmail.com X-Google-Original-From: mhklinux@outlook.com To: rick.p.edgecombe@intel.com, kys@microsoft.com, haiyangz@microsoft.com, wei.liu@kernel.org, decui@microsoft.com, gregkh@linuxfoundation.org, davem@davemloft.net, edumazet@google.com, kuba@kernel.org, pabeni@redhat.com, kirill.shutemov@linux.intel.com, dave.hansen@linux.intel.com, linux-kernel@vger.kernel.org, linux-hyperv@vger.kernel.org, netdev@vger.kernel.org, linux-coco@lists.linux.dev Cc: sathyanarayanan.kuppuswamy@linux.intel.com, elena.reshetova@intel.com Subject: [PATCH v2 3/5] hv_netvsc: Don't free decrypted memory Date: Mon, 11 Mar 2024 09:15:56 -0700 Message-Id: <20240311161558.1310-4-mhklinux@outlook.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240311161558.1310-1-mhklinux@outlook.com> References: <20240311161558.1310-1-mhklinux@outlook.com> Reply-To: mhklinux@outlook.com Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit From: Rick Edgecombe In CoCo VMs it is possible for the untrusted host to cause set_memory_encrypted() or set_memory_decrypted() to fail such that an error is returned and the resulting memory is shared. Callers need to take care to handle these errors to avoid returning decrypted (shared) memory to the page allocator, which could lead to functional or security issues. The netvsc driver could free decrypted/shared pages if set_memory_decrypted() fails. Check the decrypted field in the gpadl to decide whether to free the memory. Signed-off-by: Rick Edgecombe Signed-off-by: Michael Kelley --- drivers/net/hyperv/netvsc.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/drivers/net/hyperv/netvsc.c b/drivers/net/hyperv/netvsc.c index 82e9796c8f5e..70b7f91fb96b 100644 --- a/drivers/net/hyperv/netvsc.c +++ b/drivers/net/hyperv/netvsc.c @@ -154,8 +154,11 @@ static void free_netvsc_device(struct rcu_head *head) int i; kfree(nvdev->extension); - vfree(nvdev->recv_buf); - vfree(nvdev->send_buf); + + if (!nvdev->recv_buf_gpadl_handle.decrypted) + vfree(nvdev->recv_buf); + if (!nvdev->send_buf_gpadl_handle.decrypted) + vfree(nvdev->send_buf); bitmap_free(nvdev->send_section_map); for (i = 0; i < VRSS_CHANNEL_MAX; i++) { -- 2.25.1