Received: by 2002:ab2:710b:0:b0:1ef:a325:1205 with SMTP id z11csp520359lql; Mon, 11 Mar 2024 09:17:57 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCV3l858o8jgpRIkwqLcBQS7xHobPCj+kMP5JsnVyvH9ctfbbx7eazNuEbELZw5WFvl/MZUXMN9BaIsxApMBrXR+VZlLOXn3MrGpUPtciQ== X-Google-Smtp-Source: AGHT+IErS/9N8Mger5VIyzQ4t9hzqGlt6sJVwV8w8WisxIxcGQZ9Stt23x8qq/F19491/xVKwTca X-Received: by 2002:a17:902:d2c6:b0:1dd:8cab:21bf with SMTP id n6-20020a170902d2c600b001dd8cab21bfmr5104042plc.13.1710173876806; Mon, 11 Mar 2024 09:17:56 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1710173876; cv=pass; d=google.com; s=arc-20160816; b=MbqyiVmTVxBu9tuMV7Nm+d1McW+Hdz9EMjnuMvQl8xAtaK2HCWfjXZxhK6Ghb31Tna uzw+0sTI1uwPj7HuCDnxFjCMZ4caDSccpzCVWlzxELMD8jnFSS15hHZRfRDLiOWITrQk I8icvuZ7mlH37WsGtvUnLfE5YNggRhTEW9/MDlvkbrE64EI18TCqEKBSJ4Csh07Q452n c1V8VcQFSH/m0mbL25I6QFik84tNVgRo0AuOj1AwexmWCx3ZzkJfTJp8MBa9Df6otsMH SyOATTkGwgZE9CbZff2oP+HRAIYyVK9HDBV+6cXF3P+f0OJ0aYylxiajxun1XGFfCw0B E6Vw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:reply-to:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=Wigfq/6aRq72xOj/aIlxvJ6fFfc6HnyBCglftePM4e4=; fh=mkB91BR50+KkD1g1Lr9/j3EgmjKWhqv7bTKWh2s8KkA=; b=S6zbJUY0+kk5DwFUN7rwrMmciVk2eMTTSo/3y3qz149zucZEAw4JJBvLumpUup7U1b 0rbvuFn9g/qmxUp6BRVDGB7p+Ri1pakN4Ti/FiW763TZ8uqt3Es8Uo9lT0k//WfjIqKz oCyXHDL/t9xkoEkUxUDVGqXKILDRq82s4XlOl9q+mdns4QkWUicJz8JJWUY2okUeoo0b h31kMreI3J9lSkdf24xFYOwJ2yEYjnQpX1XiJe0xVeh3u2kgjuGddF5F02q5Nd6pHuwH YsjaeFV8bGjp1tw884RhEejEzuY0VCyrR1LOoY+o6sOt4abFKRYheauu9ULKUi0j56wd K18g==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=Vkbp4KIk; arc=pass (i=1 spf=pass spfdomain=gmail.com dkim=pass dkdomain=gmail.com dmarc=pass fromdomain=gmail.com); spf=pass (google.com: domain of linux-kernel+bounces-99202-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-99202-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [2604:1380:45e3:2400::1]) by mx.google.com with ESMTPS id ix3-20020a170902f80300b001dc8e1375ecsi5010013plb.92.2024.03.11.09.17.56 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 11 Mar 2024 09:17:56 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-99202-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) client-ip=2604:1380:45e3:2400::1; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=Vkbp4KIk; arc=pass (i=1 spf=pass spfdomain=gmail.com dkim=pass dkdomain=gmail.com dmarc=pass fromdomain=gmail.com); spf=pass (google.com: domain of linux-kernel+bounces-99202-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-99202-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id 78EEC282285 for ; Mon, 11 Mar 2024 16:17:56 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 16E7352F72; Mon, 11 Mar 2024 16:16:33 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="Vkbp4KIk" Received: from mail-pf1-f179.google.com (mail-pf1-f179.google.com [209.85.210.179]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 81F073AC01; Mon, 11 Mar 2024 16:16:30 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.179 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710173792; cv=none; b=PRe+bg422+GbOin8bSBzX7AphefWK6naJpVUnbo/btwhYifwQuVFFBL9qAJQH3TjE1XFNUzz0n9041JeVl5YFtCWaOm8gyX7ocnLge/pYhJq6n7+DtZTCGHnGhLwRMU6AALThOUf1JXRh8b5Waohy5U2aRRnDCA5Pqx3N5emIxc= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710173792; c=relaxed/simple; bh=NygHFgsfK9/f07Xn51o7Jdn2t0u6vgatLn5MNtO4zD8=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=CPky9wFWTPMyZJBSmu+vNeyf+Jd1tN1+uZvXj/uwn9xANNek9aXkGytLIjNDm8+iTuYUMau129JHSvDfnm8tnIkSYh2Eicb/5GbkpD6XEQqx/qF1/jJTM2dgg2+GJoSQxOFftN0yJ/HorlFBfhn0lsJzSkFENr8L1lfFW9F4G8U= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=Vkbp4KIk; arc=none smtp.client-ip=209.85.210.179 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Received: by mail-pf1-f179.google.com with SMTP id d2e1a72fcca58-6e5c0be115aso2957299b3a.3; Mon, 11 Mar 2024 09:16:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1710173790; x=1710778590; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:reply-to:references :in-reply-to:message-id:date:subject:cc:to:from:from:to:cc:subject :date:message-id:reply-to; bh=Wigfq/6aRq72xOj/aIlxvJ6fFfc6HnyBCglftePM4e4=; b=Vkbp4KIkBADE3+iAjfcgU4BTgvmKzl4WPEixmExZlMIo9VncixUW9ApacJCeiHnmyX Wqqju846KUQ7zlWTb5OdmWDm6Q6kIee9E78WCXj2m8aoWIm0rgtWRANx55x9jag0z8lv Gjip16FD6UkBC1iavnE9v2Jt55auExDhCC8oMuS4z7A5DdsngN/54MBfCFdY6hb8b6Bf 1Aby54HmxHeaAJfhnXHQVpHVYCldNNR0GOAUF261iIBEI6p1jF9+PTJa3HC/9XGhQneR XQGHncZyxVOyU50MQFcbiL/UgWQkuQ6XB3tfs8wKcd0kHD+bnxkX8tCbH/bOKR1NhPWy 84+A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1710173790; x=1710778590; h=content-transfer-encoding:mime-version:reply-to:references :in-reply-to:message-id:date:subject:cc:to:from:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=Wigfq/6aRq72xOj/aIlxvJ6fFfc6HnyBCglftePM4e4=; b=W9G2ZE2NPikrO+dP+w3QKfEBi7jxLRRSLTIYSjQt2Tq1jNL/NGddFwefhDfoJQOf43 WrvrMbc/Gf1KQN2EeDzcYPJW6XpsXaJjQAIfteYvZwz5YUiIDukcwpC++0F14LF3eWFK X3bgftMOmaHEf6lBQtSIY6ymCa8cjRlYMJ5v2f9Y8DSj4XGxJM2ICjbcHyyCsMzdn18y 2IDVQaHGrGiclIl3SiZKdi19GG2Qkn0FgKlSQZCj/kp/zj82BlD/HTVfOywbHMg3bpQA FAarxh5o+ZY7oKiOkMeLANflHxTAbARmnWbzpjJ6A2IbXNWpkJwxCWlolLIyRwWYRWM6 M3BA== X-Forwarded-Encrypted: i=1; AJvYcCX3pOYpBSvagUfvjJ6pN+IL+JhqOynySDj2s8SHU96dtWyirBPyTDt1JXXYt9Tcmf8OLMWJb5oa3tdti0c1ECq7PJQ3pWxTbogwEcHmtd2mgYL98JwmflhIDYQJNqeQbKjL72J+rIA5A7znSp00rUE7+dWnVowfzjLt4I+xxKNmmjrj X-Gm-Message-State: AOJu0Yz6Awex5O/zcfxVneC12tjcjhLHCuW7sbtPdkHEd4Qu4ClOGf+M xjbmNXukf2ytXdJoDAZ32f+1K0ETsC3fhIrfQY/R5uPUXRwn4Epp X-Received: by 2002:a05:6a20:3d87:b0:1a1:4848:98af with SMTP id s7-20020a056a203d8700b001a1484898afmr5407838pzi.1.1710173789816; Mon, 11 Mar 2024 09:16:29 -0700 (PDT) Received: from localhost.localdomain (c-73-254-87-52.hsd1.wa.comcast.net. [73.254.87.52]) by smtp.gmail.com with ESMTPSA id m22-20020a056a00081600b006e52ce4ee2fsm4576325pfk.20.2024.03.11.09.16.29 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 11 Mar 2024 09:16:29 -0700 (PDT) From: mhkelley58@gmail.com X-Google-Original-From: mhklinux@outlook.com To: rick.p.edgecombe@intel.com, kys@microsoft.com, haiyangz@microsoft.com, wei.liu@kernel.org, decui@microsoft.com, gregkh@linuxfoundation.org, davem@davemloft.net, edumazet@google.com, kuba@kernel.org, pabeni@redhat.com, kirill.shutemov@linux.intel.com, dave.hansen@linux.intel.com, linux-kernel@vger.kernel.org, linux-hyperv@vger.kernel.org, netdev@vger.kernel.org, linux-coco@lists.linux.dev Cc: sathyanarayanan.kuppuswamy@linux.intel.com, elena.reshetova@intel.com Subject: [PATCH v2 5/5] Drivers: hv: vmbus: Don't free ring buffers that couldn't be re-encrypted Date: Mon, 11 Mar 2024 09:15:58 -0700 Message-Id: <20240311161558.1310-6-mhklinux@outlook.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240311161558.1310-1-mhklinux@outlook.com> References: <20240311161558.1310-1-mhklinux@outlook.com> Reply-To: mhklinux@outlook.com Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit From: Michael Kelley In CoCo VMs it is possible for the untrusted host to cause set_memory_encrypted() or set_memory_decrypted() to fail such that an error is returned and the resulting memory is shared. Callers need to take care to handle these errors to avoid returning decrypted (shared) memory to the page allocator, which could lead to functional or security issues. The VMBus ring buffer code could free decrypted/shared pages if set_memory_decrypted() fails. Check the decrypted field in the struct vmbus_gpadl for the ring buffers to decide whether to free the memory. Signed-off-by: Michael Kelley --- drivers/hv/channel.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/hv/channel.c b/drivers/hv/channel.c index bb5abdcda18f..47e1bd8de9fc 100644 --- a/drivers/hv/channel.c +++ b/drivers/hv/channel.c @@ -153,7 +153,9 @@ void vmbus_free_ring(struct vmbus_channel *channel) hv_ringbuffer_cleanup(&channel->inbound); if (channel->ringbuffer_page) { - __free_pages(channel->ringbuffer_page, + /* In a CoCo VM leak the memory if it didn't get re-encrypted */ + if (!channel->ringbuffer_gpadlhandle.decrypted) + __free_pages(channel->ringbuffer_page, get_order(channel->ringbuffer_pagecount << PAGE_SHIFT)); channel->ringbuffer_page = NULL; -- 2.25.1