From: "Nikunj A. Dadhania" <nikunj@amd.com>
To: Borislav Petkov <bp@alien8.de>
Cc: linux-kernel@vger.kernel.org, thomas.lendacky@amd.com,
x86@kernel.org, kvm@vger.kernel.org, mingo@redhat.com,
tglx@linutronix.de, dave.hansen@linux.intel.com,
pgonda@google.com, seanjc@google.com, pbonzini@redhat.com
Subject: Re: [PATCH v14 03/13] x86/sev: Add Secure TSC support for SNP guests
Date: Mon, 11 Nov 2024 16:53:30 +0530 [thread overview]
Message-ID: <df1da11b-6413-8198-1bb0-587212942dbc@amd.com> (raw)
In-Reply-To: <20241111105152.GBZzHhyL4EkqJ5z84X@fat_crate.local>
On 11/11/2024 4:21 PM, Borislav Petkov wrote:
> On Mon, Nov 11, 2024 at 02:16:00PM +0530, Nikunj A. Dadhania wrote:
>> That was the reason I had not implemented "free" counterpart.
>
> Then let's simplify this too because it is kinda silly right now:
When snp_msg_alloc() is called by the sev-guest driver, secrets will
be reinitialized and buffers will be re-allocated, leaking memory
allocated during snp_get_tsc_info()::snp_msg_alloc().
As you suggested, implementing a "free" counterpart will be better.
diff --git a/arch/x86/include/asm/sev.h b/arch/x86/include/asm/sev.h
index 8ecac0ca419b..12b167fd6475 100644
--- a/arch/x86/include/asm/sev.h
+++ b/arch/x86/include/asm/sev.h
@@ -488,14 +488,7 @@ static inline bool snp_is_vmpck_empty(struct snp_msg_desc *mdesc)
int snp_msg_init(struct snp_msg_desc *mdesc, int vmpck_id);
struct snp_msg_desc *snp_msg_alloc(void);
-
-static inline void snp_msg_cleanup(struct snp_msg_desc *mdesc)
-{
- mdesc->vmpck = NULL;
- mdesc->os_area_msg_seqno = NULL;
- kfree(mdesc->ctx);
-}
-
+void snp_msg_free(struct snp_msg_desc *mdesc);
int snp_send_guest_request(struct snp_msg_desc *mdesc, struct snp_guest_req *req,
struct snp_guest_request_ioctl *rio);
@@ -541,7 +534,7 @@ static inline void snp_kexec_begin(void) { }
static inline bool snp_is_vmpck_empty(struct snp_msg_desc *mdesc) { return false; }
static inline int snp_msg_init(struct snp_msg_desc *mdesc, int vmpck_id) { return -1; }
static inline struct snp_msg_desc *snp_msg_alloc(void) { return NULL; }
-static inline void snp_msg_cleanup(struct snp_msg_desc *mdesc) { }
+static inline void snp_msg_free(struct snp_msg_desc *mdesc) { }
static inline int snp_send_guest_request(struct snp_msg_desc *mdesc, struct snp_guest_req *req,
struct snp_guest_request_ioctl *rio) { return -ENODEV; }
static inline void __init snp_secure_tsc_prepare(void) { }
diff --git a/arch/x86/coco/sev/core.c b/arch/x86/coco/sev/core.c
index d40d4528c1eb..25fb8e79eb9b 100644
--- a/arch/x86/coco/sev/core.c
+++ b/arch/x86/coco/sev/core.c
@@ -96,8 +96,6 @@ static u64 sev_hv_features __ro_after_init;
/* Secrets page physical address from the CC blob */
static u64 secrets_pa __ro_after_init;
-static struct snp_msg_desc *snp_mdesc;
-
/* Secure TSC values read using TSC_INFO SNP Guest request */
static u64 snp_tsc_scale __ro_after_init;
static u64 snp_tsc_offset __ro_after_init;
@@ -2818,9 +2816,6 @@ struct snp_msg_desc *snp_msg_alloc(void)
BUILD_BUG_ON(sizeof(struct snp_guest_msg) > PAGE_SIZE);
- if (snp_mdesc)
- return snp_mdesc;
-
mdesc = kzalloc(sizeof(struct snp_msg_desc), GFP_KERNEL);
if (!mdesc)
return ERR_PTR(-ENOMEM);
@@ -2848,8 +2843,6 @@ struct snp_msg_desc *snp_msg_alloc(void)
mdesc->input.resp_gpa = __pa(mdesc->response);
mdesc->input.data_gpa = __pa(mdesc->certs_data);
- snp_mdesc = mdesc;
-
return mdesc;
e_free_response:
@@ -2858,11 +2851,29 @@ struct snp_msg_desc *snp_msg_alloc(void)
free_shared_pages(mdesc->request, sizeof(struct snp_guest_msg));
e_unmap:
iounmap((__force void __iomem *)mdesc->secrets);
+ kfree(mdesc);
return ERR_PTR(-ENOMEM);
}
EXPORT_SYMBOL_GPL(snp_msg_alloc);
+void snp_msg_free(struct snp_msg_desc *mdesc)
+{
+ if (!mdesc)
+ return;
+
+ mdesc->vmpck = NULL;
+ mdesc->os_area_msg_seqno = NULL;
+ kfree(mdesc->ctx);
+
+ free_shared_pages(mdesc->response, sizeof(struct snp_guest_msg));
+ free_shared_pages(mdesc->request, sizeof(struct snp_guest_msg));
+ iounmap((__force void __iomem *)mdesc->secrets);
+
+ kfree(mdesc);
+}
+EXPORT_SYMBOL_GPL(snp_msg_free);
+
/* Mutex to serialize the shared buffer access and command handling. */
static DEFINE_MUTEX(snp_cmd_mutex);
@@ -3179,8 +3190,10 @@ static int __init snp_get_tsc_info(void)
return rc;
tsc_req = kzalloc(sizeof(struct snp_tsc_info_req), GFP_KERNEL);
- if (!tsc_req)
- return -ENOMEM;
+ if (!tsc_req) {
+ rc = -ENOMEM;
+ goto e_free_mdesc;
+ }
memset(&req, 0, sizeof(req));
memset(&rio, 0, sizeof(rio));
@@ -3197,7 +3210,7 @@ static int __init snp_get_tsc_info(void)
rc = snp_send_guest_request(mdesc, &req, &rio);
if (rc)
- goto err_req;
+ goto e_request;
memcpy(&tsc_resp, buf, sizeof(tsc_resp));
pr_debug("%s: response status %x scale %llx offset %llx factor %x\n",
@@ -3212,11 +3225,14 @@ static int __init snp_get_tsc_info(void)
rc = -EIO;
}
-err_req:
+e_request:
/* The response buffer contains the sensitive data, explicitly clear it. */
memzero_explicit(buf, sizeof(buf));
memzero_explicit(&tsc_resp, sizeof(tsc_resp));
+e_free_mdesc:
+ snp_msg_free(mdesc);
+
return rc;
}
diff --git a/drivers/virt/coco/sev-guest/sev-guest.c b/drivers/virt/coco/sev-guest/sev-guest.c
index d64efc489686..084ea9499e75 100644
--- a/drivers/virt/coco/sev-guest/sev-guest.c
+++ b/drivers/virt/coco/sev-guest/sev-guest.c
@@ -647,7 +647,7 @@ static int __init sev_guest_probe(struct platform_device *pdev)
return 0;
e_msg_init:
- snp_msg_cleanup(mdesc);
+ snp_msg_free(mdesc);
return ret;
}
@@ -656,7 +656,7 @@ static void __exit sev_guest_remove(struct platform_device *pdev)
{
struct snp_guest_dev *snp_dev = platform_get_drvdata(pdev);
- snp_msg_cleanup(snp_dev->msg_desc);
+ snp_msg_free(snp_dev->msg_desc);
misc_deregister(&snp_dev->misc);
}
next prev parent reply other threads:[~2024-11-11 11:23 UTC|newest]
Thread overview: 49+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-10-28 5:34 [PATCH v14 00/13] Add Secure TSC support for SNP guests Nikunj A Dadhania
2024-10-28 5:34 ` [PATCH v14 01/13] x86/sev: Carve out and export SNP guest messaging init routines Nikunj A Dadhania
2024-10-29 17:43 ` Borislav Petkov
2024-10-30 4:44 ` Nikunj A. Dadhania
2024-10-30 10:10 ` Borislav Petkov
2024-10-28 5:34 ` [PATCH v14 02/13] x86/sev: Relocate SNP guest messaging routines to common code Nikunj A Dadhania
2024-10-28 5:34 ` [PATCH v14 03/13] x86/sev: Add Secure TSC support for SNP guests Nikunj A Dadhania
2024-10-29 8:41 ` Xiaoyao Li
2024-10-29 8:46 ` Nikunj A. Dadhania
2024-10-29 9:19 ` Xiaoyao Li
2024-10-29 14:27 ` Borislav Petkov
2024-10-29 14:34 ` Tom Lendacky
2024-10-29 14:49 ` Borislav Petkov
2024-10-29 14:50 ` Xiaoyao Li
2024-10-29 15:03 ` Borislav Petkov
2024-10-29 15:14 ` Xiaoyao Li
2024-10-29 15:57 ` Borislav Petkov
2024-10-29 16:50 ` Dave Hansen
2024-10-29 17:05 ` Borislav Petkov
2024-10-30 11:55 ` Nikunj A. Dadhania
2024-11-01 16:00 ` Borislav Petkov
2024-11-11 7:03 ` Nikunj A. Dadhania
2024-11-11 8:46 ` Nikunj A. Dadhania
2024-11-11 10:51 ` Borislav Petkov
2024-11-11 11:23 ` Nikunj A. Dadhania [this message]
2024-11-11 11:30 ` Borislav Petkov
2024-11-11 11:44 ` Nikunj A. Dadhania
2024-11-11 13:42 ` Borislav Petkov
2024-11-12 8:43 ` Nikunj A. Dadhania
2024-11-11 10:34 ` Borislav Petkov
2024-10-28 5:34 ` [PATCH v14 04/13] x86/sev: Change TSC MSR behavior for Secure TSC enabled guests Nikunj A Dadhania
2024-11-01 16:40 ` Borislav Petkov
2024-11-11 7:06 ` Nikunj A. Dadhania
2024-10-28 5:34 ` [PATCH v14 05/13] x86/sev: Prevent RDTSC/RDTSCP interception " Nikunj A Dadhania
2024-11-11 15:53 ` Borislav Petkov
2024-11-11 16:39 ` Nikunj A. Dadhania
2024-11-11 17:03 ` Borislav Petkov
2024-10-28 5:34 ` [PATCH v14 06/13] x86/sev: Prevent GUEST_TSC_FREQ MSR " Nikunj A Dadhania
2024-10-28 5:34 ` [PATCH v14 07/13] x86/sev: Mark Secure TSC as reliable clocksource Nikunj A Dadhania
2024-10-28 5:34 ` [PATCH v14 08/13] x86/cpu/amd: Do not print FW_BUG for Secure TSC Nikunj A Dadhania
2024-10-28 5:34 ` [PATCH v14 09/13] tsc: Use the GUEST_TSC_FREQ MSR for discovering TSC frequency Nikunj A Dadhania
2024-10-29 3:02 ` Xiaoyao Li
2024-10-29 3:56 ` Nikunj A. Dadhania
2024-10-29 9:15 ` Xiaoyao Li
2024-10-29 9:36 ` Nikunj A. Dadhania
2024-10-28 5:34 ` [PATCH v14 10/13] tsc: Upgrade TSC clocksource rating Nikunj A Dadhania
2024-10-28 5:34 ` [PATCH v14 11/13] tsc: Switch to native sched clock Nikunj A Dadhania
2024-10-28 5:34 ` [PATCH v14 12/13] x86/kvmclock: Abort SecureTSC enabled guest when kvmclock is selected Nikunj A Dadhania
2024-10-28 5:34 ` [PATCH v14 13/13] x86/sev: Allow Secure TSC feature for SNP guests Nikunj A Dadhania
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=df1da11b-6413-8198-1bb0-587212942dbc@amd.com \
--to=nikunj@amd.com \
--cc=bp@alien8.de \
--cc=dave.hansen@linux.intel.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=pbonzini@redhat.com \
--cc=pgonda@google.com \
--cc=seanjc@google.com \
--cc=tglx@linutronix.de \
--cc=thomas.lendacky@amd.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.