| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 3 Sep 2021 15:20:24 +0000
From: Sean Christopherson <seanjc@...gle.com>
To: Jiang Jiasheng <jiasheng@...as.ac.cn>
Cc: pbonzini@...hat.com, vkuznets@...hat.com, wanpengli@...cent.com,
jmattson@...gle.com, joro@...tes.org, tglx@...utronix.de,
mingo@...hat.com, bp@...en8.de, x86@...nel.org, hpa@...or.com,
kvm@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 5/5] KVM: SVM: Potentially kvfree the ptr points to error
page
On Fri, Sep 03, 2021, Jiang Jiasheng wrote:
> Directly use the sev_unpin_memory() may cause kvfree()
> free the error page, for region->pages may point to the error page.
>
> Signed-off-by: Jiang Jiasheng <jiasheng@...as.ac.cn>
> ---
> arch/x86/kvm/svm/sev.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c
> index 8d36f0c..ee7d691 100644
> --- a/arch/x86/kvm/svm/sev.c
> +++ b/arch/x86/kvm/svm/sev.c
> @@ -1664,6 +1664,8 @@ find_enc_region(struct kvm *kvm, struct kvm_enc_region *range)
> static void __unregister_enc_region_locked(struct kvm *kvm,
> struct enc_region *region)
> {
> + if (IS_ERR(region->pages))
> + return;
This is completely bogus, __unregister_enc_region_locked() is only called with
@region coming directly from sev->regions_list, i.e. it would require KVM to put
an error pointer on the list. Aside from the fact that (a) KVM has the proper
error checking and (b) regions are allocated via kzalloc(), which uses NULL and
not ERR_PTR() to signal failure, it's impossible to add an error pointer to a
list because error pointers are not mapped.
Powered by blists - more mailing lists