lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <SA1PR21MB13353917AEDF678F5D3204B4BF199@SA1PR21MB1335.namprd21.prod.outlook.com>
Date:   Sun, 4 Dec 2022 21:17:16 +0000
From:   Dexuan Cui <decui@...rosoft.com>
To:     "Michael Kelley (LINUX)" <mikelley@...rosoft.com>,
        KY Srinivasan <kys@...rosoft.com>,
        "martin.petersen@...cle.com" <martin.petersen@...cle.com>,
        Long Li <longli@...rosoft.com>,
        "wei.liu@...nel.org" <wei.liu@...nel.org>,
        "jejb@...ux.ibm.com" <jejb@...ux.ibm.com>,
        "linux-hyperv@...r.kernel.org" <linux-hyperv@...r.kernel.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        "linux-scsi@...r.kernel.org" <linux-scsi@...r.kernel.org>
Subject: RE: [PATCH 1/1] scsi: storvsc: Fix swiotlb bounce buffer leak in
 confidential VM

> From: Michael Kelley (LINUX) <mikelley@...rosoft.com>
> Sent: Sunday, December 4, 2022 11:53 AM
> 
> storvsc_queuecommand() maps the scatter/gather list using scsi_dma_map(),
> which in a confidential VM allocates swiotlb bounce buffers. If the
> I/O submission fails in storvsc_do_io(), the I/O is typically retried
> by higher level code, but the bounce buffer memory is never freed.
> The mostly like cause of I/O submission failure is a full VMBus
> channel ring buffer, which is not uncommon under high I/O loads.
> Eventually enough bounce buffer memory leaks that the confidential
> VM can't do any I/O. The same problem can arise in a non-confidential
> VM with kernel boot parameter swiotlb=force.
> 
> Fix this by doing scsi_dma_unmap() in the case of an I/O submission
> error, which frees the bounce buffer memory.
> 
> Fixes: 743b237c3a7b ("scsi: storvsc: Add Isolation VM support for storvsc
> driver")
> Signed-off-by: Michael Kelley <mikelley@...rosoft.com>
> ---

Reviewed-by: Dexuan Cui <decui@...rosoft.com>
Tested-by: Dexuan Cui <decui@...rosoft.com>

I hope this fix can be included in v6.1.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ