* [PATCH 5/5] KVM: SVM: Potentially kvfree the ptr points to error page
@ 2021-09-03 9:39 Jiang Jiasheng
2021-09-03 15:20 ` Sean Christopherson
0 siblings, 1 reply; 2+ messages in thread
From: Jiang Jiasheng @ 2021-09-03 9:39 UTC (permalink / raw
To: pbonzini, seanjc, vkuznets, wanpengli, jmattson, joro, tglx,
mingo, bp, x86, hpa
Cc: kvm, linux-kernel, Jiang Jiasheng
Directly use the sev_unpin_memory() may cause kvfree()
free the error page, for region->pages may point to the error page.
Signed-off-by: Jiang Jiasheng <jiasheng@iscas.ac.cn>
---
arch/x86/kvm/svm/sev.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c
index 8d36f0c..ee7d691 100644
--- a/arch/x86/kvm/svm/sev.c
+++ b/arch/x86/kvm/svm/sev.c
@@ -1664,6 +1664,8 @@ find_enc_region(struct kvm *kvm, struct kvm_enc_region *range)
static void __unregister_enc_region_locked(struct kvm *kvm,
struct enc_region *region)
{
+ if (IS_ERR(region->pages))
+ return;
sev_unpin_memory(kvm, region->pages, region->npages);
list_del(®ion->list);
kfree(region);
--
2.7.4
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH 5/5] KVM: SVM: Potentially kvfree the ptr points to error page
2021-09-03 9:39 [PATCH 5/5] KVM: SVM: Potentially kvfree the ptr points to error page Jiang Jiasheng
@ 2021-09-03 15:20 ` Sean Christopherson
0 siblings, 0 replies; 2+ messages in thread
From: Sean Christopherson @ 2021-09-03 15:20 UTC (permalink / raw
To: Jiang Jiasheng
Cc: pbonzini, vkuznets, wanpengli, jmattson, joro, tglx, mingo, bp,
x86, hpa, kvm, linux-kernel
On Fri, Sep 03, 2021, Jiang Jiasheng wrote:
> Directly use the sev_unpin_memory() may cause kvfree()
> free the error page, for region->pages may point to the error page.
>
> Signed-off-by: Jiang Jiasheng <jiasheng@iscas.ac.cn>
> ---
> arch/x86/kvm/svm/sev.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c
> index 8d36f0c..ee7d691 100644
> --- a/arch/x86/kvm/svm/sev.c
> +++ b/arch/x86/kvm/svm/sev.c
> @@ -1664,6 +1664,8 @@ find_enc_region(struct kvm *kvm, struct kvm_enc_region *range)
> static void __unregister_enc_region_locked(struct kvm *kvm,
> struct enc_region *region)
> {
> + if (IS_ERR(region->pages))
> + return;
This is completely bogus, __unregister_enc_region_locked() is only called with
@region coming directly from sev->regions_list, i.e. it would require KVM to put
an error pointer on the list. Aside from the fact that (a) KVM has the proper
error checking and (b) regions are allocated via kzalloc(), which uses NULL and
not ERR_PTR() to signal failure, it's impossible to add an error pointer to a
list because error pointers are not mapped.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2021-09-03 15:20 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2021-09-03 9:39 [PATCH 5/5] KVM: SVM: Potentially kvfree the ptr points to error page Jiang Jiasheng
2021-09-03 15:20 ` Sean Christopherson
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).