On Mon, Jun 27, 2022, Peter Gonda wrote: > Clear to the @pages array pointer in sev_unpin_memory to avoid leaving a > dangling pointer to invalid memory. > > Signed-off-by: Peter Gonda <pgonda@xxxxxxxxxx> > Cc: Greg Thelen <gthelen@xxxxxxxxxx> > Cc: Paolo Bonzini <pbonzini@xxxxxxxxxx> > Cc: Sean Christopherson <seanjc@xxxxxxxxxx> > Cc: Tom Lendacky <thomas.lendacky@xxxxxxx> > Cc: kvm@xxxxxxxxxxxxxxx > Cc: linux-kernel@xxxxxxxxxxxxxxx > --- > arch/x86/kvm/svm/sev.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c > index 309bcdb2f929..485ad86c01c6 100644 > --- a/arch/x86/kvm/svm/sev.c > +++ b/arch/x86/kvm/svm/sev.c > @@ -452,6 +452,7 @@ static void sev_unpin_memory(struct kvm *kvm, struct page **pages, > unpin_user_pages(pages, npages); > kvfree(pages); > sev->pages_locked -= npages; > + *pages = NULL; Would this have helped detect a real bug? I generally like cleaning up, but this leaves things in a somewhat inconsistent state, e.g. when unpinning a kvm_enc_region, pages will be NULL but npages will be non-zero. It's somewhat moot because the region is immediately freed in that case, but that begs the question of what real benefit this provides. sev_dbg_crypt() is the only flow where there's much danger of a use-after-free. > } > > static void sev_clflush_pages(struct page *pages[], unsigned long npages) > -- > 2.37.0.rc0.161.g10f37bed90-goog >