On 11/11/2024 5:00 PM, Borislav Petkov wrote:
> On Mon, Nov 11, 2024 at 04:53:30PM +0530, Nikunj A. Dadhania wrote:
>> When snp_msg_alloc() is called by the sev-guest driver, secrets will
>> be reinitialized and buffers will be re-allocated, leaking memory
>> allocated during snp_get_tsc_info()::snp_msg_alloc().
>
> Huh?
>
> How do you leak memory when you clear all buffers before that?!?
Memory allocated for the request, response and certs_data is not
freed and we will clear the mdesc when sev-guest driver calls
snp_msg_alloc().
Let me try again to explain what I mean:
snp_msg_alloc() will be called by snp_get_tsc_info() and later by
sev-guest driver.
snp_prepare_tsc()
->snp_get_tsc_info()
->snp_msg_alloc()
-> clears mdesc
->ioremaps secrets_pa
->request = alloc_shared_pages()
-> alloc_pages()
->response = alloc_shared_pages()
-> alloc_pages()
->certs_data = alloc_shared_pages()
-> alloc_pages()
sev-guest driver
sev_guest_probe()
->snp_msg_alloc()
->clears mdesc
->ioremaps secrets_pa
->request = alloc_shared_pages()
-> alloc_pages()
->response = alloc_shared_pages()
-> alloc_pages()
->certs_data = alloc_shared_pages()
-> alloc_pages()
request, response and certs_data are re-allocated. Am I missing something ?
Regards
Nikunj
