From: Rick Edgecombe <rick.p.edgecombe@xxxxxxxxx> Sent: Wednesday, February 21, 2024 6:10 PM > "Subject:" prefix should be hv_netvsc: > On TDX it is possible for the untrusted host to cause Same comment about TDX vs. CoCo VM. > set_memory_encrypted() or set_memory_decrypted() to fail such that an > error is returned and the resulting memory is shared. Callers need to take > care to handle these errors to avoid returning decrypted (shared) memory to > the page allocator, which could lead to functional or security issues. > > hv_nstvsc could free decrypted/shared pages if set_memory_decrypted() s/hv_nstvsc/hv_netvsc/ > fails. Check the decrypted field in the gpadl before freeing in order to > not leak the memory. > > Only compile tested. > > Cc: "K. Y. Srinivasan" <kys@xxxxxxxxxxxxx> > Cc: Haiyang Zhang <haiyangz@xxxxxxxxxxxxx> > Cc: Wei Liu <wei.liu@xxxxxxxxxx> > Cc: Dexuan Cui <decui@xxxxxxxxxxxxx> > Cc: linux-hyperv@xxxxxxxxxxxxxxx > Signed-off-by: Rick Edgecombe <rick.p.edgecombe@xxxxxxxxx> > --- > drivers/net/hyperv/netvsc.c | 7 +++++-- > 1 file changed, 5 insertions(+), 2 deletions(-) > > diff --git a/drivers/net/hyperv/netvsc.c b/drivers/net/hyperv/netvsc.c > index a6fcbda64ecc..2b6ec979a62f 100644 > --- a/drivers/net/hyperv/netvsc.c > +++ b/drivers/net/hyperv/netvsc.c > @@ -154,8 +154,11 @@ static void free_netvsc_device(struct rcu_head > *head) > int i; > > kfree(nvdev->extension); > - vfree(nvdev->recv_buf); > - vfree(nvdev->send_buf); > + > + if (!nvdev->recv_buf_gpadl_handle.decrypted) > + vfree(nvdev->recv_buf); > + if (!nvdev->send_buf_gpadl_handle.decrypted) > + vfree(nvdev->send_buf); > bitmap_free(nvdev->send_section_map); > > for (i = 0; i < VRSS_CHANNEL_MAX; i++) { > -- > 2.34.1