Re: [PATCH v14 03/13] x86/sev: Add Secure TSC support for SNP guests

From: Nikunj A. Dadhania
Date: Mon Nov 11 2024 - 06:44:47 EST




On 11/11/2024 5:00 PM, Borislav Petkov wrote:
> On Mon, Nov 11, 2024 at 04:53:30PM +0530, Nikunj A. Dadhania wrote:
>> When snp_msg_alloc() is called by the sev-guest driver, secrets will
>> be reinitialized and buffers will be re-allocated, leaking memory
>> allocated during snp_get_tsc_info()::snp_msg_alloc().
>
> Huh?
>
> How do you leak memory when you clear all buffers before that?!?

Memory allocated for the request, response and certs_data is not
freed and we will clear the mdesc when sev-guest driver calls
snp_msg_alloc().

Let me try again to explain what I mean:

snp_msg_alloc() will be called by snp_get_tsc_info() and later by
sev-guest driver.

snp_prepare_tsc()
->snp_get_tsc_info()
->snp_msg_alloc()
-> clears mdesc
->ioremaps secrets_pa
->request = alloc_shared_pages()
-> alloc_pages()
->response = alloc_shared_pages()
-> alloc_pages()
->certs_data = alloc_shared_pages()
-> alloc_pages()


sev-guest driver
sev_guest_probe()
->snp_msg_alloc()
->clears mdesc
->ioremaps secrets_pa
->request = alloc_shared_pages()
-> alloc_pages()
->response = alloc_shared_pages()
-> alloc_pages()
->certs_data = alloc_shared_pages()
-> alloc_pages()

request, response and certs_data are re-allocated. Am I missing something ?

Regards
Nikunj