From: Yousef Alhouseen <[email protected]> Sent: Wednesday, June 24, 2026 10:57 AM > Subject: [PATCH] hyperv: mshv: zero VTL hypercall input page >
Same comment here about the patch "Subject:" prefix. > mshv_vtl_hvcall_call() copies only the user-provided input size. > > It then passes the page to hv_do_hypercall(). > > For short inputs, stale bytes can remain in the bounce page. > > Those bytes can be consumed by the hypervisor. It's unclear to me that there's really a problem here. In a CoCo VM, the host hypervisor isn't trusted, so hypercall sites must be careful to only expose intended data in the hypercall input and output pages. But this code already doesn't support CoCo VMs, as noted in the comment. So in the supported scenario, the hypervisor has access to all of guest memory. Passing stale bytes to the hypervisor vs. passing zeros really wouldn't matter. And user space can already pass stale/garbage bytes to the hypervisor if it wants to. This code doesn't try to validate the input data for whatever hypercall user space is requesting to be made. When support for CoCo VMs is added, this code will indeed need to make sure not to allow garbage kernel data in the hypercall input or output pages. But decrypting the pages so the hypervisor can access them should take care of that issue. Michael > > Allocate the input page zeroed, matching the output page. > > Signed-off-by: Yousef Alhouseen <[email protected]> > --- > drivers/hv/mshv_vtl_main.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/hv/mshv_vtl_main.c b/drivers/hv/mshv_vtl_main.c > index 0365d207c..f2633148c 100644 > --- a/drivers/hv/mshv_vtl_main.c > +++ b/drivers/hv/mshv_vtl_main.c > @@ -1146,7 +1146,7 @@ static int mshv_vtl_hvcall_call(struct > mshv_vtl_hvcall_fd *fd, > * > * TODO: Take care of this when CVM support is added. > */ > - in = (void *)__get_free_page(GFP_KERNEL); > + in = (void *)__get_free_page(GFP_KERNEL | __GFP_ZERO); > out = (void *)__get_free_page(GFP_KERNEL | __GFP_ZERO); > if (!in || !out) { > ret = -ENOMEM; > -- > 2.54.0 >
