[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20240614051452.14548-1-lirongqing@baidu.com>
Date: Fri, 14 Jun 2024 13:14:52 +0800
From: Li RongQing <lirongqing@...du.com>
To: kirill.shutemov@...ux.intel.com,
dave.hansen@...ux.intel.com,
x86@...nel.org,
linux-coco@...ts.linux.dev,
linux-kernel@...r.kernel.org,
rick.p.edgecombe@...el.com
Cc: Li RongQing <lirongqing@...du.com>
Subject: [PATCH][v2] virt: tdx-guest: Don't free decrypted memory
In CoCo VMs it is possible for the untrusted host to cause
set_memory_decrypted() to fail such that an error is returned
and the resulting memory is shared. Callers need to take care
to handle these errors to avoid returning decrypted (shared)
memory to the page allocator, which could lead to functional
or security issues.
So when set_memory_decrypted fails, leak decrypted memory, and
print an error message
Signed-off-by: Li RongQing <lirongqing@...du.com>
---
diff with v1: leak the page, and print error
drivers/virt/coco/tdx-guest/tdx-guest.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/virt/coco/tdx-guest/tdx-guest.c b/drivers/virt/coco/tdx-guest/tdx-guest.c
index 1253bf7..3a6e76c8 100644
--- a/drivers/virt/coco/tdx-guest/tdx-guest.c
+++ b/drivers/virt/coco/tdx-guest/tdx-guest.c
@@ -125,7 +125,7 @@ static void *alloc_quote_buf(void)
return NULL;
if (set_memory_decrypted((unsigned long)addr, count)) {
- free_pages_exact(addr, len);
+ pr_err("Failed to set Quote buffer decrypted, leak the buffer\n");
return NULL;
}
--
2.9.4
Powered by blists - more mailing lists