| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <uggd72vugduczhkifii57aflkv4hxsija5iwyqvxdr24tbysus@nq4xx7putbxg> Date: Wed, 19 Jun 2024 13:37:48 +0300 From: "Kirill A. Shutemov" <kirill.shutemov@...ux.intel.com> To: Li RongQing <lirongqing@...du.com> Cc: dave.hansen@...ux.intel.com, x86@...nel.org, linux-coco@...ts.linux.dev, linux-kernel@...r.kernel.org, rick.p.edgecombe@...el.com Subject: Re: [PATCH][v3] virt: tdx-guest: Don't free decrypted memory On Wed, Jun 19, 2024 at 04:47:50PM +0800, Li RongQing wrote: > In CoCo VMs it is possible for the untrusted host to cause > set_memory_decrypted() to fail such that an error is returned > and the resulting memory is shared. Callers need to take care > to handle these errors to avoid returning decrypted (shared) > memory to the page allocator, which could lead to functional > or security issues. So leak the decrypted memory when > set_memory_decrypted fails, and don't need to print an error > since set_memory_decrypted will call WARN_ONCE. Add "()" for set_memory_decrypted() and WARN_ONCE(). And put the solution into a separate paragraph: s/ So leak/\n\nLeak/ > Reviewed-by: Rick Edgecombe <rick.p.edgecombe@...el.com> > Signed-off-by: Li RongQing <lirongqing@...du.com> Otherwise, looks good: Reviewed-by: Kirill A. Shutemov <kirill.shutemov@...ux.intel.com> -- Kiryl Shutsemau / Kirill A. Shutemov
Powered by blists - more mailing lists