[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <468ea253c2b641dc826bce5e219ff0e6@baidu.com>
Date: Thu, 4 Jul 2024 01:00:44 +0000
From: "Li,Rongqing" <lirongqing@...du.com>
To: "kirill.shutemov@...ux.intel.com" <kirill.shutemov@...ux.intel.com>,
"dave.hansen@...ux.intel.com" <dave.hansen@...ux.intel.com>, "x86@...nel.org"
<x86@...nel.org>, "linux-coco@...ts.linux.dev" <linux-coco@...ts.linux.dev>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
"rick.p.edgecombe@...el.com" <rick.p.edgecombe@...el.com>
Subject: RE: [PATCH][v4] virt: tdx-guest: Don't free decrypted memory
> In CoCo VMs it is possible for the untrusted host to cause
> set_memory_decrypted() to fail such that an error is returned and the resulting
> memory is shared. Callers need to take care to handle these errors to avoid
> returning decrypted (shared) memory to the page allocator, which could lead to
> functional or security issues.
>
> Leak the decrypted memory when set_memory_decrypted() fails, and don't
> need to print an error since set_memory_decrypted() will call WARN_ONCE().
>
> Reviewed-by: Rick Edgecombe <rick.p.edgecombe@...el.com>
> Reviewed-by: Kirill A. Shutemov <kirill.shutemov@...ux.intel.com>
> Signed-off-by: Li RongQing <lirongqing@...du.com>
> ---
Ping
Thank
-LiRongQing
Powered by blists - more mailing lists