[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <63a3e464f368b6103c637af384eb0b069eac3158.camel@intel.com>
Date: Wed, 27 Nov 2024 16:48:09 +0000
From: "Edgecombe, Rick P" <rick.p.edgecombe@...el.com>
To: "kirill.shutemov@...ux.intel.com" <kirill.shutemov@...ux.intel.com>,
"linux-coco@...ts.linux.dev" <linux-coco@...ts.linux.dev>, "Li, Rongqing"
<lirongqing@...du.com>, "linux-kernel@...r.kernel.org"
<linux-kernel@...r.kernel.org>, "dave.hansen@...ux.intel.com"
<dave.hansen@...ux.intel.com>, "x86@...nel.org" <x86@...nel.org>
Subject: Re: [PATCH][v4] virt: tdx-guest: Don't free decrypted memory
On Wed, 2024-06-19 at 19:18 +0800, Li RongQing wrote:
> In CoCo VMs it is possible for the untrusted host to cause
> set_memory_decrypted() to fail such that an error is returned
> and the resulting memory is shared. Callers need to take care
> to handle these errors to avoid returning decrypted (shared)
> memory to the page allocator, which could lead to functional
> or security issues.
>
> Leak the decrypted memory when set_memory_decrypted() fails,
> and don't need to print an error since set_memory_decrypted()
> will call WARN_ONCE().
>
> Reviewed-by: Rick Edgecombe <rick.p.edgecombe@...el.com>
> Reviewed-by: Kirill A. Shutemov <kirill.shutemov@...ux.intel.com>
> Signed-off-by: Li RongQing <lirongqing@...du.com>
It needs a Fixes tag.
Fixes: f4738f56d1dc ("virt: tdx-guest: Add Quote generation support using
TSM_REPORTS")
I think it is a worthwhile fix. Without it the guest can be tricked into freeing
shared pages, or trying to execute from them and crashing.
I'm not sure how we missed this case, but from the fixes commit date it may have
been in-flight somewhere when I was doing the treewide search.
Powered by blists - more mailing lists