[PATCH][v2] virt: tdx-guest: Don't free decrypted memory

From: Li RongQing
Date: Fri Jun 14 2024 - 01:15:08 EST

Next message: Vignesh Raghavendra: "Re: [PATCH v4 0/4] Add PCIe DT support for TI's J784S4-EVM and AM69-SK"
Previous message: CK Hu (胡俊光): "Re: [PATCH v9 15/21] drm/mediatek: Support "None" blending in Mixer"
Next in thread: Edgecombe, Rick P: "Re: [PATCH][v2] virt: tdx-guest: Don't free decrypted memory"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

In CoCo VMs it is possible for the untrusted host to cause
set_memory_decrypted() to fail such that an error is returned
and the resulting memory is shared. Callers need to take care
to handle these errors to avoid returning decrypted (shared)
memory to the page allocator, which could lead to functional
or security issues.

So when set_memory_decrypted fails, leak decrypted memory, and
print an error message

Signed-off-by: Li RongQing <lirongqing@xxxxxxxxx>
---
diff with v1: leak the page, and print error

drivers/virt/coco/tdx-guest/tdx-guest.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/virt/coco/tdx-guest/tdx-guest.c b/drivers/virt/coco/tdx-guest/tdx-guest.c
index 1253bf7..3a6e76c8 100644
--- a/drivers/virt/coco/tdx-guest/tdx-guest.c
+++ b/drivers/virt/coco/tdx-guest/tdx-guest.c
@@ -125,7 +125,7 @@ static void *alloc_quote_buf(void)
return NULL;

if (set_memory_decrypted((unsigned long)addr, count)) {
- free_pages_exact(addr, len);
+ pr_err("Failed to set Quote buffer decrypted, leak the buffer\n");
return NULL;
}

--
2.9.4

Next message: Vignesh Raghavendra: "Re: [PATCH v4 0/4] Add PCIe DT support for TI's J784S4-EVM and AM69-SK"
Previous message: CK Hu (胡俊光): "Re: [PATCH v9 15/21] drm/mediatek: Support "None" blending in Mixer"
Next in thread: Edgecombe, Rick P: "Re: [PATCH][v2] virt: tdx-guest: Don't free decrypted memory"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]