RE: [PATCH][v4] virt: tdx-guest: Don't free decrypted memory

From: Li,Rongqing
Date: Wed Jul 03 2024 - 21:01:46 EST


> In CoCo VMs it is possible for the untrusted host to cause
> set_memory_decrypted() to fail such that an error is returned and the resulting
> memory is shared. Callers need to take care to handle these errors to avoid
> returning decrypted (shared) memory to the page allocator, which could lead to
> functional or security issues.
>
> Leak the decrypted memory when set_memory_decrypted() fails, and don't
> need to print an error since set_memory_decrypted() will call WARN_ONCE().
>
> Reviewed-by: Rick Edgecombe <rick.p.edgecombe@xxxxxxxxx>
> Reviewed-by: Kirill A. Shutemov <kirill.shutemov@xxxxxxxxxxxxxxx>
> Signed-off-by: Li RongQing <lirongqing@xxxxxxxxx>
> ---


Ping

Thank

-LiRongQing