答复: [PATCH][v4] virt: tdx-guest: Don't free decrypted memory

From: Li,Rongqing
Date: Wed Nov 27 2024 - 01:25:48 EST



> > In CoCo VMs it is possible for the untrusted host to cause
> > set_memory_decrypted() to fail such that an error is returned and the
> > resulting memory is shared. Callers need to take care to handle these
> > errors to avoid returning decrypted (shared) memory to the page
> > allocator, which could lead to functional or security issues.
> >
> > Leak the decrypted memory when set_memory_decrypted() fails, and don't
> > need to print an error since set_memory_decrypted() will call WARN_ONCE().
> >
> > Reviewed-by: Rick Edgecombe <rick.p.edgecombe@xxxxxxxxx>
> > Reviewed-by: Kirill A. Shutemov <kirill.shutemov@xxxxxxxxxxxxxxx>
> > Signed-off-by: Li RongQing <lirongqing@xxxxxxxxx>
> > ---
>
>
> Ping



Ping