Re: [PATCH][v4] virt: tdx-guest: Don't free decrypted memory

From: Dave Hansen
Date: Mon Dec 02 2024 - 13:47:59 EST

Next message: Bartosz Golaszewski: "[PATCH] interconnect: icc-clk: check return values of devm_kasprintf()"
Previous message: Ira Weiny: "Re: [PATCH v6] acpi: nfit: vmalloc-out-of-bounds Read in acpi_nfit_ctl"
Next in thread: Edgecombe, Rick P: "Re: [PATCH][v4] virt: tdx-guest: Don't free decrypted memory"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 11/27/24 08:48, Edgecombe, Rick P wrote:
> On Wed, 2024-06-19 at 19:18 +0800, Li RongQing wrote:
>> In CoCo VMs it is possible for the untrusted host to cause
>> set_memory_decrypted() to fail such that an error is returned
>> and the resulting memory is shared. Callers need to take care
>> to handle these errors to avoid returning decrypted (shared)
>> memory to the page allocator, which could lead to functional
>> or security issues.
>>
>> Leak the decrypted memory when set_memory_decrypted() fails,
>> and don't need to print an error since set_memory_decrypted()
>> will call WARN_ONCE().
>>
>> Reviewed-by: Rick Edgecombe <rick.p.edgecombe@xxxxxxxxx>
>> Reviewed-by: Kirill A. Shutemov <kirill.shutemov@xxxxxxxxxxxxxxx>
>> Signed-off-by: Li RongQing <lirongqing@xxxxxxxxx>
> It needs a Fixes tag.
> Fixes: f4738f56d1dc ("virt: tdx-guest: Add Quote generation support using
> TSM_REPORTS")
>
> I think it is a worthwhile fix. Without it the guest can be tricked into freeing
> shared pages, or trying to execute from them and crashing.

Does this need a "Fixes" and cc:stable@?

Next message: Bartosz Golaszewski: "[PATCH] interconnect: icc-clk: check return values of devm_kasprintf()"
Previous message: Ira Weiny: "Re: [PATCH v6] acpi: nfit: vmalloc-out-of-bounds Read in acpi_nfit_ctl"
Next in thread: Edgecombe, Rick P: "Re: [PATCH][v4] virt: tdx-guest: Don't free decrypted memory"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]