Received: by 2002:a89:413:0:b0:1fd:dba5:e537 with SMTP id m19csp589695lqs;
        Thu, 13 Jun 2024 22:15:13 -0700 (PDT)
X-Forwarded-Encrypted: i=3; AJvYcCVCHUC2zNG/VhRRvRh6i4Idjob6sU4hxhQaYFviNmcvflL/pNxmTuafFkxSAUAB1dPsYErEAYNuLwQAPbh3c5MxUN6Jab4YjisjkgqZCw==
X-Google-Smtp-Source: AGHT+IFIOUtOoVvDn4eEV81DG6gM+UxetXZ6Odk5698klLwoBOK4ze+RQXC63+6N1zuLzwUSkmQr
X-Received: by 2002:a17:90b:388:b0:2c4:af69:5c39 with SMTP id 98e67ed59e1d1-2c4db2405c6mr1804028a91.13.1718342113040;
        Thu, 13 Jun 2024 22:15:13 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1718342113; cv=pass;
        d=google.com; s=arc-20160816;
        b=Ry7RClls9KZpp1vx+SGzJXZGhevQMsLVHQKiTey43B9efVOFiZVSYSJtecW8VaHKyR
         SqxRcx045lSnTPkDWSDPL6LVc9+v4L0sNia7CamQTXeRVSQaW99EV7sI6mNl8GMYo09s
         Jgu4Q582U6UFp5YIfXCjrBjppgQ9x+1rCUsYwyFlQiFenCanJSNBkIHYA5iRR/G7XFXJ
         4Kf6DFbKArFiNcXIzmIsT3/2C65e0Tq8/RieXOQalLcGYiTSrE8HN0xoq+tzStSUdapX
         hDaRxm+HfTzC/5Uj2Q13NLkdyhpcEttf0bk/wmNy/bo9+xjEE7oNnc/MUkPtSLbWGxeG
         DGDA==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-unsubscribe:list-subscribe:list-id:precedence:message-id:date
         :subject:cc:to:from;
        bh=/GW/3Tk4vUmx3+HYT+AxXl6kdqmoz9UMc8NeIH4PELU=;
        fh=QEE2hBqVnEZx16bKokRwcOBQ08UfHr7DTePJgJMpsKY=;
        b=xPeUKQchzgkllgYLl61xQC5lRkCMjez3KznGY4pu37nx5khrwgDifjWrgSz+jL8/vs
         whlFgDzU8DRgnIW3tbs1bHH2+2R+0U8O05KDpe8iF3C1hdijTAUs/I26NzoWWRju0V9u
         QGBJYNve+nb5UMVhEk8ZIfvQ4CmNPTSzac7x75EXqvjqX9f/kOXHTPOrnekUAzNJJegX
         hlLzCKGHO8LowT8ZK+GtGII3RGRK1I2aqP2JqOa2lMPce5kquu4P+MNfb2ITNsH5sz2E
         Er1HVK2keKNuiolXJqWHARavd2LDpOntalY3Ujw/09EaqTkdlJF5bk9dHgFQsh6q6XYC
         oCHA==;
        dara=google.com
ARC-Authentication-Results: i=2; mx.google.com;
       arc=pass (i=1 spf=pass spfdomain=baidu.com dmarc=pass fromdomain=baidu.com);
       spf=pass (google.com: domain of linux-kernel+bounces-214355-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-214355-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=baidu.com
Return-Path: <linux-kernel+bounces-214355-linux.lists.archive=gmail.com@vger.kernel.org>
Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [2604:1380:40f1:3f00::1])
        by mx.google.com with ESMTPS id 41be03b00d2f7-6fee67b8959si2697013a12.859.2024.06.13.22.15.12
        for <linux.lists.archive@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 13 Jun 2024 22:15:13 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel+bounces-214355-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) client-ip=2604:1380:40f1:3f00::1;
Authentication-Results: mx.google.com;
       arc=pass (i=1 spf=pass spfdomain=baidu.com dmarc=pass fromdomain=baidu.com);
       spf=pass (google.com: domain of linux-kernel+bounces-214355-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-214355-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=baidu.com
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by sy.mirrors.kernel.org (Postfix) with ESMTPS id 4E542B22F02
	for <linux.lists.archive@gmail.com>; Fri, 14 Jun 2024 05:15:07 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id 2F4BE1474B1;
	Fri, 14 Jun 2024 05:15:00 +0000 (UTC)
Received: from njjs-sys-mailin01.njjs.baidu.com (mx310.baidu.com [180.101.52.44])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id 12EE22F43
	for <linux-kernel@vger.kernel.org>; Fri, 14 Jun 2024 05:14:55 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=180.101.52.44
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1718342099; cv=none; b=dP3nUyAwr5MFlS2QoUIFEps9y/QjKgbLmuyF3MrydfOc7Jm8UU8enRwf0Wk4mYEVm1e4g4Ndy45sVP/Xkq4QRvVPtf/qpu9LXmT96vIj6ZglwlhfJTiUkMcjrzrKpuOI6e8E23Ok0oJpoGL3aNecKDvXDiI5oR9pU1SLHynIBEg=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1718342099; c=relaxed/simple;
	bh=uiEvY12mTUmpxwij1oiWXlTlEpQzNEHXNSfhXCKrA48=;
	h=From:To:Cc:Subject:Date:Message-Id; b=LUP2YxT8CgWlj47VKoSTsGLOZQctmpsDpdUyyeVdqE9+wbKF/lE4kjjkLwiXFq5MPZ8+/cpKaH4oFaraLCjsrENdsGEMK8Nk2+7bD5z1f7WC/9cJG+NBgV/+ogkBs1U/3BPq9bihQvicUWm0Vdt5cgDpkciizrHAH+rdQS+vVZk=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=baidu.com; spf=pass smtp.mailfrom=baidu.com; arc=none smtp.client-ip=180.101.52.44
Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=baidu.com
Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=baidu.com
Received: from localhost (bjhw-sys-rpm015653cc5.bjhw.baidu.com [10.227.53.39])
	by njjs-sys-mailin01.njjs.baidu.com (Postfix) with ESMTP id A24277F0006A;
	Fri, 14 Jun 2024 13:14:53 +0800 (CST)
From: Li RongQing <lirongqing@baidu.com>
To: kirill.shutemov@linux.intel.com,
	dave.hansen@linux.intel.com,
	x86@kernel.org,
	linux-coco@lists.linux.dev,
	linux-kernel@vger.kernel.org,
	rick.p.edgecombe@intel.com
Cc: Li RongQing <lirongqing@baidu.com>
Subject: [PATCH][v2] virt: tdx-guest: Don't free decrypted memory
Date: Fri, 14 Jun 2024 13:14:52 +0800
Message-Id: <20240614051452.14548-1-lirongqing@baidu.com>
X-Mailer: git-send-email 2.9.4
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>

In CoCo VMs it is possible for the untrusted host to cause
set_memory_decrypted() to fail such that an error is returned
and the resulting memory is shared. Callers need to take care
to handle these errors to avoid returning decrypted (shared)
memory to the page allocator, which could lead to functional
or security issues.

So when set_memory_decrypted fails, leak decrypted memory, and
print an error message

Signed-off-by: Li RongQing <lirongqing@baidu.com>
---
diff with v1: leak the page, and print error

 drivers/virt/coco/tdx-guest/tdx-guest.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/virt/coco/tdx-guest/tdx-guest.c b/drivers/virt/coco/tdx-guest/tdx-guest.c
index 1253bf7..3a6e76c8 100644
--- a/drivers/virt/coco/tdx-guest/tdx-guest.c
+++ b/drivers/virt/coco/tdx-guest/tdx-guest.c
@@ -125,7 +125,7 @@ static void *alloc_quote_buf(void)
 		return NULL;
 
 	if (set_memory_decrypted((unsigned long)addr, count)) {
-		free_pages_exact(addr, len);
+		pr_err("Failed to set Quote buffer decrypted, leak the buffer\n");
 		return NULL;
 	}
 
-- 
2.9.4