Received: by 2002:a89:413:0:b0:1fd:dba5:e537 with SMTP id m19csp593025lqs;
        Thu, 13 Jun 2024 22:26:24 -0700 (PDT)
X-Forwarded-Encrypted: i=3; AJvYcCXrN4Pho66p04epcS48ES+gSg2Ew9KUcZV3Sd1YFHmV1V+w4JnT2CybmZEF0PZLMYGyRfMBTUej9YRrWRBYunmhS+j9fGa4Xol72Y0QAw==
X-Google-Smtp-Source: AGHT+IEeB/KBulLb4KUHh2Xwz3sfKeNzvJ7cbG+QYvwAaAGN4spLFuw3L6odWl+/9j+vxScXdRCu
X-Received: by 2002:a05:6871:294:b0:254:c842:46f0 with SMTP id 586e51a60fabf-25842c3d914mr1647168fac.59.1718342784469;
        Thu, 13 Jun 2024 22:26:24 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1718342784; cv=pass;
        d=google.com; s=arc-20160816;
        b=DhaCBBdMoNOWiY6ZJYRMiLNmJ5twDCJrPNMyqScp0OocgZaJSZ6s8Y6Wo4xBapOWCc
         dQX//8Otv90NSO1D/dbeAt53/iovseAPEfNZc6tPdAXcYZgO/5RRbvT/KHhn5yErNsun
         j8q9stQYGVqvEPj59Rx6LvdkRGO6T/zQWXMCjX+WUOK4xVbTJftGnwxc1jtuUulrCAwm
         chkAHt9PRoruW4D1cWN2s9p7RmUn/uEhnqHifW3Y+i7Bgy0uWo9dUD4Qv9TqkVvnnqVu
         8vjqpyoclTQJw7ndFek3SwCGdMo5et61dWbAQ/2D1ed+0HKweMQ8kC9KuLRvWPL1oX87
         GBmQ==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-unsubscribe:list-subscribe:list-id:precedence:message-id:date
         :subject:cc:to:from;
        bh=zewG+yZ3oXyie5nq1fkqS5/ln/oyPbUyeg/nZH6Xwuw=;
        fh=ijB3+eQW30/CwolMdrnrV4Yon6BoJohXWrtpCqSGAOM=;
        b=J2JtOVLGZ7b7/FqzsjamkLSie98geYnGv2Oxiwl2AzUJw94zc9yslqu/Ljw2oN6UzS
         AZZlFLdV+ZgbAo+0FWXuTCxwAT50lNpkjYaAxqUmY28QE5j/XaT8catCf/XBKlCfpUYZ
         kvGu7h3rHJ2TJx7XRILd2y2F8i1L98nPHZ4V+oJeL54xy/lCx07Nd1m21v0mA8YLbhcV
         sPiQZM5zF+3Cj9i9hVUkjjLDnIREeNts4SaYAvggJnfQtF6aM2PWjkTcYSAUOioc9Bnk
         Kha8S4Tu9JYD+ucMeSAdOV/GgiEe6E15Xc6VfAvjE0O+I8m3+gfDSAzAQQPPoKjrxydY
         gKmA==;
        dara=google.com
ARC-Authentication-Results: i=2; mx.google.com;
       arc=pass (i=1 spf=pass spfdomain=baidu.com dmarc=pass fromdomain=baidu.com);
       spf=pass (google.com: domain of linux-kernel+bounces-214364-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-214364-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=baidu.com
Return-Path: <linux-kernel+bounces-214364-linux.lists.archive=gmail.com@vger.kernel.org>
Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [2604:1380:40f1:3f00::1])
        by mx.google.com with ESMTPS id d2e1a72fcca58-705ccb970basi2802166b3a.306.2024.06.13.22.26.23
        for <linux.lists.archive@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 13 Jun 2024 22:26:24 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel+bounces-214364-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) client-ip=2604:1380:40f1:3f00::1;
Authentication-Results: mx.google.com;
       arc=pass (i=1 spf=pass spfdomain=baidu.com dmarc=pass fromdomain=baidu.com);
       spf=pass (google.com: domain of linux-kernel+bounces-214364-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-214364-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=baidu.com
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by sy.mirrors.kernel.org (Postfix) with ESMTPS id 5F046B2327E
	for <linux.lists.archive@gmail.com>; Fri, 14 Jun 2024 05:26:13 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id B6287146582;
	Fri, 14 Jun 2024 05:26:05 +0000 (UTC)
Received: from njjs-sys-mailin01.njjs.baidu.com (mx315.baidu.com [180.101.52.204])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id 51DA626ADE
	for <linux-kernel@vger.kernel.org>; Fri, 14 Jun 2024 05:26:02 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=180.101.52.204
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1718342765; cv=none; b=SRwUVK1Uh+v5u4gRHGFvI9eiIs7HErPDEl2AA78fk8agw2Kc5b3fz6hfm0XXEc69pOMOb2xOoMD2u1QMCovORn5Dmuu147ieCZavQbL8710+4Ceq1G7wxQ1zKhEw4ICbQgxLOn9SI7LVngq+shF7deunJWEfAiEWhChWIERxvsw=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1718342765; c=relaxed/simple;
	bh=hlAC+liJwlMTETxKRDMCL6af/9a3p3shTmSwAKBxmgw=;
	h=From:To:Cc:Subject:Date:Message-Id; b=IKsCIw9iCQqNtLAZBeq31PKPhNF/8NJ8AUJtteD3RCbaTy9jkhY6ujYtRvJL1JdchsGkurfMQ2bshySYAozX5lE+Wc9NHXa9vjjThdx0OqVxpP6ArmJ4/FnKGZ5ASrUhQXWf5PyAaXaVf/A83WafCSKXs4iwwPOI91/FGrXMqHE=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=baidu.com; spf=pass smtp.mailfrom=baidu.com; arc=none smtp.client-ip=180.101.52.204
Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=baidu.com
Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=baidu.com
Received: from localhost (bjhw-sys-rpm015653cc5.bjhw.baidu.com [10.227.53.39])
	by njjs-sys-mailin01.njjs.baidu.com (Postfix) with ESMTP id 814067F0003D;
	Fri, 14 Jun 2024 13:10:38 +0800 (CST)
From: Li RongQing <lirongqing@baidu.com>
To: thomas.lendacky@amd.com,
	dan.j.williams@intel.com,
	bp@alien8.de,
	linux-kernel@vger.kernel.org
Cc: Li RongQing <lirongqing@baidu.com>
Subject: [PATCH] virt/coco/sev-guest: Don't free decrypted memory
Date: Fri, 14 Jun 2024 13:10:36 +0800
Message-Id: <20240614051036.41983-1-lirongqing@baidu.com>
X-Mailer: git-send-email 2.9.4
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>

In CoCo VMs, it is possible for the untrusted host to cause
set_memory_decrypted() to fail such that an error is returned
and the resulting memory is shared. Callers need to take care
to handle these errors to avoid returning decrypted (shared)
memory to the page allocator, which could lead to functional
or security issues. so don't free decrypted memory

Signed-off-by: Li RongQing <lirongqing@baidu.com>
---
 drivers/virt/coco/sev-guest/sev-guest.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/drivers/virt/coco/sev-guest/sev-guest.c b/drivers/virt/coco/sev-guest/sev-guest.c
index 654290a8e..799563a 100644
--- a/drivers/virt/coco/sev-guest/sev-guest.c
+++ b/drivers/virt/coco/sev-guest/sev-guest.c
@@ -730,8 +730,7 @@ static void *alloc_shared_pages(struct device *dev, size_t sz)
 
 	ret = set_memory_decrypted((unsigned long)page_address(page), npages);
 	if (ret) {
-		dev_err(dev, "failed to mark page shared, ret=%d\n", ret);
-		__free_pages(page, get_order(sz));
+		dev_err(dev, "failed to mark page shared, leak page, ret=%d\n", ret);
 		return NULL;
 	}
 
-- 
2.9.4