On Tue, 2023-10-17 at 22:20 -0700, Kuppuswamy Sathyanarayanan wrote: > > > On 10/17/2023 1:24 PM, Rick Edgecombe wrote: > > On TDX it is possible for the untrusted host to cause > > set_memory_encrypted() or set_memory_decrypted() to fail such that > > an > > error is returned and the resulting memory is shared. Callers need > > to take > > care to handle these errors to avoid returning decrypted (shared) > > memory to > > the page allocator, which could lead to functional or security > > issues. > > > > Kvmclock could free decrypted/shared pages if > > set_memory_decrypted() fails. > > Use the recently added free_decrypted_pages() to avoid this. > > > > Cc: Paolo Bonzini <pbonzini@xxxxxxxxxx> > > Cc: Wanpeng Li <wanpengli@xxxxxxxxxxx> > > Cc: Vitaly Kuznetsov <vkuznets@xxxxxxxxxx> > > Cc: kvm@xxxxxxxxxxxxxxx > > Signed-off-by: Rick Edgecombe <rick.p.edgecombe@xxxxxxxxx> > > --- > > Since it a fix, do you want to add Fixes tag? > > Otherwise, it looks good to me. > > Reviewed-by: Kuppuswamy Sathyanarayanan > <sathyanarayanan.kuppuswamy@xxxxxxxxxxxxxxx> Thanks. Yes, the thinking was to mark all these for stable, but some patches are still RFC for this version. I'll add it for all non-RFC ones in the next version.
