Linux 6.13-rc5 To See Fix For Intel TDX CoCo VMs Potentially Leaking Decrypted Memory
([Intel] 6 Hours Ago
Intel TDX VM Fix)
- Reference: 0001515463
- News link: https://www.phoronix.com/news/Linux-6.13-Fixing-TDX-CoCo-Leak
- Source link:
The x86 fixes pull request was sent out this morning ahead of the Linux 6.13-rc5 kernel being released later today. Both x86 fixes this week pertain to Intel bits: a self-test issue on upcoming Intel FRED (Flexible Return and Event Delivery) systems and also an issue of Intel TDX confidential computing VM guests potentially leaking decrypted memory within the unrecoverable error handling.
The fix for the Intel Trust Domain Extensions (TDX) handling with confidential computing (CoCo) VMs is around the unrecoverable error handling to not potentially leak decrypted memory. The [1]patch explains:
"In CoCo VMs it is possible for the untrusted host to cause set_memory_decrypted() to fail such that an error is returned and the resulting memory is shared. Callers need to take care to handle these errors to avoid returning decrypted (shared) memory to the page allocator, which could lead to functional or security issues.
Leak the decrypted memory when set_memory_decrypted() fails, and don't need to print an error since set_memory_decrypted() will call WARN_ONCE()."
This fix for the TDX CoCo guest code is just a one-liner to avoid calling free_pages_exact() and to just return instead.
These Intel TDX and FRED fixes for this week's Linux 6.13-rc5 kernel can be found via [2]this pull request that should be merged to mainline in the coming hours. Both fixes are also marked for back-porting to the Linux stable kernel branches so in the coming days they should also work their way to new Linux LTS/stable point releases.
[1] https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?h=x86/urgent&id=27834971f616c5e154423c578fa95e0444444ce1
[2] https://lore.kernel.org/lkml/Z3EXRGh2vI1q2H_c@gmail.com/
The fix for the Intel Trust Domain Extensions (TDX) handling with confidential computing (CoCo) VMs is around the unrecoverable error handling to not potentially leak decrypted memory. The [1]patch explains:
"In CoCo VMs it is possible for the untrusted host to cause set_memory_decrypted() to fail such that an error is returned and the resulting memory is shared. Callers need to take care to handle these errors to avoid returning decrypted (shared) memory to the page allocator, which could lead to functional or security issues.
Leak the decrypted memory when set_memory_decrypted() fails, and don't need to print an error since set_memory_decrypted() will call WARN_ONCE()."
This fix for the TDX CoCo guest code is just a one-liner to avoid calling free_pages_exact() and to just return instead.
These Intel TDX and FRED fixes for this week's Linux 6.13-rc5 kernel can be found via [2]this pull request that should be merged to mainline in the coming hours. Both fixes are also marked for back-porting to the Linux stable kernel branches so in the coming days they should also work their way to new Linux LTS/stable point releases.
[1] https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?h=x86/urgent&id=27834971f616c5e154423c578fa95e0444444ce1
[2] https://lore.kernel.org/lkml/Z3EXRGh2vI1q2H_c@gmail.com/
phoronix