News: 0001515463

  ARM Give a man a fire and he's warm for a day, but set fire to him and he's warm for the rest of his life (Terry Pratchett, Jingo)

Linux 6.13-rc5 To See Fix For Intel TDX CoCo VMs Potentially Leaking Decrypted Memory

([Intel] 6 Hours Ago Intel TDX VM Fix)


The x86 fixes pull request was sent out this morning ahead of the Linux 6.13-rc5 kernel being released later today. Both x86 fixes this week pertain to Intel bits: a self-test issue on upcoming Intel FRED (Flexible Return and Event Delivery) systems and also an issue of Intel TDX confidential computing VM guests potentially leaking decrypted memory within the unrecoverable error handling.

The fix for the Intel Trust Domain Extensions (TDX) handling with confidential computing (CoCo) VMs is around the unrecoverable error handling to not potentially leak decrypted memory. The [1]patch explains:

"In CoCo VMs it is possible for the untrusted host to cause set_memory_decrypted() to fail such that an error is returned and the resulting memory is shared. Callers need to take care to handle these errors to avoid returning decrypted (shared) memory to the page allocator, which could lead to functional or security issues.

Leak the decrypted memory when set_memory_decrypted() fails, and don't need to print an error since set_memory_decrypted() will call WARN_ONCE()."

This fix for the TDX CoCo guest code is just a one-liner to avoid calling free_pages_exact() and to just return instead.

These Intel TDX and FRED fixes for this week's Linux 6.13-rc5 kernel can be found via [2]this pull request that should be merged to mainline in the coming hours. Both fixes are also marked for back-porting to the Linux stable kernel branches so in the coming days they should also work their way to new Linux LTS/stable point releases.



[1] https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?h=x86/urgent&id=27834971f616c5e154423c578fa95e0444444ce1

[2] https://lore.kernel.org/lkml/Z3EXRGh2vI1q2H_c@gmail.com/



phoronix

A doctor, an architect, and a computer scientist were arguing about
whose profession was the oldest. In the course of their arguments, they
got all the way back to the Garden of Eden, whereupon the doctor said, "The
medical profession is clearly the oldest, because Eve was made from Adam's
rib, as the story goes, and that was a simply incredible surgical feat."
The architect did not agree. He said, "But if you look at the Garden
itself, in the beginning there was chaos and void, and out of that the Garden
and the world were created. So God must have been an architect."
The computer scientist, who'd listened carefully to all of this, then
commented, "Yes, but where do you think the chaos came from?"