virt: sev-guest: Explicitly leak pages in unknown state (fd948c3f) · Commits · git / linux-net

drivers/virt/coco/sev-guest/sev-guest.c

+7 −3

Original line number	Diff line number	Diff line
		@@ -176,6 +176,7 @@ static int get_ext_report(struct snp_guest_dev *snp_dev, struct snp_guest_reques
		struct snp_guest_req req = {};
		int ret, npages = 0, resp_len;
		sockptr_t certs_address;
		u64 pfn;

		if (sockptr_is_null(io->req_data) \|\| sockptr_is_null(io->resp_data))
		return -EINVAL;
		@@ -215,10 +216,11 @@ static int get_ext_report(struct snp_guest_dev *snp_dev, struct snp_guest_reques
		if (!req.certs_data)
		return -ENOMEM;

		pfn = PHYS_PFN(virt_to_phys(req.certs_data));
		ret = set_memory_decrypted((unsigned long)req.certs_data, npages);
		if (ret) {
		pr_err("failed to mark page shared, ret=%d\n", ret);
		free_pages_exact(req.certs_data, npages << PAGE_SHIFT);
		snp_leak_pages(pfn, npages);
		return -EFAULT;
		}

		@@ -272,11 +274,13 @@ static int get_ext_report(struct snp_guest_dev *snp_dev, struct snp_guest_reques
		kfree(report_resp);
		e_free_data:
		if (npages) {
		if (set_memory_encrypted((unsigned long)req.certs_data, npages))
		if (set_memory_encrypted((unsigned long)req.certs_data, npages)) {
		WARN_ONCE(ret, "failed to restore encryption mask (leak it)\n");
		else
		snp_leak_pages(pfn, npages);
		} else {
		free_pages_exact(req.certs_data, npages << PAGE_SHIFT);
		}
		}
		return ret;
		}