dma-direct: Leak pages on dma_set_decrypted() failure

Linux kernel 安全漏洞

dma-direct: 在dma_set_decrypted()失败时泄露页面

In the Linux kernel, the following vulnerability has been resolved: dma-direct: Leak pages on dma_set_decrypted() failure On TDX it is possible for the untrusted host to cause set_memory_encrypted() or set_memory_decrypted() to fail such that an error is returned and the resulting memory is shared. Callers need to take care to handle these errors to avoid returning decrypted (shared) memory to the page allocator, which could lead to functional or security issues. DMA could free decrypted/shared pages if dma_set_decrypted() fails. This should be a rare case. Just leak the pages in this case instead of freeing them.

Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞，该漏洞源于dma_set_decrypted函数失败时会泄漏页面。

在Linux内核中，已解决以下漏洞： DMA直通：在dma_set_decrypted()失败时泄露页面 在TDX上，可能存在不信任的主机导致set_memory_encrypted()或set_memory_decrypted()失败的情况，从而返回错误，并且共享内存的结果。调用者需要确保妥善处理这些错误，以避免将解密（共享）内存返回给页面分配器，这可能导致功能或安全问题。 如果dma_set_decrypted()失败，DMA可能会释放解密/共享页面。这应该是罕见的情况。在这种情况下，只需泄露页面而不是释放它们即可。