From: "Mario Limonciello (AMD)" <superm1@kernel.org>
To: "Tom Lendacky" <thomas.lendacky@amd.com>,
"Herbert Xu" <herbert@gondor.apana.org.au>,
"Shyam Sundar S K" <Shyam-sundar.S-k@amd.com>,
"Ilpo Järvinen" <ilpo.jarvinen@linux.intel.com>
Cc: John Allen <john.allen@amd.com>,
"David S . Miller" <davem@davemloft.net>,
Hans de Goede <hansg@kernel.org>,
linux-crypto@vger.kernel.org (open list:AMD CRYPTOGRAPHIC
COPROCESSOR (CCP) DRIVER),
platform-driver-x86@vger.kernel.org (open list:AMD PMF DRIVER),
Lars Francke <lars.francke@gmail.com>,
Mario Limonciello <superm1@kernel.org>
Subject: [PATCH v2 4/4] crypto: ccp - Send PSP_CMD_TEE_RING_DESTROY when PSP_CMD_TEE_RING_INIT fails
Date: Thu, 11 Dec 2025 15:28:47 -0600 [thread overview]
Message-ID: <20251211212847.11980-5-superm1@kernel.org> (raw)
In-Reply-To: <20251211212847.11980-1-superm1@kernel.org>
The hibernate resume sequence involves loading a resume kernel that is
just used for loading the hibernate image before shifting back to the
existing kernel.
During that hibernate resume sequence the resume kernel may have loaded
the ccp driver. If this happens the resume kernel will also have called
PSP_CMD_TEE_RING_INIT but it will never have called
PSP_CMD_TEE_RING_DESTROY.
This is problematic because the existing kernel needs to re-initialize the
ring. One could argue that the existing kernel should call destroy
as part of restore() but there is no guarantee that the resume kernel did
or didn't load the ccp driver. There is also no callback opportunity for
the resume kernel to destroy before handing back control to the existing
kernel.
Similar problems could potentially exist with the use of kdump and
crash handling. I actually reproduced this issue like this:
1) rmmod ccp
2) hibernate the system
3) resume the system
4) modprobe ccp
The resume kernel will have loaded ccp but never destroyed and then when
I try to modprobe it fails.
Because of these possible cases add a flow that checks the error code from
the PSP_CMD_TEE_RING_INIT call and tries to call PSP_CMD_TEE_RING_DESTROY
if it failed. If this succeeds then call PSP_CMD_TEE_RING_INIT again.
Signed-off-by: Mario Limonciello (AMD) <superm1@kernel.org>
---
drivers/crypto/ccp/tee-dev.c | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/drivers/crypto/ccp/tee-dev.c b/drivers/crypto/ccp/tee-dev.c
index 11c4b05e2f3a..34096cb6ebdc 100644
--- a/drivers/crypto/ccp/tee-dev.c
+++ b/drivers/crypto/ccp/tee-dev.c
@@ -90,6 +90,7 @@ static int tee_init_ring(struct psp_tee_device *tee)
{
int ring_size = MAX_RING_BUFFER_ENTRIES * sizeof(struct tee_ring_cmd);
struct tee_init_ring_cmd *cmd;
+ bool retry = false;
unsigned int reg;
int ret;
@@ -112,6 +113,7 @@ static int tee_init_ring(struct psp_tee_device *tee)
/* Send command buffer details to Trusted OS by writing to
* CPU-PSP message registers
*/
+init:
ret = psp_mailbox_command(tee->psp, PSP_CMD_TEE_RING_INIT, cmd,
TEE_DEFAULT_CMD_TIMEOUT, ®);
if (ret) {
@@ -122,6 +124,15 @@ static int tee_init_ring(struct psp_tee_device *tee)
}
if (FIELD_GET(PSP_CMDRESP_STS, reg)) {
+ if (!retry && FIELD_GET(PSP_CMDRESP_STS, reg) == 0x0000000d) {
+ dev_dbg(tee->dev, "tee: ring init command failed with busy status, retrying\n");
+ ret = psp_mailbox_command(tee->psp, PSP_CMD_TEE_RING_DESTROY, NULL,
+ TEE_DEFAULT_CMD_TIMEOUT, ®);
+ if (!ret) {
+ retry = true;
+ goto init;
+ }
+ }
dev_err(tee->dev, "tee: ring init command failed (%#010lx)\n",
FIELD_GET(PSP_CMDRESP_STS, reg));
tee_free_ring(tee);
--
2.51.2
next prev parent reply other threads:[~2025-12-11 21:28 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-12-11 21:28 [PATCH v2 0/4] Fixes for PMF and CCP drivers after S4 Mario Limonciello (AMD)
2025-12-11 21:28 ` [PATCH v2 1/4] platform/x86/amd/pmf: Prevent TEE errors after hibernate Mario Limonciello (AMD)
2025-12-11 21:28 ` [PATCH v2 2/4] crypto: ccp - Declare PSP dead if PSP_CMD_TEE_RING_INIT fails Mario Limonciello (AMD)
2025-12-11 21:28 ` [PATCH v2 3/4] crypto: ccp - Add an S4 restore flow Mario Limonciello (AMD)
2025-12-11 22:03 ` Tom Lendacky
2025-12-11 21:28 ` Mario Limonciello (AMD) [this message]
2025-12-11 22:21 ` [PATCH v2 4/4] crypto: ccp - Send PSP_CMD_TEE_RING_DESTROY when PSP_CMD_TEE_RING_INIT fails Tom Lendacky
2025-12-13 19:05 ` Shyam Sundar S K
2025-12-11 22:23 ` [PATCH v2 0/4] Fixes for PMF and CCP drivers after S4 Tom Lendacky
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20251211212847.11980-5-superm1@kernel.org \
--to=superm1@kernel.org \
--cc=Shyam-sundar.S-k@amd.com \
--cc=davem@davemloft.net \
--cc=hansg@kernel.org \
--cc=herbert@gondor.apana.org.au \
--cc=ilpo.jarvinen@linux.intel.com \
--cc=john.allen@amd.com \
--cc=lars.francke@gmail.com \
--cc=linux-crypto@vger.kernel.org \
--cc=platform-driver-x86@vger.kernel.org \
--cc=thomas.lendacky@amd.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).