[PATCH] crypto: ccp - Fix leaking the same page twice

public inbox for linux-crypto@vger.kernel.org
 help / color / mirror / Atom feed

* [PATCH] crypto: ccp - Fix leaking the same page twice
@ 2026-03-04 20:39 Guenter Roeck
  2026-03-04 20:50 ` Tom Lendacky
                   ` (2 more replies)
  0 siblings, 3 replies; 4+ messages in thread
From: Guenter Roeck @ 2026-03-04 20:39 UTC (permalink / raw)
  To: Ashish Kalra
  Cc: John Allen, Herbert Xu, David S . Miller, linux-crypto,
	linux-kernel, Guenter Roeck, Tycho Andersen, Tom Lendacky

Commit 551120148b67 ("crypto: ccp - Fix a case where SNP_SHUTDOWN is
missed") fixed a case where SNP is left in INIT state if page reclaim
fails. It removes the transition to the INIT state for this command and
adjusts the page state management.

While doing this, it added a call to snp_leak_pages() after a call to
snp_reclaim_pages() failed. Since snp_reclaim_pages() already calls
snp_leak_pages() internally on the pages it fails to reclaim, calling
it again leaks the exact same page twice.

Fix by removing the extra call to snp_leak_pages().

The problem was found by an experimental code review agent based on
gemini-3.1-pro while reviewing backports into v6.18.y.

Assisted-by: Gemini:gemini-3.1-pro
Fixes: 551120148b67 ("crypto: ccp - Fix a case where SNP_SHUTDOWN is missed")
Cc: Tycho Andersen (AMD) <tycho@kernel.org>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
---
 drivers/crypto/ccp/sev-dev.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c
index 096f993974d1..bd31ebfc85d5 100644
--- a/drivers/crypto/ccp/sev-dev.c
+++ b/drivers/crypto/ccp/sev-dev.c
@@ -2410,10 +2410,8 @@ static int sev_ioctl_do_snp_platform_status(struct sev_issue_cmd *argp)
 		 * in Firmware state on failure. Use snp_reclaim_pages() to
 		 * transition either case back to Hypervisor-owned state.
 		 */
-		if (snp_reclaim_pages(__pa(data), 1, true)) {
-			snp_leak_pages(__page_to_pfn(status_page), 1);
+		if (snp_reclaim_pages(__pa(data), 1, true))
 			return -EFAULT;
-		}
 	}

 	if (ret)
-- 
2.45.2

^ permalink raw reply related	[flat|nested] 4+ messages in thread

* Re: [PATCH] crypto: ccp - Fix leaking the same page twice
  2026-03-04 20:39 [PATCH] crypto: ccp - Fix leaking the same page twice Guenter Roeck
@ 2026-03-04 20:50 ` Tom Lendacky
  2026-03-04 22:03 ` Tycho Andersen
  2026-03-14  5:15 ` Herbert Xu
  2 siblings, 0 replies; 4+ messages in thread
From: Tom Lendacky @ 2026-03-04 20:50 UTC (permalink / raw)
  To: Guenter Roeck, Ashish Kalra
  Cc: John Allen, Herbert Xu, David S . Miller, linux-crypto,
	linux-kernel, Tycho Andersen

On 3/4/26 14:39, Guenter Roeck wrote:
> Commit 551120148b67 ("crypto: ccp - Fix a case where SNP_SHUTDOWN is
> missed") fixed a case where SNP is left in INIT state if page reclaim
> fails. It removes the transition to the INIT state for this command and
> adjusts the page state management.
> 
> While doing this, it added a call to snp_leak_pages() after a call to
> snp_reclaim_pages() failed. Since snp_reclaim_pages() already calls
> snp_leak_pages() internally on the pages it fails to reclaim, calling
> it again leaks the exact same page twice.
> 
> Fix by removing the extra call to snp_leak_pages().
> 
> The problem was found by an experimental code review agent based on
> gemini-3.1-pro while reviewing backports into v6.18.y.
> 
> Assisted-by: Gemini:gemini-3.1-pro
> Fixes: 551120148b67 ("crypto: ccp - Fix a case where SNP_SHUTDOWN is missed")
> Cc: Tycho Andersen (AMD) <tycho@kernel.org>
> Cc: Tom Lendacky <thomas.lendacky@amd.com>
> Signed-off-by: Guenter Roeck <linux@roeck-us.net>

Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com>

> ---
>  drivers/crypto/ccp/sev-dev.c | 4 +---
>  1 file changed, 1 insertion(+), 3 deletions(-)
> 
> diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c
> index 096f993974d1..bd31ebfc85d5 100644
> --- a/drivers/crypto/ccp/sev-dev.c
> +++ b/drivers/crypto/ccp/sev-dev.c
> @@ -2410,10 +2410,8 @@ static int sev_ioctl_do_snp_platform_status(struct sev_issue_cmd *argp)
>  		 * in Firmware state on failure. Use snp_reclaim_pages() to
>  		 * transition either case back to Hypervisor-owned state.
>  		 */
> -		if (snp_reclaim_pages(__pa(data), 1, true)) {
> -			snp_leak_pages(__page_to_pfn(status_page), 1);
> +		if (snp_reclaim_pages(__pa(data), 1, true))
>  			return -EFAULT;
> -		}
>  	}
>  
>  	if (ret)


^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH] crypto: ccp - Fix leaking the same page twice
  2026-03-04 20:39 [PATCH] crypto: ccp - Fix leaking the same page twice Guenter Roeck
  2026-03-04 20:50 ` Tom Lendacky
@ 2026-03-04 22:03 ` Tycho Andersen
  2026-03-14  5:15 ` Herbert Xu
  2 siblings, 0 replies; 4+ messages in thread
From: Tycho Andersen @ 2026-03-04 22:03 UTC (permalink / raw)
  To: Guenter Roeck
  Cc: Ashish Kalra, John Allen, Herbert Xu, David S . Miller,
	linux-crypto, linux-kernel, Tom Lendacky

On Wed, Mar 04, 2026 at 12:39:34PM -0800, Guenter Roeck wrote:
> Commit 551120148b67 ("crypto: ccp - Fix a case where SNP_SHUTDOWN is
> missed") fixed a case where SNP is left in INIT state if page reclaim
> fails. It removes the transition to the INIT state for this command and
> adjusts the page state management.
> 
> While doing this, it added a call to snp_leak_pages() after a call to
> snp_reclaim_pages() failed. Since snp_reclaim_pages() already calls
> snp_leak_pages() internally on the pages it fails to reclaim, calling
> it again leaks the exact same page twice.
> 
> Fix by removing the extra call to snp_leak_pages().

Reviewed-by: Tycho Andersen (AMD) <tycho@kernel.org>

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH] crypto: ccp - Fix leaking the same page twice
  2026-03-04 20:39 [PATCH] crypto: ccp - Fix leaking the same page twice Guenter Roeck
  2026-03-04 20:50 ` Tom Lendacky
  2026-03-04 22:03 ` Tycho Andersen
@ 2026-03-14  5:15 ` Herbert Xu
  2 siblings, 0 replies; 4+ messages in thread
From: Herbert Xu @ 2026-03-14  5:15 UTC (permalink / raw)
  To: Guenter Roeck
  Cc: Ashish Kalra, John Allen, David S . Miller, linux-crypto,
	linux-kernel, Tycho Andersen, Tom Lendacky

On Wed, Mar 04, 2026 at 12:39:34PM -0800, Guenter Roeck wrote:
> Commit 551120148b67 ("crypto: ccp - Fix a case where SNP_SHUTDOWN is
> missed") fixed a case where SNP is left in INIT state if page reclaim
> fails. It removes the transition to the INIT state for this command and
> adjusts the page state management.
> 
> While doing this, it added a call to snp_leak_pages() after a call to
> snp_reclaim_pages() failed. Since snp_reclaim_pages() already calls
> snp_leak_pages() internally on the pages it fails to reclaim, calling
> it again leaks the exact same page twice.
> 
> Fix by removing the extra call to snp_leak_pages().
> 
> The problem was found by an experimental code review agent based on
> gemini-3.1-pro while reviewing backports into v6.18.y.
> 
> Assisted-by: Gemini:gemini-3.1-pro
> Fixes: 551120148b67 ("crypto: ccp - Fix a case where SNP_SHUTDOWN is missed")
> Cc: Tycho Andersen (AMD) <tycho@kernel.org>
> Cc: Tom Lendacky <thomas.lendacky@amd.com>
> Signed-off-by: Guenter Roeck <linux@roeck-us.net>
> ---
>  drivers/crypto/ccp/sev-dev.c | 4 +---
>  1 file changed, 1 insertion(+), 3 deletions(-)

Patch applied.  Thanks.
-- 
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2026-03-14  5:15 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-03-04 20:39 [PATCH] crypto: ccp - Fix leaking the same page twice Guenter Roeck
2026-03-04 20:50 ` Tom Lendacky
2026-03-04 22:03 ` Tycho Andersen
2026-03-14  5:15 ` Herbert Xu

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox