From: Tycho Andersen <tycho@kernel.org>
To: Tom Lendacky <thomas.lendacky@amd.com>
Cc: "Pratik R. Sampat" <prsampat@amd.com>,
ashish.kalra@amd.com, john.allen@amd.com,
herbert@gondor.apana.org.au, davem@davemloft.net,
linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org,
aik@amd.com, nikunj@amd.com, michael.roth@amd.com
Subject: Re: [PATCH v3] crypto/ccp: Introduce SNP_VERIFY_MITIGATION command
Date: Thu, 21 May 2026 09:05:26 -0600 [thread overview]
Message-ID: <ag8c3v3GjWLWz-OS@tycho.pizza> (raw)
In-Reply-To: <b02682e5-8890-454a-ab75-fff1b6566922@amd.com>
On Thu, May 21, 2026 at 08:12:52AM -0500, Tom Lendacky wrote:
> > Now, with unregister no longer protected by sev_cmd_mutex, a concurrent init
> > can race with shutdown on the sysfs lifetime like so:
>
> Can it? Can init and shutdown race? Isn't that part of module load /
> unload, I'm not sure how they can race...
That's only true after
https://lore.kernel.org/all/20260504165147.1615643-5-tycho@kernel.org/
right? Before that, if the first init failed, you could trigger a
re-init via ioctl(), and presumably trigger the race sashiko is
complaining about by spamming ioctl() + sysfs writes on separate
threads.
> > t1 | t2
> > ---------------------------------- | ----------------------------------
> > sev_firmware_shutdown() | sev_platform_init()
> > unregister_verify_mitigation() | register_verify_mitigation()
> > sysfs_remove_group() | sysfs_create_group()
> >
> > Both sides touch sev->verify_mit without serialization. The same race also
> > exists for init vs init which is no longer covered by sev_cmd_mutex once
> > register moves outside it.
>
> I don't think you can have init vs init race, can you? This just all seems
> odd to me. Have you created all these race scenarios to test this out?
>
> Would putting the regsiter/unregister under the sev_cmd_mutex and then
> taking the sev_cmd_mutex upon entry to _show()/_store() fix all this?
> After obtaining the mutex in _show()/_store(), you check for
> sev->verify_mit and return an error if NULL. Then you can use the
> __sev_do_cmd_locked() to issue any commands.
As long as sysfs_remove_group() happens before
__sev_firmware_shutdown() it seems like it should be fine since sysfs
will do its own synchronization. IIUC we might not need this locking
at all assuming the above is applied?
Tycho
next prev parent reply other threads:[~2026-05-21 15:05 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-19 19:50 [PATCH v3] crypto/ccp: Introduce SNP_VERIFY_MITIGATION command Pratik R. Sampat
2026-05-19 19:57 ` Pratik R. Sampat
2026-05-20 16:46 ` Tycho Andersen
2026-05-20 18:27 ` kernel test robot
2026-05-20 20:22 ` Tom Lendacky
2026-05-21 2:10 ` Pratik R. Sampat
2026-05-21 13:12 ` Tom Lendacky
2026-05-21 15:05 ` Tycho Andersen [this message]
2026-05-21 20:04 ` Tom Lendacky
2026-05-22 1:58 ` Pratik R. Sampat
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ag8c3v3GjWLWz-OS@tycho.pizza \
--to=tycho@kernel.org \
--cc=aik@amd.com \
--cc=ashish.kalra@amd.com \
--cc=davem@davemloft.net \
--cc=herbert@gondor.apana.org.au \
--cc=john.allen@amd.com \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=michael.roth@amd.com \
--cc=nikunj@amd.com \
--cc=prsampat@amd.com \
--cc=thomas.lendacky@amd.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox