tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

crypto: ccp - Fix leaking the same page twice

Commit 551120148b67 ("crypto: ccp - Fix a case where SNP_SHUTDOWN is
missed") fixed a case where SNP is left in INIT state if page reclaim
fails. It removes the transition to the INIT state for this command and
adjusts the page state management.

While doing this, it added a call to snp_leak_pages() after a call to
snp_reclaim_pages() failed. Since snp_reclaim_pages() already calls
snp_leak_pages() internally on the pages it fails to reclaim, calling
it again leaks the exact same page twice.

Fix by removing the extra call to snp_leak_pages().

The problem was found by an experimental code review agent based on
gemini-3.1-pro while reviewing backports into v6.18.y.

Assisted-by: Gemini:gemini-3.1-pro
Fixes: 551120148b67 ("crypto: ccp - Fix a case where SNP_SHUTDOWN is missed")
Cc: Tycho Andersen (AMD) <tycho@kernel.org>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com>
Reviewed-by: Tycho Andersen (AMD) <tycho@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

authored by

Guenter Roeck and committed by
Herbert Xu 5c52607c d240b079

+1 -3
+1 -3
drivers/crypto/ccp/sev-dev.c
··· 2408 2408 * in Firmware state on failure. Use snp_reclaim_pages() to 2409 2409 * transition either case back to Hypervisor-owned state. 2410 2410 */ 2411 - if (snp_reclaim_pages(__pa(data), 1, true)) { 2412 - snp_leak_pages(__page_to_pfn(status_page), 1); 2411 + if (snp_reclaim_pages(__pa(data), 1, true)) 2413 2412 return -EFAULT; 2414 - } 2415 2413 } 2416 2414 2417 2415 if (ret)