From nobody Mon Jun 8 05:28:17 2026 Received: from out-172.mta1.migadu.com (out-172.mta1.migadu.com [95.215.58.172]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1E1B926B971 for ; Mon, 1 Jun 2026 23:04:52 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=95.215.58.172 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780355094; cv=none; b=UnddvlnOtqLpqd66lFso+/SighiYtaZEbo79KSi1+M1rba7Tdc/8nDCRsfGzFqkANezenNQA9hxjmRUqQn+HZhldReL9uIE04TzoIrutHXKfXZRWdV3oNxJeVJ1hjw19RwLsjuS3DT/HQobb1yyiyYWtiXQisvv7TaMPXDPxYko= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780355094; c=relaxed/simple; bh=Uzh9aoY+3BR7q/Cka+rhzBuUGwNlpyblwx+0tJWMaGw=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=qnYihMbUwVbfJfR1ScCal/utnZ/PKDjhonh+jjZUAK2GCc1AW/hdbAB9JKvsyA0tZfqBO2qHEeIgj2R+tx4kYOrrJdP6qHXpe7xeR4J6UlB7eUNwYCviMUbQgNGl7MGaHIIBdGZI0fgER4x6pNPUMX1DfFiqR27yFi7SL/zCSjs= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.dev; spf=pass smtp.mailfrom=linux.dev; dkim=pass (1024-bit key) header.d=linux.dev header.i=@linux.dev header.b=xpLKQ578; arc=none smtp.client-ip=95.215.58.172 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.dev Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.dev Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linux.dev header.i=@linux.dev header.b="xpLKQ578" X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1780355091; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=8Bvf4Jr5d3UMYOq7tmej32Y+RUqc/jpd+AKbJsTaXNA=; b=xpLKQ578EbaZaVFXeAjzTTqxwYu+dyhFf8q9GaNW7MKWVZ3oLc15Z34gorh1Ed/TFAQSDr p7AFal87GfHKFUcmt/aWldBWzS2De9yvdmiGFO4PGSvKUnLa+46i2Cmt9ijwFKF7V2kG7L mLDqujed1hTxvjhql3+sWx/QVsWD9lE= From: Atish Patra Date: Mon, 01 Jun 2026 16:04:35 -0700 Subject: [PATCH v2 1/4] KVM: SEV: Do not allow intra-host migration/mirroring of SNP VMs Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260601-sev_snp_fixes-v2-1-611891b28a86@meta.com> References: <20260601-sev_snp_fixes-v2-0-611891b28a86@meta.com> In-Reply-To: <20260601-sev_snp_fixes-v2-0-611891b28a86@meta.com> To: Sean Christopherson , Paolo Bonzini , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Tom Lendacky , Peter Gonda , Brijesh Singh , Youngjae Lee , Ashish Kalra , Michael Roth , John Allen , Herbert Xu Cc: clm@meta.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org, linux-crypto@vger.kernel.org, stable@vger.kernel.org, Atish Patra , Sashiko X-Migadu-Flow: FLOW_OUT From: Atish Patra The intra-host migration/mirroring feature is not fully implemented for SEV-SNP VMs. The proper migration requires additional SNP-specific state such as guest_req_mutex, guest_req_buf, and guest_resp_buf to be transferred or initialized on the destination. The SNP VM mirroring requires vmsa features to be copied as well otherwise ASID would be bound to SNP range while VM is detected as a SEV VM. Reject SNP source VMs in migration/mirroring until proper SNP state transfer is implemented. Fixes: 0b020f5af092 ("KVM: SEV: Add support for SEV-ES intra host migration= ") Reported-by: Chris Mason Reported-by: Sashiko Assisted-by: Claude:claude-opus-4-6 Signed-off-by: Atish Patra Reviewed-by: Tom Lendacky --- arch/x86/kvm/svm/sev.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index c2126b3c3072..e6ad6af128c9 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -2142,7 +2142,8 @@ int sev_vm_move_enc_context_from(struct kvm *kvm, uns= igned int source_fd) return ret; =20 if (kvm->arch.vm_type !=3D source_kvm->arch.vm_type || - sev_guest(kvm) || !sev_guest(source_kvm)) { + sev_guest(kvm) || !sev_guest(source_kvm) || + sev_snp_guest(source_kvm)) { ret =3D -EINVAL; goto out_unlock; } @@ -2865,6 +2866,7 @@ int sev_vm_copy_enc_context_from(struct kvm *kvm, uns= igned int source_fd) * created after SEV/SEV-ES initialization, e.g. to init intercepts. */ if (sev_guest(kvm) || !sev_guest(source_kvm) || + sev_snp_guest(source_kvm) || is_mirroring_enc_context(source_kvm) || kvm->created_vcpus) { ret =3D -EINVAL; goto e_unlock; --=20 2.53.0-Meta From nobody Mon Jun 8 05:28:17 2026 Received: from out-178.mta0.migadu.com (out-178.mta0.migadu.com [91.218.175.178]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5D99D371CEA for ; Mon, 1 Jun 2026 23:05:07 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=91.218.175.178 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780355111; cv=none; b=oSCREsg4DRdiRDh2950uTR6U4R7jrg2pc8isSZqivVAkG8WOfgYnLhFwRD17nb70uVjkPeVHR2QC0gqWXPKvW1HzMYvChiu40ZTm89gBs+OY9Tp+Msb56Cdnxlbmm8V/6ggj9qeEFaQPc4smfs5Mbsea9tbQsOhHJDaHYaqAdks= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780355111; c=relaxed/simple; bh=hJHj9af2b4aGE8hdvzxfH1HNHgYHgZ+5YN6mW3BKutM=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=XT1x95NbXVrwV5+ohWYAuKliGd/CkQoIIsNP+CNPh/AIVfJW4DVTY94EKHW8R4NguRZfjBUTyZ7KeungfAZtg+n8mHP5caJVby/kQ3jnKdEFlrZ8absIYFY4C08uWr9rp0QO745lhiRr8Kov0i+E6gdOtNkFbgJK5V8CI0yT2zI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.dev; spf=pass smtp.mailfrom=linux.dev; dkim=pass (1024-bit key) header.d=linux.dev header.i=@linux.dev header.b=qnjQcJzB; arc=none smtp.client-ip=91.218.175.178 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.dev Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.dev Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linux.dev header.i=@linux.dev header.b="qnjQcJzB" X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1780355095; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=qwUuu9T1lQ6cMXR7h0uQbhUHWqF4ALjjRwoKhkOobCI=; b=qnjQcJzBDplitgIuS7VGI6YF4Pnt9EdJo2Pdv8ZVwwdiRFVS2K0G/jaUvML8Oq8KgeS8pp M7NY93KV/1PS1rMM84FfgISTrLy/KCNvi88cPN6nW31FDifd26UKPAbs3TqM/pSyXPH153 w4N7VuG9JlRIxwdYQIntFr3DVzURs5E= From: Atish Patra Date: Mon, 01 Jun 2026 16:04:36 -0700 Subject: [PATCH v2 2/4] KVM: selftests: Verify SNP VMs are rejected from migration and mirroring Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260601-sev_snp_fixes-v2-2-611891b28a86@meta.com> References: <20260601-sev_snp_fixes-v2-0-611891b28a86@meta.com> In-Reply-To: <20260601-sev_snp_fixes-v2-0-611891b28a86@meta.com> To: Sean Christopherson , Paolo Bonzini , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Tom Lendacky , Peter Gonda , Brijesh Singh , Youngjae Lee , Ashish Kalra , Michael Roth , John Allen , Herbert Xu Cc: clm@meta.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org, linux-crypto@vger.kernel.org, stable@vger.kernel.org, Atish Patra X-Migadu-Flow: FLOW_OUT From: Atish Patra Migration and mirroring of SEV-SNP VMs are not supported yet. Add two selftests that verify KVM rejects intra-host migration and mirroring when the source VM is an SNP VM, so the restriction stays enforced until proper SNP state transfer is implemented. Signed-off-by: Atish Patra --- .../testing/selftests/kvm/x86/sev_migrate_tests.c | 47 ++++++++++++++++++= ++++ 1 file changed, 47 insertions(+) diff --git a/tools/testing/selftests/kvm/x86/sev_migrate_tests.c b/tools/te= sting/selftests/kvm/x86/sev_migrate_tests.c index 6b0928e69051..acef6ab26d3d 100644 --- a/tools/testing/selftests/kvm/x86/sev_migrate_tests.c +++ b/tools/testing/selftests/kvm/x86/sev_migrate_tests.c @@ -313,6 +313,49 @@ static void test_sev_mirror_parameters(void) kvm_vm_free(vm_no_vcpu); } =20 +static void test_sev_snp_migrate_reject(void) +{ + struct kvm_vm *src_vm, *dst_vm; + int ret; + + src_vm =3D vm_create_barebones_type(KVM_X86_SNP_VM); + snp_vm_init(src_vm); + __vm_vcpu_add(src_vm, 0); + vm_sev_launch(src_vm, snp_default_policy(), NULL); + + dst_vm =3D vm_create_barebones_type(KVM_X86_SNP_VM); + __vm_vcpu_add(dst_vm, 0); + + ret =3D __sev_migrate_from(dst_vm, src_vm); + TEST_ASSERT(ret =3D=3D -1 && errno =3D=3D EINVAL, + "SNP VM migration should be rejected. ret: %d, errno: %d", + ret, errno); + + kvm_vm_free(src_vm); + kvm_vm_free(dst_vm); +} + +static void test_sev_snp_mirror_reject(void) +{ + struct kvm_vm *src_vm, *dst_vm; + int ret; + + src_vm =3D vm_create_barebones_type(KVM_X86_SNP_VM); + snp_vm_init(src_vm); + __vm_vcpu_add(src_vm, 0); + vm_sev_launch(src_vm, snp_default_policy(), NULL); + + dst_vm =3D aux_vm_create(false); + + ret =3D __sev_mirror_create(dst_vm, src_vm); + TEST_ASSERT(ret =3D=3D -1 && errno =3D=3D EINVAL, + "SNP VM mirroring should be rejected. ret: %d, errno: %d", + ret, errno); + + kvm_vm_free(src_vm); + kvm_vm_free(dst_vm); +} + static void test_sev_move_copy(void) { struct kvm_vm *dst_vm, *dst2_vm, *dst3_vm, *sev_vm, *mirror_vm, @@ -384,12 +427,16 @@ int main(int argc, char *argv[]) test_sev_migrate_parameters(); if (kvm_has_cap(KVM_CAP_VM_COPY_ENC_CONTEXT_FROM)) test_sev_move_copy(); + if (kvm_cpu_has(X86_FEATURE_SEV_SNP)) + test_sev_snp_migrate_reject(); } if (kvm_has_cap(KVM_CAP_VM_COPY_ENC_CONTEXT_FROM)) { test_sev_mirror(/* es=3D */ false); if (have_sev_es) test_sev_mirror(/* es=3D */ true); test_sev_mirror_parameters(); + if (kvm_cpu_has(X86_FEATURE_SEV_SNP)) + test_sev_snp_mirror_reject(); } return 0; } --=20 2.53.0-Meta From nobody Mon Jun 8 05:28:17 2026 Received: from out-172.mta0.migadu.com (out-172.mta0.migadu.com [91.218.175.172]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id AABED36E46E for ; Mon, 1 Jun 2026 23:05:01 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=91.218.175.172 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780355103; cv=none; b=CuRsg08uoJ6sZTuunVbMUnmyfhCz0E3lFGvS6VYKBNZ7WIgtmS7Fj77nK3Y/hxZDuHt5Zc4iDHLXqHwUiGezQINcSvmXasMCxaNZkd1dNn+S+d6R4ZLxma+KW8zAshPKfB7dsoE/qnK3zw0E7lTR2yNTN7q7jjW11jgvjQnh7G4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780355103; c=relaxed/simple; bh=bVPsmHC32xMRnbCUQzo2sQikrGCF693UprcC5PbkroU=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=ApkO0y28rf369e1WI0BivtEXztthThyTIP99PARtVWRR3ujQpbEweczjNgtNmOWDS/Ot4fl1LQrMSA0QJdYk356cjdl6f3f/jWckT1b1xZ+PT2T2XixhfmcEW06RIiXJCLW7BNHkv8HqtV3VNJ/LZ5k9BkPs8amMY/bPwrStPcE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.dev; spf=pass smtp.mailfrom=linux.dev; dkim=pass (1024-bit key) header.d=linux.dev header.i=@linux.dev header.b=Pxo7gb14; arc=none smtp.client-ip=91.218.175.172 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.dev Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.dev Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linux.dev header.i=@linux.dev header.b="Pxo7gb14" X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1780355099; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Ee5LGH1mkBrJOdssFnEtVdpG6R6AtAmt3hnR2uiZ+kU=; b=Pxo7gb14u7uOLz1Y0FCkQxiXki+1pmMfjLXzJszg5UslRDvTodrpHNNb2+Lw/HjDlVEz+D 5N3t8cHdP1cd6hsNaMZFgtImsNbE1Gon8qjLDx8Fa7CdUSl/u15ETsrasdHxS2LjfdSAd9 1tAZyJtU8BfQ1BykPjDnyhNVRhyvISo= From: Atish Patra Date: Mon, 01 Jun 2026 16:04:37 -0700 Subject: [PATCH v2 3/4] crypto: ccp: Fix possible deadlock in SEV init failure path Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260601-sev_snp_fixes-v2-3-611891b28a86@meta.com> References: <20260601-sev_snp_fixes-v2-0-611891b28a86@meta.com> In-Reply-To: <20260601-sev_snp_fixes-v2-0-611891b28a86@meta.com> To: Sean Christopherson , Paolo Bonzini , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Tom Lendacky , Peter Gonda , Brijesh Singh , Youngjae Lee , Ashish Kalra , Michael Roth , John Allen , Herbert Xu Cc: clm@meta.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org, linux-crypto@vger.kernel.org, stable@vger.kernel.org, Atish Patra X-Migadu-Flow: FLOW_OUT From: Atish Patra __sev_platform_init_handle_init_ex_path() called rmp_mark_pages_firmware() with locked=3Dfalse but while the parent function of init_ex_path already acquired the sev_cmd_mutex. In case of a rmpupdate failure for any page after the first, the cleanup path would invoke reclaim pages which would result in a deadlock in sev_do_cmd. Pass locked=3Dtrue to honor the lock status of the parent function. Fixes: 7364a6fbca45 ("crypto: ccp: Handle non-volatile INIT_EX data when SN= P is enabled") Reported-by: Chris Mason Assisted-by: Claude:claude-opus-4-6 Signed-off-by: Atish Patra Reviewed-by: Tom Lendacky --- drivers/crypto/ccp/sev-dev.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c index d1e9e0ac63b6..3d4793e8e34b 100644 --- a/drivers/crypto/ccp/sev-dev.c +++ b/drivers/crypto/ccp/sev-dev.c @@ -1557,7 +1557,7 @@ static int __sev_platform_init_handle_init_ex_path(st= ruct sev_device *sev) unsigned long npages; =20 npages =3D 1UL << get_order(NV_LENGTH); - if (rmp_mark_pages_firmware(__pa(sev_init_ex_buffer), npages, false)) { + if (rmp_mark_pages_firmware(__pa(sev_init_ex_buffer), npages, true)) { dev_err(sev->dev, "SEV: INIT_EX NV memory page state change failed.\n"); return -ENOMEM; } --=20 2.53.0-Meta From nobody Mon Jun 8 05:28:17 2026 Received: from out-182.mta1.migadu.com (out-182.mta1.migadu.com [95.215.58.182]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 36DF43655F7 for ; Mon, 1 Jun 2026 23:05:11 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=95.215.58.182 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780355112; cv=none; b=FrBmwEeoLhL/mQAMzQ3JZj/xRClvofF88iPGDDckMFAQICj21vDFLJr5VtJm1tp9cVKmfwZRV/1EX1aPSFo/OLzARBklJZ3VbGTJpfSvXkvy+ModZStbl6TgyerXdFN8G9beMaL4N9ybks3dVpQYGwbOY3VWgAnsL4nM8s7mOF4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780355112; c=relaxed/simple; bh=yBBNAHqeZj0yiEVQo2C2bFNBe2fJ1AMu/zDl1C0BFZE=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=nfms75g8v6WpRUHXaTfFOtJNDfX5qOrUyoEGuJ3zP/560c3rD8vukSlHYiqjKRX4N5FSJAa03MmM+z6LSso6qMkmD6KChqr2lSNBWwbaws7pIRDTLGCGK62OholKGdctw6dXT+jubre3pFOT9jKMWIcXDdHKT03nNyTHkEErFQk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.dev; spf=pass smtp.mailfrom=linux.dev; dkim=pass (1024-bit key) header.d=linux.dev header.i=@linux.dev header.b=pj91PvV1; arc=none smtp.client-ip=95.215.58.182 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.dev Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.dev Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linux.dev header.i=@linux.dev header.b="pj91PvV1" X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1780355109; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=FD4N0HbKLWVq/NAJ+NnEjLSsyGj1uFnK4ULSwpaY3Y0=; b=pj91PvV1cVjFcCE77aVCey+4+FKCJdufWf/K6N24g9FsMXJY461BZaWWyvnEEJtjGcBP7J MWQ1EpYNd0i2PsMf37at8DVxErFArvg6gwqcaOXcPi2hQinJX6YBY9J+FSSXZKxbswD2h8 dwxqxCUs3rlJ9O6chgry5wRQaSVJzBA= From: Atish Patra Date: Mon, 01 Jun 2026 16:04:38 -0700 Subject: [PATCH v2 4/4] crypto: ccp: Fix memory leak in SEV INIT_EX path Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260601-sev_snp_fixes-v2-4-611891b28a86@meta.com> References: <20260601-sev_snp_fixes-v2-0-611891b28a86@meta.com> In-Reply-To: <20260601-sev_snp_fixes-v2-0-611891b28a86@meta.com> To: Sean Christopherson , Paolo Bonzini , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Tom Lendacky , Peter Gonda , Brijesh Singh , Youngjae Lee , Ashish Kalra , Michael Roth , John Allen , Herbert Xu Cc: clm@meta.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org, linux-crypto@vger.kernel.org, stable@vger.kernel.org, Atish Patra , Sashiko X-Migadu-Flow: FLOW_OUT From: Atish Patra allocated pages in _init_ext_path are never freed and sev_init_ex_buffer is left pointing at the leaked memory in case of any failures during the function.. Fix by adding an error path that frees the pages and clears sev_init_ex_buffer. Make sure we only free the memory if the failure happens before the conversion. Otherwise, we may end up trying to free up converted pages in case of reclaim failure. rmp_mark_pages_firmware failures should be rare enough to avoid more code complexity to track down which pages were reclaimed/leaked vs which are not. Fixes: 7364a6fbca45 ("crypto: ccp: Handle non-volatile INIT_EX data when SN= P is enabled") Reported-by: Sashiko Signed-off-by: Atish Patra Reviewed-by: Tom Lendacky --- drivers/crypto/ccp/sev-dev.c | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c index 3d4793e8e34b..8566f164430b 100644 --- a/drivers/crypto/ccp/sev-dev.c +++ b/drivers/crypto/ccp/sev-dev.c @@ -1550,7 +1550,7 @@ static int __sev_platform_init_handle_init_ex_path(st= ruct sev_device *sev) =20 rc =3D sev_read_init_ex_file(); if (rc) - return rc; + goto err_free; =20 /* If SEV-SNP is initialized, transition to firmware page. */ if (sev->snp_initialized) { @@ -1559,11 +1559,23 @@ static int __sev_platform_init_handle_init_ex_path(= struct sev_device *sev) npages =3D 1UL << get_order(NV_LENGTH); if (rmp_mark_pages_firmware(__pa(sev_init_ex_buffer), npages, true)) { dev_err(sev->dev, "SEV: INIT_EX NV memory page state change failed.\n"); - return -ENOMEM; + rc =3D -ENOMEM; + /* + * Don't free on conversion failure: the rollback may + * have left pages firmware-owned, and a high-order + * block can't be partially freed. + */ + goto err_reset; } } =20 return 0; + +err_free: + __free_pages(page, get_order(NV_LENGTH)); +err_reset: + sev_init_ex_buffer =3D NULL; + return rc; } =20 static int __sev_platform_init_locked(int *error) --=20 2.53.0-Meta