Commit 5c52607c authored Mar 04, 2026 by Guenter Roeck Committed by Herbert Xu Mar 14, 2026

crypto: ccp - Fix leaking the same page twice



Commit 55112014 ("crypto: ccp - Fix a case where SNP_SHUTDOWN is
missed") fixed a case where SNP is left in INIT state if page reclaim
fails. It removes the transition to the INIT state for this command and
adjusts the page state management.

While doing this, it added a call to snp_leak_pages() after a call to
snp_reclaim_pages() failed. Since snp_reclaim_pages() already calls
snp_leak_pages() internally on the pages it fails to reclaim, calling
it again leaks the exact same page twice.

Fix by removing the extra call to snp_leak_pages().

The problem was found by an experimental code review agent based on
gemini-3.1-pro while reviewing backports into v6.18.y.

Assisted-by: Gemini:gemini-3.1-pro
Fixes: 55112014 ("crypto: ccp - Fix a case where SNP_SHUTDOWN is missed")
Cc: Tycho Andersen (AMD) <tycho@kernel.org>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com>
Reviewed-by: Tycho Andersen (AMD) <tycho@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

parent d240b079

drivers/crypto/ccp/sev-dev.c

+1 −3

Original line number	Diff line number	Diff line
		@@ -2408,11 +2408,9 @@ static int sev_ioctl_do_snp_platform_status(struct sev_issue_cmd *argp)
		* in Firmware state on failure. Use snp_reclaim_pages() to
		* transition either case back to Hypervisor-owned state.
		*/
		if (snp_reclaim_pages(__pa(data), 1, true)) {
		snp_leak_pages(__page_to_pfn(status_page), 1);
		if (snp_reclaim_pages(__pa(data), 1, true))
		return -EFAULT;
		}
		}

		if (ret)
		goto cleanup;