Re: [PATCH v2 3/4] crypto: ccp: Fix possible deadlock in SEV init failure path
From: Tom Lendacky
Date: Tue Jun 02 2026 - 11:22:06 EST
On 6/1/26 18:04, Atish Patra wrote:
> From: Atish Patra <atishp@xxxxxxxx>
>
> __sev_platform_init_handle_init_ex_path() called
s/called/calls/
> rmp_mark_pages_firmware() with locked=false but while the parent
s/but//
> function of init_ex_path already acquired the sev_cmd_mutex.
> In case of a rmpupdate failure for any page after the first, the cleanup
s/In case/In the case/
s/a rmpupdate/an RMPUPDATE/
> path would invoke reclaim pages which would result in a deadlock in
> sev_do_cmd.
>
> Pass locked=true to honor the lock status of the parent function.
>
> Fixes: 7364a6fbca45 ("crypto: ccp: Handle non-volatile INIT_EX data when SNP is enabled")
>
> Reported-by: Chris Mason <clm@xxxxxxxx>
> Assisted-by: Claude:claude-opus-4-6
> Signed-off-by: Atish Patra <atishp@xxxxxxxx>
Reviewed-by: Tom Lendacky <thomas.lendacky@xxxxxxx>
> ---
> drivers/crypto/ccp/sev-dev.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c
> index d1e9e0ac63b6..3d4793e8e34b 100644
> --- a/drivers/crypto/ccp/sev-dev.c
> +++ b/drivers/crypto/ccp/sev-dev.c
> @@ -1557,7 +1557,7 @@ static int __sev_platform_init_handle_init_ex_path(struct sev_device *sev)
> unsigned long npages;
>
> npages = 1UL << get_order(NV_LENGTH);
> - if (rmp_mark_pages_firmware(__pa(sev_init_ex_buffer), npages, false)) {
> + if (rmp_mark_pages_firmware(__pa(sev_init_ex_buffer), npages, true)) {
> dev_err(sev->dev, "SEV: INIT_EX NV memory page state change failed.\n");
> return -ENOMEM;
> }
>