Re: [PATCH] crypto: ccp: Fix SNP range list bounds check

Next message: Christian Brauner: "[GIT PULL 11/16 for v7.2] vfs bh"
Previous message: Rob Herring: "Re: [PATCH v6 1/3] dt-bindings: imx6q-pcie: Add optional intr/aer/pme interrupts for i.MX95"
In reply to: Tom Lendacky: "Re: [PATCH] crypto: ccp: Fix SNP range list bounds check"
Next in thread: Jarkko Sakkinen: "Re: [PATCH] crypto: ccp: Fix SNP range list bounds check"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Tycho Andersen

Date: Fri Jun 12 2026 - 11:19:18 EST

On Fri, Jun 12, 2026 at 05:25:25PM +0800, ZongYao.Chen@xxxxxxxxxxxxxxxxx wrote:
> From: Zongyao Chen <ZongYao.Chen@xxxxxxxxxxxxxxxxx>
>
> snp_filter_reserved_mem_regions() checks the range list size before
> adding a new entry. If the page-sized SNP_INIT_EX buffer is already
> full, the next matching resource can still write one entry past the end
> of the buffer.
>
> Check that there is room for the next entry before appending it, and
> compute the next entry pointer only after the bounds check.

> Fixes: 1ca5614b84ee ("crypto: ccp: Add support to initialize the AMD-SP for SEV-SNP")
> Cc: stable@xxxxxxxxxxxxxxx
> Signed-off-by: Zongyao Chen <ZongYao.Chen@xxxxxxxxxxxxxxxxx>

I believe there is a version of this in the crypto tree already as
1b864b6cb213 ("crypto: ccp - Fix snp_filter_reserved_mem_regions()
off-by-one").

Thanks,

Tycho