Re: [PATCH V4] virt: sev: Prevent IV reuse in SNP guest driver

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Nov 16, 2022 at 10:10:58AM -0700, Peter Gonda wrote:
> I think another comment above the first snp_issue_guest_request()
> could help too. Saying once we call this function we either need to
> increment the sequence number or wipe the VMPCK to ensure the
> encryption scheme is safe.

And make that explicit pls:

        /*
         * If the extended guest request fails due to having to small of a
         * certificate data buffer retry the same guest request without the
         * extended data request...

	 ... in order to not have to reuse the IV.


I have to admit, the flow in that function is still not optimal but I
haven't stared at it long enough to have a better idea...

Thx.

-- 
Regards/Gruss,
    Boris.

SUSE Software Solutions Germany GmbH
GF: Ivo Totev, Andrew Myers, Andrew McDonald, Martje Boudien Moerman
(HRB 36809, AG Nürnberg)



[Index of Archives]     [KVM ARM]     [KVM ia64]     [KVM ppc]     [Virtualization Tools]     [Spice Development]     [Libvirt]     [Libvirt Users]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite Questions]     [Linux Kernel]     [Linux SCSI]     [XFree86]

  Powered by Linux