On Wed, Nov 16, 2022 at 12:02 PM Tom Lendacky <thomas.lendacky@xxxxxxx> wrote: > > On 11/16/22 11:55, Peter Gonda wrote: > > The AMD Secure Processor (ASP) and an SNP guest use a series of > > AES-GCM keys called VMPCKs to communicate securely with each other. > > The IV to this scheme is a sequence number that both the ASP and the > > guest track. Currently this sequence number in a guest request must > > exactly match the sequence number tracked by the ASP. This means that > > if the guest sees an error from the host during a request it can only > > retry that exact request or disable the VMPCK to prevent an IV reuse. > > AES-GCM cannot tolerate IV reuse see: "Authentication Failures in NIST > > version of GCM" - Antoine Joux et al. > > > > In order to address this make handle_guest_request() delete the VMPCK > > on any non successful return. To allow userspace querying the cert_data > > length make handle_guest_request() safe the number of pages required by > > s/safe/save/ > > > the host, then handle_guest_request() retry the request without > > ... then have handle_guest_request() ... > > > requesting the extended data, then return the number of pages required > > back to userspace. > > > > Fixes: fce96cf044308 ("virt: Add SEV-SNP guest driver") > > Signed-off-by: Peter Gonda <pgonda@xxxxxxxxxx> > > Reported-by: Peter Gonda <pgonda@xxxxxxxxxx> > > Just some nits on the commit message and comments below, otherwise > > Reviewed-by: Tom Lendacky <thomas.lendacky@xxxxxxx> Thanks Tom. I'll update with all the feedback after Boris chimes in.