Re: [PATCH Part1 v5 34/38] x86/sev: Add snp_msg_seqno() helper

From: Brijesh Singh
Date: Thu Sep 09 2021 - 12:17:17 EST

On 9/9/21 10:43 AM, Peter Gonda wrote:

Does this address your concern?

So the 'snp_msg_seqno()' call in 'enc_payload' will not increment the
counter, its only incremented on 'snp_gen_msg_seqno()'? If thats
correct, that addresses my first concern.

Yes, that is goal.

So far, the only user for the snp_msg_seqno() is the attestation driver.
And the driver is designed to serialize the vmgexit request and thus we
should not run into concurrence issue.

That seems a little dangerous as any module new code or out-of-tree
module could use this function thus revealing this race condition
right? Could we at least have a comment on these functions
(snp_msg_seqno and snp_gen_msg_seqno) noting this?

Yes, if the driver is not performing the serialization then we will get into race condition.

One way to avoid this requirement is to do all the crypto inside the snp_issue_guest_request() and eliminate the need to export the snp_msg_seqno().

I will add the comment about it in the function.