Re: [PATCH v1 3/4] crypto/ccp: Do not initialize SNP for ioctl(SNP_VLEK_LOAD)

Next message: Andy Shevchenko: "Re: [PATCH v4 06/13] iio: dac: ad5686: refactor include headers"
Previous message: Ard Biesheuvel: "Re: [PATCH v4 15/15] arm64: mm: Remap linear aliases of the fixmap page tables read-only"
In reply to: Tom Lendacky: "Re: [PATCH v1 3/4] crypto/ccp: Do not initialize SNP for ioctl(SNP_VLEK_LOAD)"
Next in thread: Tycho Andersen: "[PATCH v1 1/4] crypto/ccp: Do not initialize SNP for SEV ioctls"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Tycho Andersen

Date: Wed Apr 29 2026 - 10:11:29 EST

On Tue, Apr 28, 2026 at 05:02:53PM -0500, Tom Lendacky wrote:
> > diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c
> > index 572f06368d4b..e8c3ac6d989a 100644
> > --- a/drivers/crypto/ccp/sev-dev.c
> > +++ b/drivers/crypto/ccp/sev-dev.c
> > @@ -2481,9 +2481,8 @@ static int sev_ioctl_do_snp_vlek_load(struct sev_issue_cmd *argp, bool writable)
> > {
> > struct sev_device *sev = psp_master->sev_data;
> > struct sev_user_data_snp_vlek_load input;
> > - bool shutdown_required = false;
> > - int ret, error;
> > void *blob;
> > + int ret;
> >
> > if (!argp->data)
> > return -EINVAL;
> > @@ -2497,6 +2496,9 @@ static int sev_ioctl_do_snp_vlek_load(struct sev_issue_cmd *argp, bool writable)
> > if (input.len != sizeof(input) || input.vlek_wrapped_version != 0)
> > return -EINVAL;
> >
> > + if (!sev->snp_initialized)
> > + return -EINVAL;
> > +
>
> Should this be moved up to avoid the copy_from_user()?

Yep, I can do that.

> And should something other than -EINVAL be used, maybe -ENODEV, to help
> distinguish the error a bit?

As you noted in patch 4, this is an ABI break as well. We could
return 0 here and make it not an ABI break. Given that any use of
this is almost certainly a bug, though, I think -ENODEV is good, I'll
change it to that.

Tycho