Re: [PATCH crypto-2.6] crypto: ccp: add timeout support in the SEV command

From: Brijesh Singh
Date: Mon Sep 10 2018 - 15:07:06 EST


Hi Boris,


On 09/04/2018 03:11 AM, Borislav Petkov wrote:
...

+
+static int psp_probe_timeout = 5;
+module_param(psp_probe_timeout, int, 0644);
+MODULE_PARM_DESC(psp_probe_timeout, " default timeout value, in seconds, during PSP device probe");

Just a question: what prevents the user from supplying non-sensical
values here?

I think we should clamp them to only allowed values because I don't want
to be debugging some strange bugs due to that.


Nothing prevent user from supplying a bogus number. The main question
is, clamp with what number ?

IMO, if user is overriding the default timeout number then its possible
that user is dealing with a buggy firmware which does not work with
default timeout and silently clamping the value will not help them.


- Brijesh