Re: [PATCH v10 48/50] KVM: SEV: Provide support for SNP_GUEST_REQUEST NAE event

From: Dionna Amalie Glaze
Date: Mon Oct 16 2023 - 19:18:35 EST

Next message: patchwork-bot+netdevbpf: "Re: [PATCH] net: phy: smsc: replace deprecated strncpy with ethtool_sprintf"
Previous message: Linus Torvalds: "Re: [PATCH v2 -tip] x86/percpu: Use C for arch_raw_cpu_ptr()"
In reply to: Michael Roth: "[PATCH v10 48/50] KVM: SEV: Provide support for SNP_GUEST_REQUEST NAE event"
Next in thread: Sean Christopherson: "Re: [PATCH v10 48/50] KVM: SEV: Provide support for SNP_GUEST_REQUEST NAE event"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> +
> + /*
> + * If a VMM-specific certificate blob hasn't been provided, grab the
> + * host-wide one.
> + */
> + snp_certs = sev_snp_certs_get(sev->snp_certs);
> + if (!snp_certs)
> + snp_certs = sev_snp_global_certs_get();
> +

This is where the generation I suggested adding would get checked. If
the instance certs' generation is not the global generation, then I
think we need a way to return to the VMM to make that right before
continuing to provide outdated certificates.
This might be an unreasonable request, but the fact that the certs and
reported_tcb can be set while a VM is running makes this an issue.

--
-Dionna Glaze, PhD (she/her)

Next message: patchwork-bot+netdevbpf: "Re: [PATCH] net: phy: smsc: replace deprecated strncpy with ethtool_sprintf"
Previous message: Linus Torvalds: "Re: [PATCH v2 -tip] x86/percpu: Use C for arch_raw_cpu_ptr()"
In reply to: Michael Roth: "[PATCH v10 48/50] KVM: SEV: Provide support for SNP_GUEST_REQUEST NAE event"
Next in thread: Sean Christopherson: "Re: [PATCH v10 48/50] KVM: SEV: Provide support for SNP_GUEST_REQUEST NAE event"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]