Received: by 2002:a05:6358:d09b:b0:dc:cd0c:909e with SMTP id jc27csp1019401rwb; Wed, 16 Nov 2022 10:46:07 -0800 (PST) X-Google-Smtp-Source: AA0mqf542nJ/rlmpUI1+F9FF/Df//XPNezLqXSgznR1/bOmzQD4b3sKeVoPLfimyOQrjhSoUBJPS X-Received: by 2002:a17:906:3fd1:b0:7a6:a48b:5e2a with SMTP id k17-20020a1709063fd100b007a6a48b5e2amr18504312ejj.338.1668624367188; Wed, 16 Nov 2022 10:46:07 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1668624367; cv=none; d=google.com; s=arc-20160816; b=iXcp/0M6LKYF31VcTY4cq+0g3b5dseHNM4I+EJ0Qq01rq4l9jEV8kztuXunb7EKkra Gil/JvdVwBA93WzkDsefoXVemlXz95X+EfPzW523bLonVi3/ri32IOTW0HlOlMI75aw1 WOla519PHI9gd2oI7i+vdwHNJoG5hreIN9W90qsVal/z/uycmCbrJVQn7cIHfrTuDtGe wtHOFl1jUwn1ZvA5reSfOTiLR9gv9r/Ygp6Jg24UlHgUOwXoKuOKZPF55nLQEH/xqOHJ DGdfuspl3XSXbWqWsGu6uYsQYV02NrsnWMWLR3603xJnMG7Yqh2jAZ2+t76o+384cqeg wW8Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-transfer-encoding :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature:dkim-signature; bh=2+mwqcnu3Dk15IooPi8KuMWj/BV5uluYencW/62PbfE=; b=JITgmC77rJQhCWUuaQNz0Bha6YW8SrM+Nkb0iew2wOB6SaMCmLPlDjG10hiSGEyqNo PZRSlTD1hOkHx2sLiZmnQ2WzvFdPKWLOhNq1Y5U+Di97w4e7loi9YakjUPnNjInbxW0v 3NLeGgGN+DplMNull5b1mRBD19w4dM/9HqHSZf8jWRkmT5Yb4dCojA9VsBpxLsyIu/JC w2OtxN4n5QFJCEJsGpE9v76Rq87KrZOQc0PY+S+b2Ugb0iu7NvX1fgvfZrz8FErQAFaq 0BjhNk7HKY3/tv61Y9k9N31nYq7OfpLOAvGq908VPSgdND7IHI2CV61747BZ1an/jIJK Yp+w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@suse.de header.s=susede2_rsa header.b=f9vZE3Aa; dkim=neutral (no key) header.i=@suse.de; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=suse.de Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id dd17-20020a1709069b9100b007826cb6f57csi15187894ejc.407.2022.11.16.10.45.45; Wed, 16 Nov 2022 10:46:07 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@suse.de header.s=susede2_rsa header.b=f9vZE3Aa; dkim=neutral (no key) header.i=@suse.de; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=suse.de Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234155AbiKPR2r (ORCPT + 90 others); Wed, 16 Nov 2022 12:28:47 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44090 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233204AbiKPR2p (ORCPT ); Wed, 16 Nov 2022 12:28:45 -0500 Received: from smtp-out1.suse.de (smtp-out1.suse.de [195.135.220.28]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7589832BA3; Wed, 16 Nov 2022 09:28:43 -0800 (PST) Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by smtp-out1.suse.de (Postfix) with ESMTPS id 144AB229FE; Wed, 16 Nov 2022 17:28:42 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1668619722; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=2+mwqcnu3Dk15IooPi8KuMWj/BV5uluYencW/62PbfE=; b=f9vZE3Aavb0yG3AG2jx/CdaOBJGlA5BkMJQI3Vx+g4+9MXsM8CQkW2IXN7tf4Vugy1nnpS khfILFr5Eqzyu6qFl7A5v+RWxqK5zF0W5eYqj9CVZO02osMTAd3HG57nfN3ezmRDo5p7bc cQMrbpl6a6/opvCCtNvTevEFgN5b8WA= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1668619722; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=2+mwqcnu3Dk15IooPi8KuMWj/BV5uluYencW/62PbfE=; b=V7Mwz9U6WCW7KPIyl9RC6FbITz17YGp8j2IALJP7B6BnXf9XyzU4Bpc3WzImCYYcYVhGRq W1RFKktR1M/OGsDQ== Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id 02AA613480; Wed, 16 Nov 2022 17:28:42 +0000 (UTC) Received: from dovecot-director2.suse.de ([192.168.254.65]) by imap2.suse-dmz.suse.de with ESMTPSA id v2ecAModdWOzJAAAMHmgww (envelope-from ); Wed, 16 Nov 2022 17:28:42 +0000 Date: Wed, 16 Nov 2022 18:28:38 +0100 From: Borislav Petkov To: Peter Gonda Cc: Tom Lendacky , Dionna Glaze , Michael Roth , Haowen Bai , Yang Yingliang , Marc Orr , David Rientjes , Ashish Kalra , linux-kernel@vger.kernel.org, kvm@vger.kernel.org Subject: Re: [PATCH V4] virt: sev: Prevent IV reuse in SNP guest driver Message-ID: References: <20221103152318.88354-1-pgonda@google.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,SPF_HELO_NONE, SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Nov 16, 2022 at 10:10:58AM -0700, Peter Gonda wrote: > I think another comment above the first snp_issue_guest_request() > could help too. Saying once we call this function we either need to > increment the sequence number or wipe the VMPCK to ensure the > encryption scheme is safe. And make that explicit pls: /* * If the extended guest request fails due to having to small of a * certificate data buffer retry the same guest request without the * extended data request... ... in order to not have to reuse the IV. I have to admit, the flow in that function is still not optimal but I haven't stared at it long enough to have a better idea... Thx. -- Regards/Gruss, Boris. SUSE Software Solutions Germany GmbH GF: Ivo Totev, Andrew Myers, Andrew McDonald, Martje Boudien Moerman (HRB 36809, AG Nürnberg)