Re: [PATCH RFC v7 62/64] x86/sev: Add KVM commands for instance certs

From: Dionna Amalie Glaze
Date: Thu Jan 19 2023 - 20:40:30 EST

Next message: Rob Herring: "Re: [PATCH 1/2] dt-bindings: fsi: Document the IBM I2C Responder virtual FSI master"
Previous message: Sean Christopherson: "Re: [PATCH v7 0/7] x86/cpu, kvm: Support AMD Automatic IBRS"
In reply to: Kalra, Ashish: "Re: [PATCH RFC v7 62/64] x86/sev: Add KVM commands for instance certs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Jan 19, 2023 at 2:18 PM Kalra, Ashish <ashish.kalra@xxxxxxx> wrote:
>
> Hello Dionna,
>
> Do you also have other updates to this patch with regard to review
> comments from Dov ?
>

Apart from the PAGE_ALIGN change, the result of the whole discussion
appears to only need the following immediately before the
copy_from_user of certs_uaddr in the snp_set_instance_certs function:

/* The size could shrink and leave garbage at the end. */
memset(sev->snp_certs_data, 0, SEV_FW_BLOB_MAX_SIZE);

I don't believe there is an off-by-one with the page shifting for the
number of pages because snp_certs_len is already rounded up to the
nearest page size. Any other change wrt the way the blob size is
decided between the guest and host should come later.

--
-Dionna Glaze, PhD (she/her)

Next message: Rob Herring: "Re: [PATCH 1/2] dt-bindings: fsi: Document the IBM I2C Responder virtual FSI master"
Previous message: Sean Christopherson: "Re: [PATCH v7 0/7] x86/cpu, kvm: Support AMD Automatic IBRS"
In reply to: Kalra, Ashish: "Re: [PATCH RFC v7 62/64] x86/sev: Add KVM commands for instance certs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]