Re: [Part2 PATCH v5.1 12.7/31] crypto: ccp: Implement SEV_PEK_CSR ioctl command

On Thu, Oct 12, 2017 at 11:13:44PM -0500, Brijesh Singh wrote: > As per the spec, its perfectly legal to pass input.address = 0x0 and > input.length = 0x0. If userspace wants to query CSR length then it will > fill all the fields with. In response, FW will return error > (LENGTH_TO_SMALL) and

Re: [Part2 PATCH v5.1 12.7/31] crypto: ccp: Implement SEV_PEK_CSR ioctl command

On Thu, Oct 12, 2017 at 09:24:01PM -0500, Brijesh Singh wrote: > I assume you mean performing the SEV state check before allocating the > memory for the CSR blob, right ? I mean, do those first: if (copy_from_user(, (void __user *)argp->data, sizeof(input))) return

Re: [Part2 PATCH v5.1 12.7/31] crypto: ccp: Implement SEV_PEK_CSR ioctl command

On 10/12/17 9:24 PM, Brijesh Singh wrote: > > On 10/12/17 2:53 PM, Borislav Petkov wrote: > ... > >> Ok, a couple of things here: >> >> * Move the checks first and the allocations second so that you allocate >> memory only after all checks have been passed and you don't allocate >> pointlessly.

Re: [Part2 PATCH v5.1 12.7/31] crypto: ccp: Implement SEV_PEK_CSR ioctl command

On 10/12/17 2:53 PM, Borislav Petkov wrote: ... > Ok, a couple of things here: > > * Move the checks first and the allocations second so that you allocate > memory only after all checks have been passed and you don't allocate > pointlessly. I assume you mean performing the SEV state check

Re: [Part2 PATCH v5.1 12.7/31] crypto: ccp: Implement SEV_PEK_CSR ioctl command

On Fri, Oct 06, 2017 at 08:06:05PM -0500, Brijesh Singh wrote: > The SEV_PEK_CSR command can be used to generate a PEK certificate > signing request. The command is defined in SEV spec section 5.7. > > Cc: Paolo Bonzini > Cc: "Radim Krčmář" > Cc: