Re: [PATCH crypto-2.6] crypto: ccp: add timeout support in the SEV command

From: Borislav Petkov
Date: Tue Sep 11 2018 - 09:53:31 EST

Next message: Borislav Petkov: "Re: [PATCH v6 5/5] x86/kvm: Avoid dynamic allocation of pvclock data when SEV is active"
Previous message: Waiman Long: "Re: Plumbers 2018 - Performance and Scalability Microconference"
In reply to: Brijesh Singh: "Re: [PATCH crypto-2.6] crypto: ccp: add timeout support in the SEV command"
Next in thread: Brijesh Singh: "Re: [PATCH crypto-2.6] crypto: ccp: add timeout support in the SEV command"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Sep 10, 2018 at 02:06:57PM -0500, Brijesh Singh wrote:
> Nothing prevent user from supplying a bogus number. The main question
> is, clamp with what number ?

So you definitely want to forbid too large timeouts - that wouldn't make
any sense anyway. And too small either, because a too small timeout
would make a potentially functioning fw broken.

> IMO, if user is overriding the default timeout number then its possible
> that user is dealing with a buggy firmware which does not work with
> default timeout and silently clamping the value will not help them.

No one said "silently" - you simply say:

"Correcting PSP "Correcting PSP probe timeout to X seconds."

when loading the driver so that the user is aware that the value she
entered might not be an optimal one.

--
Regards/Gruss,
Boris.

Good mailing practices for 400: avoid top-posting and trim the reply.

Next message: Borislav Petkov: "Re: [PATCH v6 5/5] x86/kvm: Avoid dynamic allocation of pvclock data when SEV is active"
Previous message: Waiman Long: "Re: Plumbers 2018 - Performance and Scalability Microconference"
In reply to: Brijesh Singh: "Re: [PATCH crypto-2.6] crypto: ccp: add timeout support in the SEV command"
Next in thread: Brijesh Singh: "Re: [PATCH crypto-2.6] crypto: ccp: add timeout support in the SEV command"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]