| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <7b3c264c-03bb-4dc5-b5c6-24fb0bd179cf@amd.com> Date: Fri, 5 Dec 2025 08:28:41 -0600 From: Tom Lendacky <thomas.lendacky@....com> To: Thomas Courrege <thomas.courrege@...es.tech>, pbonzini@...hat.com, seanjc@...gle.com, corbet@....net, ashish.kalra@....com, john.allen@....com, herbert@...dor.apana.org.au, nikunj@....com Cc: x86@...nel.org, kvm@...r.kernel.org, linux-kernel@...r.kernel.org, linux-crypto@...r.kernel.org Subject: Re: [PATCH v2] KVM: SEV: Add KVM_SEV_SNP_HV_REPORT_REQ command On 12/4/25 07:21, Thomas Courrege wrote: > On 12/2/25 8:29 PM, Tom Lendacky wrote: > >>> + >>> +e_free_rsp: >>> + /* contains sensitive data */ >>> + memzero_explicit(report_rsp, PAGE_SIZE); >> Does it? What is sensitive that needs to be cleared? > > Combine with others reports, it could allow to do an inventory of the guests, > which ones share the same author, measurement, policy... > It is not needed, but generating a report is not a common operation so > performance is not an issue here. What do you think is the best to do ? Can't userspace do that just by generating/requesting reports? If there are no keys, IVs, secrets, etc. in the memory, I don't see what the memzero_explicit() is accomplishing. Maybe I'm missing something here and others may have different advice. Thanks, Tom > > Regards, > Thomas
Powered by blists - more mailing lists