On Wed, 2025-05-07 at 21:18 +0530, Srish Srinivasan wrote:

quoted

We expect SB_VERSION to always be world-readable, I think? In which
case it shouldn't return H_AUTHORITY / -EPERM, ever, and if it does
that's an error which should be handled as an error. Or am I
misinterpreting the spec here?

Yes, SB_VERSION is world-readable and should not return H_AUTHORITY
in 
the case of dynamic key management mode. However, in
the case of static key management mode, when SB_VERSION does not
exist, 
the hypervisor tries to authenticate the consumer. If the
authentication is successful, H_NOT_FOUND is returned, else
H_AUTHORITY 
is returned. The intention behind authenticating the
consumer when the object is not found is to ensure that a 
non-authenticated consumer is unable to conclude on the absence of
the object. Here, when the kernel tries to read the non-existent 
SB_VERSION, it fails the authentication check and therefore,
gets the H_AUTHORITY error code.

Ah, I see my confusion: if the object *doesn't exist*, then it
obviously can't be a world-readable object, thus triggering the
password verification. In which case, we do need to catch -EPERM.

Thanks for correcting me!

-- 
Andrew Donnellan    OzLabs, ADL Canberra
ajd@linux.ibm.com   IBM Australia Limited