From: Sean Christopherson <seanjc@google.com>
To: Michael Roth <michael.roth@amd.com>
Cc: Alexey Kardashevskiy <aik@amd.com>,
Dionna Amalie Glaze <dionnaglaze@google.com>,
kvm@vger.kernel.org, linux-coco@lists.linux.dev,
linux-mm@kvack.org, linux-crypto@vger.kernel.org,
x86@kernel.org, linux-kernel@vger.kernel.org,
tglx@linutronix.de, mingo@redhat.com, jroedel@suse.de,
thomas.lendacky@amd.com, hpa@zytor.com, ardb@kernel.org,
pbonzini@redhat.com, vkuznets@redhat.com, jmattson@google.com,
luto@kernel.org, dave.hansen@linux.intel.com, slp@redhat.com,
pgonda@google.com, peterz@infradead.org,
srinivas.pandruvada@linux.intel.com, rientjes@google.com,
dovmurik@linux.ibm.com, tobin@ibm.com, bp@alien8.de,
vbabka@suse.cz, kirill@shutemov.name, ak@linux.intel.com,
tony.luck@intel.com, sathyanarayanan.kuppuswamy@linux.intel.com,
alpergun@google.com, jarkko@kernel.org, ashish.kalra@amd.com,
nikunj.dadhania@amd.com, pankaj.gupta@amd.com,
liam.merwick@oracle.com, zhi.a.wang@intel.com,
Brijesh Singh <brijesh.singh@amd.com>
Subject: Re: [PATCH v10 48/50] KVM: SEV: Provide support for SNP_GUEST_REQUEST NAE event
Date: Fri, 10 Nov 2023 14:47:54 -0800 [thread overview]
Message-ID: <ZU6zGgvfhga0Oiob@google.com> (raw)
In-Reply-To: <20231110220756.7hhiy36jc6jiu7nm@amd.com>
On Fri, Nov 10, 2023, Michael Roth wrote:
> On Wed, Oct 18, 2023 at 06:48:59AM -0700, Sean Christopherson wrote:
> > On Wed, Oct 18, 2023, Alexey Kardashevskiy wrote:
> > Anyways, back to punting to userspace. Here's a rough sketch. The only new uAPI
> > is the definition of KVM_HC_SNP_GET_CERTS and its arguments.
>
> This sketch seems like a good, flexible way to handle per-VM certs, but
> it does complicate things from a userspace perspective. As a basic
> requirement, all userspaces will need to provide a way to specify the
> initial blob (either a very verbose base64-encoded userspace cmdline param,
> or a filepatch that needs additional management to store and handle
> permissions/etc.), and also a means to update it (e.g. a HMP/QMP command
> for QEMU, some libvirt wrappers, etc.).
>
> That's all well and good if you want to make use of per-VM certs, but we
> don't necessarily expect that most deployments will necessarily want to deal
> with per-VM certs, and would be happy with a system-wide one where they could
> simply issue the /dev/sev ioctl to inject one automatically for all guests.
>
> So we're sort of complicating the more common case to support a more niche
> one (as far as userspace is concerned anyway; as far as kernel goes, your
> approach is certainly simplest :)).
>
> Instead, maybe a compromise is warranted so the requirements on userspace
> side are less complicated for a more basic deployment:
>
> 1) If /dev/sev is used to set a global certificate, then that will be
> used unconditionally by KVM, protected by simple dumb mutex during
> usage/update.
> 2) If /dev/sev is not used to set the global certificate is the value
> is NULL, we assume userspace wants full responsibility for managing
> certificates and exit to userspace to request the certs in the manner
> you suggested.
>
> Sean, Dionna, would this cover your concerns and address the certificate
> update use-case?
Honestly, no. I see zero reason for the kernel to be involved. IIUC, there's no
privileged operations that require kernel intervention, which means that shoving
a global cert into /dev/sev is using the CCP driver as middleman. Just use a
userspace daemon. I have a very hard time believing that passing around large-ish
blobs of data in userspace isn't already a solved problem.
next prev parent reply other threads:[~2023-11-10 22:47 UTC|newest]
Thread overview: 158+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-10-16 13:27 [PATCH v10 00/50] Add AMD Secure Nested Paging (SEV-SNP) Hypervisor Support Michael Roth
2023-10-16 13:27 ` [PATCH v10 01/50] KVM: SVM: INTERCEPT_RDTSCP is never intercepted anyway Michael Roth
2023-10-16 15:12 ` Greg KH
2023-10-16 15:14 ` Paolo Bonzini
2023-10-16 15:21 ` Michael Roth
2023-10-16 13:27 ` [PATCH v10 02/50] KVM: SVM: Fix TSC_AUX virtualization setup Michael Roth
2023-10-16 13:27 ` [PATCH v10 03/50] KVM: SEV: Do not intercept accesses to MSR_IA32_XSS for SEV-ES guests Michael Roth
2023-12-13 12:50 ` Paolo Bonzini
2023-12-13 17:30 ` Sean Christopherson
2023-12-13 17:40 ` Paolo Bonzini
2023-10-16 13:27 ` [PATCH v10 04/50] x86/cpufeatures: Add SEV-SNP CPU feature Michael Roth
2023-12-13 12:51 ` Paolo Bonzini
2023-12-13 13:13 ` Borislav Petkov
2023-12-13 13:31 ` Paolo Bonzini
2023-12-13 13:36 ` Borislav Petkov
2023-12-13 13:40 ` Paolo Bonzini
2023-12-13 13:49 ` Borislav Petkov
2023-12-13 14:18 ` Paolo Bonzini
2023-12-13 15:41 ` Borislav Petkov
2023-12-13 17:35 ` Paolo Bonzini
2023-12-13 18:53 ` Borislav Petkov
2023-10-16 13:27 ` [PATCH v10 05/50] x86/speculation: Do not enable Automatic IBRS if SEV SNP is enabled Michael Roth
2023-10-25 17:33 ` Borislav Petkov
2023-10-27 21:50 ` Dave Hansen
2023-12-13 12:52 ` Paolo Bonzini
2023-10-16 13:27 ` [PATCH v10 06/50] x86/sev: Add the host SEV-SNP initialization support Michael Roth
2023-10-25 18:19 ` Tom Lendacky
2023-11-07 16:31 ` Borislav Petkov
2023-11-07 18:32 ` Tom Lendacky
2023-11-07 19:13 ` Borislav Petkov
2023-11-08 8:21 ` Jeremi Piotrowski
2023-11-08 15:19 ` Tom Lendacky
2023-11-07 19:00 ` Kalra, Ashish
2023-11-07 19:19 ` Borislav Petkov
2023-11-07 20:27 ` Borislav Petkov
2023-11-07 21:21 ` Kalra, Ashish
2023-11-07 21:27 ` Borislav Petkov
2023-11-07 22:08 ` Borislav Petkov
2023-11-07 22:33 ` Kalra, Ashish
2023-11-08 6:14 ` Borislav Petkov
2023-11-08 9:11 ` Jeremi Piotrowski
2023-11-08 19:53 ` Kalra, Ashish
2023-12-08 17:09 ` Jeremi Piotrowski
2023-12-08 23:21 ` Kalra, Ashish
2023-12-20 7:07 ` Michael Roth
2023-10-16 13:27 ` [PATCH v10 07/50] x86/sev: Add RMP entry lookup helpers Michael Roth
2023-11-14 14:24 ` Borislav Petkov
2023-12-19 3:31 ` Michael Roth
2024-01-09 22:07 ` Borislav Petkov
2023-10-16 13:27 ` [PATCH v10 08/50] x86/fault: Add helper for dumping RMP entries Michael Roth
2023-11-15 16:08 ` Borislav Petkov
2023-12-19 6:08 ` Michael Roth
2023-10-16 13:27 ` [PATCH v10 09/50] x86/traps: Define RMP violation #PF error code Michael Roth
2023-10-16 14:14 ` Dave Hansen
2023-10-16 14:55 ` Michael Roth
2023-10-16 13:27 ` [PATCH v10 10/50] x86/fault: Report RMP page faults for kernel addresses Michael Roth
2023-11-21 15:23 ` Borislav Petkov
2023-10-16 13:27 ` [PATCH v10 11/50] x86/sev: Add helper functions for RMPUPDATE and PSMASH instruction Michael Roth
2023-11-21 16:21 ` Borislav Petkov
2023-12-19 16:20 ` Michael Roth
2023-10-16 13:27 ` [PATCH v10 12/50] x86/sev: Invalidate pages from the direct map when adding them to the RMP table Michael Roth
2023-11-24 14:20 ` Borislav Petkov
2023-10-16 13:27 ` [PATCH v10 13/50] crypto: ccp: Define the SEV-SNP commands Michael Roth
2023-11-24 14:36 ` Borislav Petkov
2023-10-16 13:27 ` [PATCH v10 14/50] crypto: ccp: Add support to initialize the AMD-SP for SEV-SNP Michael Roth
2023-11-27 9:59 ` Borislav Petkov
2023-11-30 2:13 ` Kalra, Ashish
2023-12-06 17:08 ` Borislav Petkov
2023-12-06 20:35 ` Kalra, Ashish
2023-12-09 16:20 ` Borislav Petkov
2023-12-11 21:11 ` Kalra, Ashish
2023-12-12 6:52 ` Borislav Petkov
2023-10-16 13:27 ` [PATCH v10 15/50] crypto: ccp: Provide API to issue SEV and SNP commands Michael Roth
2023-12-06 20:21 ` Borislav Petkov
2023-10-16 13:27 ` [PATCH v10 16/50] x86/sev: Introduce snp leaked pages list Michael Roth
2023-12-06 20:42 ` Borislav Petkov
2023-12-08 20:54 ` Kalra, Ashish
2023-12-07 16:20 ` Vlastimil Babka
2023-12-08 22:10 ` Kalra, Ashish
2023-12-11 13:08 ` Vlastimil Babka
2023-12-12 23:26 ` Kalra, Ashish
2023-10-16 13:27 ` [PATCH v10 17/50] crypto: ccp: Handle the legacy TMR allocation when SNP is enabled Michael Roth
2023-12-08 13:05 ` Borislav Petkov
2023-12-19 23:46 ` Michael Roth
2023-10-16 13:27 ` [PATCH v10 18/50] crypto: ccp: Handle the legacy SEV command " Michael Roth
2023-12-09 15:36 ` Borislav Petkov
2023-12-29 21:38 ` Michael Roth
2023-10-16 13:27 ` [PATCH v10 19/50] crypto: ccp: Add the SNP_PLATFORM_STATUS command Michael Roth
2023-12-12 16:45 ` Borislav Petkov
2023-10-16 13:27 ` [PATCH v10 20/50] KVM: SEV: Select CONFIG_KVM_SW_PROTECTED_VM when CONFIG_KVM_AMD_SEV=y Michael Roth
2023-12-13 12:54 ` Paolo Bonzini
2023-12-29 21:41 ` Michael Roth
2023-12-18 10:13 ` Borislav Petkov
2023-12-29 21:40 ` Michael Roth
2023-10-16 13:27 ` [PATCH v10 21/50] KVM: SEV: Add support to handle AP reset MSR protocol Michael Roth
2023-12-12 17:02 ` Borislav Petkov
2023-10-16 13:27 ` [PATCH v10 22/50] KVM: SEV: Add GHCB handling for Hypervisor Feature Support requests Michael Roth
2023-12-18 10:23 ` Borislav Petkov
2023-10-16 13:27 ` [PATCH v10 23/50] KVM: SEV: Make AVIC backing, VMSA and VMCB memory allocation SNP safe Michael Roth
2023-12-11 13:24 ` Vlastimil Babka
2023-12-12 0:00 ` Kalra, Ashish
2023-12-13 13:31 ` Paolo Bonzini
2023-12-13 18:45 ` Paolo Bonzini
2023-12-18 14:57 ` Borislav Petkov
2023-10-16 13:27 ` [PATCH v10 24/50] KVM: SEV: Add initial SEV-SNP support Michael Roth
2023-12-18 17:43 ` Borislav Petkov
2023-10-16 13:27 ` [PATCH v10 25/50] KVM: SEV: Add KVM_SNP_INIT command Michael Roth
2023-10-16 13:27 ` [PATCH v10 26/50] KVM: SEV: Add KVM_SEV_SNP_LAUNCH_START command Michael Roth
2023-10-16 13:27 ` [PATCH v10 27/50] KVM: Add HVA range operator Michael Roth
2023-10-16 13:27 ` [PATCH v10 28/50] KVM: SEV: Add KVM_SEV_SNP_LAUNCH_UPDATE command Michael Roth
2023-10-16 13:27 ` [PATCH v10 29/50] KVM: SEV: Add KVM_SEV_SNP_LAUNCH_FINISH command Michael Roth
2023-10-16 13:27 ` [PATCH v10 30/50] KVM: SEV: Add support to handle GHCB GPA register VMGEXIT Michael Roth
2023-10-16 13:28 ` [PATCH v10 31/50] KVM: SEV: Add KVM_EXIT_VMGEXIT Michael Roth
2023-10-16 13:28 ` [PATCH v10 32/50] KVM: SEV: Add support to handle MSR based Page State Change VMGEXIT Michael Roth
2023-10-16 13:28 ` [PATCH v10 33/50] KVM: SEV: Add support to handle " Michael Roth
2023-10-16 13:28 ` [PATCH v10 34/50] KVM: x86: Export the kvm_zap_gfn_range() for the SNP use Michael Roth
2023-10-16 13:28 ` [PATCH v10 35/50] KVM: SEV: Add support to handle RMP nested page faults Michael Roth
2023-10-16 13:28 ` [PATCH v10 36/50] KVM: SEV: Use a VMSA physical address variable for populating VMCB Michael Roth
2023-10-16 13:28 ` [PATCH v10 37/50] KVM: SEV: Support SEV-SNP AP Creation NAE event Michael Roth
2023-10-16 13:28 ` [PATCH v10 38/50] KVM: SEV: Add support for GHCB-based termination requests Michael Roth
2023-10-19 12:20 ` Liam Merwick
2023-10-16 13:28 ` [PATCH v10 39/50] KVM: SEV: Implement gmem hook for initializing private pages Michael Roth
2023-10-16 13:28 ` [PATCH v10 40/50] KVM: SEV: Implement gmem hook for invalidating " Michael Roth
2023-10-16 13:28 ` [PATCH v10 41/50] KVM: x86: Add gmem hook for determining max NPT mapping level Michael Roth
2023-10-16 13:28 ` [PATCH v10 42/50] KVM: SEV: Avoid WBINVD for HVA-based MMU notifications for SNP Michael Roth
2023-10-16 13:28 ` [PATCH v10 43/50] KVM: SVM: Add module parameter to enable the SEV-SNP Michael Roth
2023-10-16 13:28 ` [PATCH v10 44/50] iommu/amd: Add IOMMU_SNP_SHUTDOWN support Michael Roth
2023-10-16 13:28 ` [PATCH v10 45/50] iommu/amd: Report all cases inhibiting SNP enablement Michael Roth
2023-10-16 13:28 ` [PATCH v10 46/50] crypto: ccp: Add the SNP_{SET,GET}_EXT_CONFIG command Michael Roth
2023-10-16 23:11 ` Dionna Amalie Glaze
2023-10-16 13:28 ` [PATCH v10 47/50] x86/sev: Add KVM commands for per-instance certs Michael Roth
2023-10-16 13:28 ` [PATCH v10 48/50] KVM: SEV: Provide support for SNP_GUEST_REQUEST NAE event Michael Roth
2023-10-16 23:18 ` Dionna Amalie Glaze
2023-10-17 16:27 ` Sean Christopherson
2023-10-18 2:28 ` Alexey Kardashevskiy
2023-10-18 13:48 ` Sean Christopherson
2023-10-18 20:27 ` Kalra, Ashish
2023-10-18 20:38 ` Sean Christopherson
2023-10-18 21:27 ` Kalra, Ashish
2023-10-18 21:43 ` Sean Christopherson
2023-10-19 2:48 ` Alexey Kardashevskiy
2023-10-19 14:57 ` Sean Christopherson
2023-10-19 23:55 ` Alexey Kardashevskiy
2023-10-20 0:13 ` Sean Christopherson
2023-10-20 0:43 ` Alexey Kardashevskiy
2023-10-20 15:13 ` Sean Christopherson
2023-10-20 18:37 ` Tom Lendacky
2023-11-10 22:07 ` Michael Roth
2023-11-10 22:47 ` Sean Christopherson [this message]
2023-11-16 5:31 ` Dionna Amalie Glaze
2023-12-05 0:30 ` Dan Williams
2023-12-05 0:48 ` Dionna Amalie Glaze
2023-12-05 20:06 ` Dan Williams
2023-12-05 22:04 ` Dionna Amalie Glaze
2023-12-05 23:11 ` Dan Williams
2023-12-06 0:43 ` Dionna Amalie Glaze
2023-10-16 13:28 ` [PATCH v10 49/50] crypto: ccp: Add debug support for decrypting pages Michael Roth
2023-10-16 13:28 ` [PATCH v10 50/50] crypto: ccp: Add panic notifier for SEV/SNP firmware shutdown on kdump Michael Roth
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZU6zGgvfhga0Oiob@google.com \
--to=seanjc@google.com \
--cc=aik@amd.com \
--cc=ak@linux.intel.com \
--cc=alpergun@google.com \
--cc=ardb@kernel.org \
--cc=ashish.kalra@amd.com \
--cc=bp@alien8.de \
--cc=brijesh.singh@amd.com \
--cc=dave.hansen@linux.intel.com \
--cc=dionnaglaze@google.com \
--cc=dovmurik@linux.ibm.com \
--cc=hpa@zytor.com \
--cc=jarkko@kernel.org \
--cc=jmattson@google.com \
--cc=jroedel@suse.de \
--cc=kirill@shutemov.name \
--cc=kvm@vger.kernel.org \
--cc=liam.merwick@oracle.com \
--cc=linux-coco@lists.linux.dev \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=luto@kernel.org \
--cc=michael.roth@amd.com \
--cc=mingo@redhat.com \
--cc=nikunj.dadhania@amd.com \
--cc=pankaj.gupta@amd.com \
--cc=pbonzini@redhat.com \
--cc=peterz@infradead.org \
--cc=pgonda@google.com \
--cc=rientjes@google.com \
--cc=sathyanarayanan.kuppuswamy@linux.intel.com \
--cc=slp@redhat.com \
--cc=srinivas.pandruvada@linux.intel.com \
--cc=tglx@linutronix.de \
--cc=thomas.lendacky@amd.com \
--cc=tobin@ibm.com \
--cc=tony.luck@intel.com \
--cc=vbabka@suse.cz \
--cc=vkuznets@redhat.com \
--cc=x86@kernel.org \
--cc=zhi.a.wang@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.