From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 74553C77B7C for ; Wed, 2 Jul 2025 14:48:59 +0000 (UTC) Received: from list by lists.xenproject.org with outflank-mailman.1031304.1405110 (Exim 4.92) (envelope-from ) id 1uWylW-0003dC-Al; Wed, 02 Jul 2025 14:48:50 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 1031304.1405110; Wed, 02 Jul 2025 14:48:50 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1uWylW-0003d5-7u; Wed, 02 Jul 2025 14:48:50 +0000 Received: by outflank-mailman (input) for mailman id 1031304; Wed, 02 Jul 2025 14:48:49 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1uWylV-0003cz-3b for xen-devel@lists.xenproject.org; Wed, 02 Jul 2025 14:48:49 +0000 Received: from mail-wr1-x429.google.com (mail-wr1-x429.google.com [2a00:1450:4864:20::429]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id a88abf5f-5753-11f0-b894-0df219b8e170; Wed, 02 Jul 2025 16:48:47 +0200 (CEST) Received: by mail-wr1-x429.google.com with SMTP id ffacd0b85a97d-3a54690d369so4304540f8f.3 for ; Wed, 02 Jul 2025 07:48:47 -0700 (PDT) Received: from [10.156.60.236] (ip-037-024-206-209.um08.pools.vodafone-ip.de. [37.24.206.209]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-74af57ef308sm13997115b3a.157.2025.07.02.07.48.42 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 02 Jul 2025 07:48:46 -0700 (PDT) X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: a88abf5f-5753-11f0-b894-0df219b8e170 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=google; t=1751467726; x=1752072526; darn=lists.xenproject.org; h=content-transfer-encoding:in-reply-to:autocrypt:from :content-language:references:cc:to:subject:user-agent:mime-version :date:message-id:from:to:cc:subject:date:message-id:reply-to; bh=QQB/OHREVzvtpJFICtpfsNwoYlc6kMw6amjExJgLHVM=; b=JUrC0iLARo7zpT48xy1rGdwoTGyopc1UlctquO/jsCVJRYHTMAoWHsnTsnDIpNe+r+ EJq2vqocEcL/g5nJ9Zqj+YVG009vYIT/rVOs+oq3WfUKISFGy98HeC6CH6MmPUN44eGi vnMYNQy8/Wz1DAjFCq7PG96btG37ZeVeIswIM7fZW2tiiA7ZqO+YBEwvflq3QGIzNKjw 1PvZWuFmjXbvMoav+Kl7RjkZOH43qOvQFvkmMF9pbLnV1DAAO9JSJiMbpEvlvKkdZRSc j6Vv/LbceXwZkX6CG4UY2+/a+QfAiAONBgWJCve3zB1jcWkWrivFUHqS+wI2ltv1ToFW SHvg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1751467726; x=1752072526; h=content-transfer-encoding:in-reply-to:autocrypt:from :content-language:references:cc:to:subject:user-agent:mime-version :date:message-id:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=QQB/OHREVzvtpJFICtpfsNwoYlc6kMw6amjExJgLHVM=; b=hZhVn5HuYiiLoY1DmAtXDyX2Molm4fbktuGefigxL/CqpY8AUp8AKXGQLLi9aKkpW0 o36k7IxjwjLDbYOTdgc5O9m5jIH2/E0s166ptCvEoyW9Dgi6vy+YVo7E6h8jgXuS+ooP X+hNkhXvYsJTDjP7OsVUbA2qrQuVf22DT8d4ZG+VU64s8Lg8Y+wLD4tYTiimUobjM5/Y 8sRC/1CcT/MPNarojvncqoIxVML3AMSEB2fQYfuoX331b0x5yNkVJ5m4q5wi3PadMI2D /Ef6cfef47zqtA1PHQp9umrvkshaR47tBoYEzm0c1dW5CUGnnX1tkJoIr8idIKggiSA8 0Xjw== X-Forwarded-Encrypted: i=1; AJvYcCX3G4de313k3t4gTwza4mAXcC5Hf6o/8DhqxIEl8/ckTMsUsMurPMrbmcwg9COIpE71vzAOxwJRDcY=@lists.xenproject.org X-Gm-Message-State: AOJu0Yygtk6/kCbbjc7Yx1QHrSA/zbmuNuVNeDSFACWTfX2ua6289V+l qyJYOqiK0qiYxgV9/NIN6xbpKo+Ik/MuLKJqzrbMTmQr781QwkH+SgHxXFZQidpENg== X-Gm-Gg: ASbGnct2E73KCbnpow2TlxfpVbx1eNwg/CIka3ZsYXGK2kF9y03epz3S6ebaWG4Dezb mXgdE6w78DWCvkO1lEYWe+GJ2ha9262a+95x+fo+Uo4/DuJmH20SjYc3uKqewAtVH2fpHZbdq6j 4UIOGdFKdDyf3p6wKp2e49yG40C+ZhOJ5v5M5v0/6/WU0bMmB7vNl+BVQwNXkccJF6dUPM6lsHs lcrJg0qx8i7RN4FHIjUfsaf0D32u3KTXRmwMiD2YkDxThnTh03bJfHheEe+E+kmkbBdhtR9IiXa gs1OEjQJUPM40czEfMd+kFhj89X6APuSwasG1EAGxCMHXlRLMDjYXKl8DTjaVf7u2BsPD4v5QrH +v9UgrQuD4kGskCNGLGnpTBdJqd2tavCZV+f1dscGwRoTJQs= X-Google-Smtp-Source: AGHT+IHLajMJWPbBmRDEGIrvVvzctFQkGuezxYrrQxti29yZGa4qRHpjAswV4C/3JueLDSenzs0Waw== X-Received: by 2002:a05:6000:41dc:b0:3a8:6262:6ef5 with SMTP id ffacd0b85a97d-3b1fdc20d30mr2598691f8f.10.1751467726491; Wed, 02 Jul 2025 07:48:46 -0700 (PDT) Message-ID: Date: Wed, 2 Jul 2025 16:48:38 +0200 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH v3 17/22] x86/acpi: disallow S3 on Secure Launch boot To: Sergii Dmytruk Cc: Andrew Cooper , =?UTF-8?Q?Roger_Pau_Monn=C3=A9?= , trenchboot-devel@googlegroups.com, xen-devel@lists.xenproject.org References: Content-Language: en-US From: Jan Beulich Autocrypt: addr=jbeulich@suse.com; keydata= xsDiBFk3nEQRBADAEaSw6zC/EJkiwGPXbWtPxl2xCdSoeepS07jW8UgcHNurfHvUzogEq5xk hu507c3BarVjyWCJOylMNR98Yd8VqD9UfmX0Hb8/BrA+Hl6/DB/eqGptrf4BSRwcZQM32aZK 7Pj2XbGWIUrZrd70x1eAP9QE3P79Y2oLrsCgbZJfEwCgvz9JjGmQqQkRiTVzlZVCJYcyGGsD /0tbFCzD2h20ahe8rC1gbb3K3qk+LpBtvjBu1RY9drYk0NymiGbJWZgab6t1jM7sk2vuf0Py O9Hf9XBmK0uE9IgMaiCpc32XV9oASz6UJebwkX+zF2jG5I1BfnO9g7KlotcA/v5ClMjgo6Gl MDY4HxoSRu3i1cqqSDtVlt+AOVBJBACrZcnHAUSuCXBPy0jOlBhxPqRWv6ND4c9PH1xjQ3NP nxJuMBS8rnNg22uyfAgmBKNLpLgAGVRMZGaGoJObGf72s6TeIqKJo/LtggAS9qAUiuKVnygo 3wjfkS9A3DRO+SpU7JqWdsveeIQyeyEJ/8PTowmSQLakF+3fote9ybzd880fSmFuIEJldWxp Y2ggPGpiZXVsaWNoQHN1c2UuY29tPsJgBBMRAgAgBQJZN5xEAhsDBgsJCAcDAgQVAggDBBYC AwECHgECF4AACgkQoDSui/t3IH4J+wCfQ5jHdEjCRHj23O/5ttg9r9OIruwAn3103WUITZee e7Sbg12UgcQ5lv7SzsFNBFk3nEQQCACCuTjCjFOUdi5Nm244F+78kLghRcin/awv+IrTcIWF hUpSs1Y91iQQ7KItirz5uwCPlwejSJDQJLIS+QtJHaXDXeV6NI0Uef1hP20+y8qydDiVkv6l IreXjTb7DvksRgJNvCkWtYnlS3mYvQ9NzS9PhyALWbXnH6sIJd2O9lKS1Mrfq+y0IXCP10eS FFGg+Av3IQeFatkJAyju0PPthyTqxSI4lZYuJVPknzgaeuJv/2NccrPvmeDg6Coe7ZIeQ8Yj t0ARxu2xytAkkLCel1Lz1WLmwLstV30g80nkgZf/wr+/BXJW/oIvRlonUkxv+IbBM3dX2OV8 AmRv1ySWPTP7AAMFB/9PQK/VtlNUJvg8GXj9ootzrteGfVZVVT4XBJkfwBcpC/XcPzldjv+3 HYudvpdNK3lLujXeA5fLOH+Z/G9WBc5pFVSMocI71I8bT8lIAzreg0WvkWg5V2WZsUMlnDL9 mpwIGFhlbM3gfDMs7MPMu8YQRFVdUvtSpaAs8OFfGQ0ia3LGZcjA6Ik2+xcqscEJzNH+qh8V m5jjp28yZgaqTaRbg3M/+MTbMpicpZuqF4rnB0AQD12/3BNWDR6bmh+EkYSMcEIpQmBM51qM EKYTQGybRCjpnKHGOxG0rfFY1085mBDZCH5Kx0cl0HVJuQKC+dV2ZY5AqjcKwAxpE75MLFkr wkkEGBECAAkFAlk3nEQCGwwACgkQoDSui/t3IH7nnwCfcJWUDUFKdCsBH/E5d+0ZnMQi+G0A nAuWpQkjM1ASeQwSHEeAWPgskBQL In-Reply-To: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit On 30.05.2025 15:17, Sergii Dmytruk wrote: > @@ -356,6 +357,13 @@ int acpi_enter_sleep(const struct xenpf_enter_acpi_sleep *sleep) > PAGE_SIZE - acpi_sinfo.vector_width / 8)) ) > return -EOPNOTSUPP; > > + /* Secure Launch won't initiate DRTM on S3 resume, so abort S3 suspend. */ > + if ( sleep->sleep_state == ACPI_STATE_S3 && slaunch_active ) > + { > + printk(XENLOG_INFO "SLAUNCH: refusing switching into ACPI S3 state.\n"); > + return -EPERM; Not sure about the error code here: Generally we prefer to limit EPERM to what XSM has to say. Could I talk you into using e.g. EACCES instead? Jan