diff for duplicates of <20240329225835.400662-29-michael.roth@amd.com> diff --git a/a/1.txt b/N1/1.txt index 7d486c4..c2cb974 100644 --- a/a/1.txt +++ b/N1/1.txt @@ -264,3 +264,446 @@ index 2289b7c76c59..7b35b2814a99 100644 * -- 2.25.1 + + +X-sender: <linux-crypto+bounces-3107-steffen.klassert=secunet.com@vger.kernel.org> +X-Receiver: <steffen.klassert@secunet.com> ORCPT=rfc822;steffen.klassert@secunet.com +X-CreatedBy: MSExchange15 +X-HeloDomain: mbx-essen-01.secunet.de +X-ExtendedProps: BQBjAAoAFEqmlidQ3AgFADcAAgAADwA8AAAATWljcm9zb2Z0LkV4Y2hhbmdlLlRyYW5zcG9ydC5NYWlsUmVjaXBpZW50Lk9yZ2FuaXphdGlvblNjb3BlEQAAAAAAAAAAAAAAAAAAAAAADwA/AAAATWljcm9zb2Z0LkV4Y2hhbmdlLlRyYW5zcG9ydC5EaXJlY3RvcnlEYXRhLk1haWxEZWxpdmVyeVByaW9yaXR5DwADAAAATG93 +X-Source: SMTP:Default MBX-ESSEN-02 +X-SourceIPAddress: 10.53.40.197 +X-EndOfInjectedXHeaders: 23022 +Received: from mbx-essen-01.secunet.de (10.53.40.197) by + mbx-essen-02.secunet.de (10.53.40.198) with Microsoft SMTP Server + (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id + 15.1.2507.37; Sat, 30 Mar 2024 00:06:58 +0100 +Received: from b.mx.secunet.com (62.96.220.37) by cas-essen-02.secunet.de + (10.53.40.202) with Microsoft SMTP Server (version=TLS1_2, + cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35 via Frontend + Transport; Sat, 30 Mar 2024 00:06:58 +0100 +Received: from localhost (localhost [127.0.0.1]) + by b.mx.secunet.com (Postfix) with ESMTP id A3A792032C + for <steffen.klassert@secunet.com>; Sat, 30 Mar 2024 00:06:58 +0100 (CET) +X-Virus-Scanned: by secunet +X-Spam-Flag: NO +X-Spam-Score: -5.15 +X-Spam-Level: +X-Spam-Status: No, score=-5.15 tagged_above=-999 required=2.1 + tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.099, DKIM_SIGNED=0.1, + DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, + HEADER_FROM_DIFFERENT_DOMAINS=0.249, MAILING_LIST_MULTI=-1, + RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] + autolearn=ham autolearn_force=no +Authentication-Results: a.mx.secunet.com (amavisd-new); + dkim=pass (1024-bit key) header.d=amd.com +Received: from b.mx.secunet.com ([127.0.0.1]) + by localhost (a.mx.secunet.com [127.0.0.1]) (amavisd-new, port 10024) + with ESMTP id cvq5nLGcq4z1 for <steffen.klassert@secunet.com>; + Sat, 30 Mar 2024 00:06:55 +0100 (CET) +Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=147.75.199.223; helo=ny.mirrors.kernel.org; envelope-from=linux-crypto+bounces-3107-steffen.klassert=secunet.com@vger.kernel.org; receiver=steffen.klassert@secunet.com +DKIM-Filter: OpenDKIM Filter v2.11.0 b.mx.secunet.com 2CCE2200BB +Authentication-Results: b.mx.secunet.com; + dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="EQB9OIea" +Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org [147.75.199.223]) + (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) + (No client certificate requested) + by b.mx.secunet.com (Postfix) with ESMTPS id 2CCE2200BB + for <steffen.klassert@secunet.com>; Sat, 30 Mar 2024 00:06:55 +0100 (CET) +Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) + (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) + (No client certificate requested) + by ny.mirrors.kernel.org (Postfix) with ESMTPS id 3BDFE1C216D9 + for <steffen.klassert@secunet.com>; Fri, 29 Mar 2024 23:06:54 +0000 (UTC) +Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) + by smtp.subspace.kernel.org (Postfix) with ESMTP id 49FD913E05E; + Fri, 29 Mar 2024 23:06:27 +0000 (UTC) +Authentication-Results: smtp.subspace.kernel.org; + dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="EQB9OIea" +X-Original-To: linux-crypto@vger.kernel.org +Received: from NAM02-DM3-obe.outbound.protection.outlook.com (mail-dm3nam02on2086.outbound.protection.outlook.com [40.107.95.86]) + (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) + (No client certificate requested) + by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1559F13E408; + Fri, 29 Mar 2024 23:06:24 +0000 (UTC) +Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.95.86 +ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; + t=1711753587; cv=fail; b=uVxzxBp9ua9ojUje7iOTm6ElFMdMHmdPYW0cUn6bjO7rF9rpTnSFzjBQNwx9spej1SZwD2d3ddUJSL7R2Behss3Yf5iVrst2nE0eE8Kf9rwbOVWN2G2Wo4zkjF8M1GkC3ISI2lp8VHqirYlYmhXAcrvJ0aWXLcJjioCaJ2gdSfo= +ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; + s=arc-20240116; t=1711753587; c=relaxed/simple; + bh=KalEbdqRGRxS5KjJYNiUkYknvhPkZuxd2fBb0cCgSeE=; + h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: + MIME-Version:Content-Type; b=BOktB9YS73vaB1FyI/btKNHhjK+iudqpuFu8zlcHRObZnEOUWR6aTCQIvgQSBjZ5ifi/zYzsQla9sGYZzlKbXFWcfl/2AMUZeZb7bjFZR/d+d1/oa1Sur7wYqaGcpelZf1ezG2GCIarZyD2juMhQo2HIkLuvXaJvQDhjINv0lNo= +ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=EQB9OIea; arc=fail smtp.client-ip=40.107.95.86 +Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com +Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com +ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; + b=CFHIOL2v24wJaO2yisaKcXeiUV+EUvOpK9IZEbVfDGmni78YdT0lMZvfpeYqipud8yhZ4gHslAMcdAQuRzk7xciD9c1598D8uZ49rcSjondc9yXX8RRPFMtdylgd6HqoBsseYuRzulAUZ37Zap4H6hxM73NbuAGbOPlloxcddZtPSqnauMXbFezr+3Ef+E4FyYSzxbLkuR8lcNsckXvl6B/FSK28NgDvprWlY8C8e9jc5TSQrufwnBwlVZnEXN40saecPKgxuvpcmxoS//9XPnw1OWEwqx0KLvA+oD1DiQhvgTJdmWJjEsN2gPhhKfBV0SxUD3Yml5RkRt2ef4lrrw== +ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; + s=arcselector9901; + h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; + bh=xP7eiDAex+6DfGwbSIMsn9LpYXQmn4Kn5QQfRgVRAv8=; + b=ZvZnMU/ezwI47YqFGuq1hiunzr+cbZzvidUZhx+bqCC51581eV856EBTaw2ucSXMHjUU1fVSs08ZRxWyVUFU+/wF/uRF3k0Iix6KbiwZoY0YL5B3dlrL7oOsRCnqkL9AGsjIswEnCUoJQRUfeFtAVIXwhn/edhT3VN+ysHS188w6CWhK5PohJGWVw08l9Xox6RHmIBsgEiWCkMUKnHVeK2jJ4PAXzapHJz+ZZO0o4AoeC3uqTbbl4u1prerJUGbjuHsknwLjMpCEyTpCOFWaDk8hmEZmyCwnK9HDF7HGK0rLEgAVApg+HWWMbhRvvlLZu2ADZx9vo2DqA6wr0mZLDw== +ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is + 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; + dmarc=pass (p=quarantine sp=quarantine pct=100) action=none + header.from=amd.com; dkim=none (message not signed); arc=none (0) +DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; + h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; + bh=xP7eiDAex+6DfGwbSIMsn9LpYXQmn4Kn5QQfRgVRAv8=; + b=EQB9OIeaxFjsOzOPKNd8cAEUq7aSSCsc1yGTlBbuIZbxYtxUCa2I+XTMLCPgKruQYscZzJF92fnmoACvtFHOjpstNXrXbQkb38Z1Kc0qn5MP4NGE+3/CUP4fiFbfGWpQnglJXfkKUuHWghjC56ZmuNe921Y5nuLVeUGWMqB3KLI= +Received: from DM6PR01CA0015.prod.exchangelabs.com (2603:10b6:5:296::20) by + DS7PR12MB8322.namprd12.prod.outlook.com (2603:10b6:8:ed::13) with Microsoft + SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id + 15.20.7409.32; Fri, 29 Mar 2024 23:06:21 +0000 +Received: from DS1PEPF00017092.namprd03.prod.outlook.com + (2603:10b6:5:296:cafe::60) by DM6PR01CA0015.outlook.office365.com + (2603:10b6:5:296::20) with Microsoft SMTP Server (version=TLS1_2, + cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7409.40 via Frontend + Transport; Fri, 29 Mar 2024 23:06:21 +0000 +X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) + smtp.mailfrom=amd.com; dkim=none (message not signed) + header.d=none;dmarc=pass action=none header.from=amd.com; +Received-SPF: Pass (protection.outlook.com: domain of amd.com designates + 165.204.84.17 as permitted sender) receiver=protection.outlook.com; + client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C +Received: from SATLEXMB04.amd.com (165.204.84.17) by + DS1PEPF00017092.mail.protection.outlook.com (10.167.17.135) with Microsoft + SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id + 15.20.7409.10 via Frontend Transport; Fri, 29 Mar 2024 23:06:21 +0000 +Received: from localhost (10.180.168.240) by SATLEXMB04.amd.com + (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, + cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Fri, 29 Mar + 2024 18:06:20 -0500 +From: Michael Roth <michael.roth@amd.com> +To: <kvm@vger.kernel.org> +CC: <linux-coco@lists.linux.dev>, <linux-mm@kvack.org>, + <linux-crypto@vger.kernel.org>, <x86@kernel.org>, + <linux-kernel@vger.kernel.org>, <tglx@linutronix.de>, <mingo@redhat.com>, + <jroedel@suse.de>, <thomas.lendacky@amd.com>, <hpa@zytor.com>, + <ardb@kernel.org>, <pbonzini@redhat.com>, <seanjc@google.com>, + <vkuznets@redhat.com>, <jmattson@google.com>, <luto@kernel.org>, + <dave.hansen@linux.intel.com>, <slp@redhat.com>, <pgonda@google.com>, + <peterz@infradead.org>, <srinivas.pandruvada@linux.intel.com>, + <rientjes@google.com>, <dovmurik@linux.ibm.com>, <tobin@ibm.com>, + <bp@alien8.de>, <vbabka@suse.cz>, <kirill@shutemov.name>, + <ak@linux.intel.com>, <tony.luck@intel.com>, + <sathyanarayanan.kuppuswamy@linux.intel.com>, <alpergun@google.com>, + <jarkko@kernel.org>, <ashish.kalra@amd.com>, <nikunj.dadhania@amd.com>, + <pankaj.gupta@amd.com>, <liam.merwick@oracle.com> +Subject: [PATCH v12 28/29] crypto: ccp: Add the SNP_{PAUSE,RESUME}_ATTESTATION commands +Date: Fri, 29 Mar 2024 17:58:34 -0500 +Message-ID: <20240329225835.400662-29-michael.roth@amd.com> +X-Mailer: git-send-email 2.25.1 +In-Reply-To: <20240329225835.400662-1-michael.roth@amd.com> +References: <20240329225835.400662-1-michael.roth@amd.com> +Precedence: bulk +X-Mailing-List: linux-crypto@vger.kernel.org +List-Id: <linux-crypto.vger.kernel.org> +List-Subscribe: <mailto:linux-crypto+subscribe@vger.kernel.org> +List-Unsubscribe: <mailto:linux-crypto+unsubscribe@vger.kernel.org> +MIME-Version: 1.0 +Content-Transfer-Encoding: 8bit +Content-Type: text/plain +X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com + (10.181.40.145) +X-EOPAttributedMessage: 0 +X-MS-PublicTrafficType: Email +X-MS-TrafficTypeDiagnostic: DS1PEPF00017092:EE_|DS7PR12MB8322:EE_ +X-MS-Office365-Filtering-Correlation-Id: cc6f20e1-32a1-4880-c374-08dc5044d987 +X-MS-Exchange-SenderADCheck: 1 +X-MS-Exchange-AntiSpam-Relay: 0 +X-Microsoft-Antispam: BCL:0; +X-Microsoft-Antispam-Message-Info: leMQLN+KuRS4VcoSCnLaLz7JNsXtLC80aCs8Pj12CnRImmggJ3DHcFgvQll5xsifg/F+W9bI5AQmcUgQqWDWwCHPJTd7zXvQ1C82aUFmJN8M/gg3V5yymXo/c4W/5GwrqcAsxOnq+y8DAgVF0P5WdwcNDnOPWozhyr8xPtFKoW39EgfQvEMCSU/tNVuRU6PBH7V7Modl55CEewnnr0D4ldtLJDCpOwlcAI3q5xVSs6RWojWCjRU+ria7e4JSLKysNWfPDUy85V+cH9LSmxMHvyDmXsBLbvC0BK1TWDEmGyH3pPv0fxmSMuZ3r3WP/5PQWR39flwAtRXSe1GYsflpCbTlTZcju0SqiDhOINxrLbgEKF5QTKnQbcLHyIRupp0CVz44dF2Tp75Iznvkycf1Dtoj0uv8DIV9mz8Rc0HdRf40weU8+Btj93wy2FncEGSpr+Yq8o7hRxjhudDxwHaZw2ICisoEs8fbFbJrEzbhB7Iu+/xnn5IooeevBLB0vPQ8F4/qNQIaYMXQC3k2DTd5r0sN+Obmprz0Biq+ngTERL455yH84jkaW/AaZQPdH8+Wim7NFcmnE2BZ/kwo9aksMGZe+A5mV/3rJx+5+H659gQvgkkXJMRVAhmrnKKmZmePZkAQ/O45FJjrxhXXO8xp7UzVUG/jwDXzgRivyEc8VGg/zTNp0EmWwjU/ymrymD6gZPOPrteZxD+dHaHvXopGXCVl1SdmFOgY+UAe+h17Af9Syjhb77+v+JgZBQfK1ZrX +X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(36860700004)(1800799015)(82310400014)(376005)(7416005);DIR:OUT;SFP:1101; +X-MS-Exchange-CrossTenant-OriginalArrivalTime: 29 Mar 2024 23:06:21.6538 + (UTC) +X-MS-Exchange-CrossTenant-Network-Message-Id: cc6f20e1-32a1-4880-c374-08dc5044d987 +X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d +X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] +X-MS-Exchange-CrossTenant-AuthSource: DS1PEPF00017092.namprd03.prod.outlook.com +X-MS-Exchange-CrossTenant-AuthAs: Anonymous +X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem +X-MS-Exchange-Transport-CrossTenantHeadersStamped: DS7PR12MB8322 +Return-Path: linux-crypto+bounces-3107-steffen.klassert=secunet.com@vger.kernel.org +X-MS-Exchange-Organization-OriginalArrivalTime: 29 Mar 2024 23:06:58.7028 + (UTC) +X-MS-Exchange-Organization-Network-Message-Id: 2ce8fc15-1b0f-476a-621b-08dc5044ef91 +X-MS-Exchange-Organization-OriginalClientIPAddress: 62.96.220.37 +X-MS-Exchange-Organization-OriginalServerIPAddress: 10.53.40.202 +X-MS-Exchange-Organization-Cross-Premises-Headers-Processed: cas-essen-02.secunet.de +X-MS-Exchange-Organization-OrderedPrecisionLatencyInProgress: LSRV=cas-essen-02.secunet.de:TOTAL-FE=0.007|SMR=0.007(SMRPI=0.004(SMRPI-FrontendProxyAgent=0.004));2024-03-29T23:06:58.709Z +X-MS-Exchange-Forest-ArrivalHubServer: mbx-essen-02.secunet.de +X-MS-Exchange-Organization-AuthSource: cas-essen-02.secunet.de +X-MS-Exchange-Organization-AuthAs: Anonymous +X-MS-Exchange-Organization-OriginalSize: 22477 +X-MS-Exchange-Organization-Transport-Properties: DeliveryPriority=Low +X-MS-Exchange-Organization-Prioritization: 2:ShadowRedundancy +X-MS-Exchange-Organization-IncludeInSla: False:ShadowRedundancy + +These commands can be used to pause servicing of guest attestation +requests. This useful when updating the reported TCB or signing key with +commands such as SNP_SET_CONFIG/SNP_COMMIT/SNP_VLEK_LOAD, since they may +in turn require updates to userspace-supplied certificates, and if an +attestation request happens to be in-flight at the time those updates +are occurring there is potential for a guest to receive a certificate +blob that is out of sync with the effective signing key for the +attestation report. + +These interfaces also provide some versatility with how similar +firmware/certificate update activities can be handled in the future. + +Signed-off-by: Michael Roth <michael.roth@amd.com> +--- + Documentation/virt/coco/sev-guest.rst | 50 +++++++++++++++++++++++++-- + arch/x86/include/asm/sev.h | 4 +++ + arch/x86/virt/svm/sev.c | 43 +++++++++++++++++++++++ + drivers/crypto/ccp/sev-dev.c | 47 +++++++++++++++++++++++++ + include/uapi/linux/psp-sev.h | 12 +++++++ + 5 files changed, 154 insertions(+), 2 deletions(-) + +diff --git a/Documentation/virt/coco/sev-guest.rst b/Documentation/virt/coco/sev-guest.rst +index e1eaf6a830ce..dd5cf2098afd 100644 +--- a/Documentation/virt/coco/sev-guest.rst ++++ b/Documentation/virt/coco/sev-guest.rst +@@ -128,8 +128,6 @@ the SEV-SNP specification for further details. + + The SNP_GET_EXT_REPORT ioctl is similar to the SNP_GET_REPORT. The difference is + related to the additional certificate data that is returned with the report. +-The certificate data returned is being provided by the hypervisor through the +-SNP_SET_EXT_CONFIG. + + The ioctl uses the SNP_GUEST_REQUEST (MSG_REPORT_REQ) command provided by the SEV-SNP + firmware to get the attestation report. +@@ -176,6 +174,54 @@ to SNP_CONFIG command defined in the SEV-SNP spec. The current values of + the firmware parameters affected by this command can be queried via + SNP_PLATFORM_STATUS. + ++2.7 SNP_PAUSE_ATTESTATION / SNP_RESUME_ATTESTATION ++-------------------------------------------------- ++:Technology: sev-snp ++:Type: hypervisor ioctl cmd ++:Parameters (out): struct sev_user_data_snp_pause_transaction ++:Returns (out): 0 on success, -negative on error ++ ++When requesting attestation reports, SNP guests have the option of issuing ++an extended guest request which allows host userspace to supply additional ++certificate data that can be used to validate the signature used to sign ++the attestation report. This signature is generated using a key that is ++derived from the reported TCB that can be set via the SNP_SET_CONFIG and ++SNP_COMMIT ioctls, so the accompanying certificate data needs to be kept in ++sync with the changes made to the reported TCB via these ioctls. ++ ++Similarly, interfaces like SNP_LOAD_VLEK can modify the key used to sign ++the attestation reports, which may in turn require updating the certificate ++data provided to guests via extended guest requests. ++ ++To allow for updating the reported TCB, endorsement key, and any certificate ++data in a manner that is atomic to guests, the SNP_PAUSE_ATTESTATION and ++SNP_RESUME_ATTESTATION commands are provided. ++ ++After SNP_PAUSE_ATTESTATION is issued, any attestation report requests via ++extended guest requests that are in-progress, or received after ++SNP_PAUSE_ATTESTATION is issued, will result in the guest receiving a ++GHCB-defined error message instructing it to retry the request. Once all ++the desired reported TCB, endorsement keys, or certificate data updates ++are completed on the host, the SNP_RESUME_ATTESTATION command must be ++issued to allow guest attestation requests to proceed. ++ ++In general, hosts should serialize updates of this sort and never have more ++than 1 outstanding transaction in flight that could result in the ++interleaving of multiple SNP_PAUSE_ATTESTATION/SNP_RESUME_ATTESTATION pairs. ++To guard against this, SNP_PAUSE_ATTESTATION will fail if another process ++has already paused attestation requests. ++ ++However, there may be occassions where a transaction needs to be aborted due ++to unexpected activity in userspace such as timeouts, crashes, etc., so ++SNP_RESUME_ATTESTATION will always succeed. Nonetheless, this could ++potentially lead to SNP_RESUME_ATTESTATION being called out of sequence, so ++to allow for callers of SNP_{PAUSE,RESUME}_ATTESTATION to detect such ++occurrences, each ioctl will return a transaction ID in the response so the ++caller can monitor whether the start/end ID both match. If they don't, the ++caller should assume that attestation has been paused/resumed unexpectedly, ++and take whatever measures it deems necessary such as logging, reporting, ++auditing the sequence of events. ++ + 3. SEV-SNP CPUID Enforcement + ============================ + +diff --git a/arch/x86/include/asm/sev.h b/arch/x86/include/asm/sev.h +index 234a998e2d2d..975e92005438 100644 +--- a/arch/x86/include/asm/sev.h ++++ b/arch/x86/include/asm/sev.h +@@ -272,6 +272,8 @@ int rmp_make_private(u64 pfn, u64 gpa, enum pg_level level, u32 asid, bool immut + int rmp_make_shared(u64 pfn, enum pg_level level); + void snp_leak_pages(u64 pfn, unsigned int npages); + void kdump_sev_callback(void); ++int snp_pause_attestation(u64 *transaction_id); ++void snp_resume_attestation(u64 *transaction_id); + #else + static inline bool snp_probe_rmptable_info(void) { return false; } + static inline int snp_lookup_rmpentry(u64 pfn, bool *assigned, int *level) { return -ENODEV; } +@@ -285,6 +287,8 @@ static inline int rmp_make_private(u64 pfn, u64 gpa, enum pg_level level, u32 as + static inline int rmp_make_shared(u64 pfn, enum pg_level level) { return -ENODEV; } + static inline void snp_leak_pages(u64 pfn, unsigned int npages) {} + static inline void kdump_sev_callback(void) { } ++static inline int snp_pause_attestation(u64 *transaction_id) { return 0; } ++static inline void snp_resume_attestation(u64 *transaction_id) {} + #endif + + #endif +diff --git a/arch/x86/virt/svm/sev.c b/arch/x86/virt/svm/sev.c +index ab0e8448bb6e..09d62870306b 100644 +--- a/arch/x86/virt/svm/sev.c ++++ b/arch/x86/virt/svm/sev.c +@@ -70,6 +70,11 @@ static DEFINE_SPINLOCK(snp_leaked_pages_list_lock); + + static unsigned long snp_nr_leaked_pages; + ++/* For synchronizing TCB/certificate updates with extended guest requests */ ++static DEFINE_MUTEX(snp_pause_attestation_lock); ++static u64 snp_transaction_id; ++static bool snp_attestation_paused; ++ + #undef pr_fmt + #define pr_fmt(fmt) "SEV-SNP: " fmt + +@@ -568,3 +573,41 @@ void kdump_sev_callback(void) + if (cc_platform_has(CC_ATTR_HOST_SEV_SNP)) + wbinvd(); + } ++ ++int snp_pause_attestation(u64 *transaction_id) ++{ ++ mutex_lock(&snp_pause_attestation_lock); ++ ++ if (snp_attestation_paused) { ++ mutex_unlock(&snp_pause_attestation_lock); ++ return -EBUSY; ++ } ++ ++ /* ++ * The actual transaction ID update will happen when ++ * snp_resume_attestation() is called, so return ++ * the *anticipated* transaction ID that will be ++ * returned by snp_resume_attestation(). This is ++ * to ensure that unbalanced/aborted transactions will ++ * be noticeable when the caller that started the ++ * transaction calls snp_resume_attestation(). ++ */ ++ *transaction_id = snp_transaction_id + 1; ++ snp_attestation_paused = true; ++ ++ mutex_unlock(&snp_pause_attestation_lock); ++ ++ return 0; ++} ++EXPORT_SYMBOL_GPL(snp_pause_attestation); ++ ++void snp_resume_attestation(u64 *transaction_id) ++{ ++ mutex_lock(&snp_pause_attestation_lock); ++ ++ snp_attestation_paused = false; ++ *transaction_id = ++snp_transaction_id; ++ ++ mutex_unlock(&snp_pause_attestation_lock); ++} ++EXPORT_SYMBOL_GPL(snp_resume_attestation); +diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c +index 97a7959406ee..7eb18a273731 100644 +--- a/drivers/crypto/ccp/sev-dev.c ++++ b/drivers/crypto/ccp/sev-dev.c +@@ -2060,6 +2060,47 @@ static int sev_ioctl_do_snp_vlek_load(struct sev_issue_cmd *argp, bool writable) + return ret; + } + ++static int sev_ioctl_do_snp_pause_attestation(struct sev_issue_cmd *argp, bool writable) ++{ ++ struct sev_user_data_snp_pause_attestation transaction = {0}; ++ struct sev_device *sev = psp_master->sev_data; ++ int ret; ++ ++ if (!sev->snp_initialized || !argp->data) ++ return -EINVAL; ++ ++ if (!writable) ++ return -EPERM; ++ ++ ret = snp_pause_attestation(&transaction.id); ++ if (ret) ++ return ret; ++ ++ if (copy_to_user((void __user *)argp->data, &transaction, sizeof(transaction))) ++ return -EFAULT; ++ ++ return 0; ++} ++ ++static int sev_ioctl_do_snp_resume_attestation(struct sev_issue_cmd *argp, bool writable) ++{ ++ struct sev_user_data_snp_pause_attestation transaction = {0}; ++ struct sev_device *sev = psp_master->sev_data; ++ ++ if (!sev->snp_initialized || !argp->data) ++ return -EINVAL; ++ ++ if (!writable) ++ return -EPERM; ++ ++ snp_resume_attestation(&transaction.id); ++ ++ if (copy_to_user((void __user *)argp->data, &transaction, sizeof(transaction))) ++ return -EFAULT; ++ ++ return 0; ++} ++ + static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg) + { + void __user *argp = (void __user *)arg; +@@ -2123,6 +2164,12 @@ static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg) + case SNP_VLEK_LOAD: + ret = sev_ioctl_do_snp_vlek_load(&input, writable); + break; ++ case SNP_PAUSE_ATTESTATION: ++ ret = sev_ioctl_do_snp_pause_attestation(&input, writable); ++ break; ++ case SNP_RESUME_ATTESTATION: ++ ret = sev_ioctl_do_snp_resume_attestation(&input, writable); ++ break; + default: + ret = -EINVAL; + goto out; +diff --git a/include/uapi/linux/psp-sev.h b/include/uapi/linux/psp-sev.h +index 2289b7c76c59..7b35b2814a99 100644 +--- a/include/uapi/linux/psp-sev.h ++++ b/include/uapi/linux/psp-sev.h +@@ -32,6 +32,8 @@ enum { + SNP_COMMIT, + SNP_SET_CONFIG, + SNP_VLEK_LOAD, ++ SNP_PAUSE_ATTESTATION, ++ SNP_RESUME_ATTESTATION, + + SEV_MAX, + }; +@@ -241,6 +243,16 @@ struct sev_user_data_snp_wrapped_vlek_hashstick { + __u8 data[432]; /* In */ + } __packed; + ++/** ++ * struct sev_user_data_snp_pause_attestation - metadata for pausing attestation ++ * ++ * @id: the ID of the transaction started/ended by a call to SNP_PAUSE_ATTESTATION ++ * or SNP_RESUME_ATTESTATION, respectively. ++ */ ++struct sev_user_data_snp_pause_attestation { ++ __u64 id; /* Out */ ++} __packed; ++ + /** + * struct sev_issue_cmd - SEV ioctl parameters + * +-- +2.25.1 diff --git a/a/content_digest b/N1/content_digest index 0e4189a..9bb4330 100644 --- a/a/content_digest +++ b/N1/content_digest @@ -306,6 +306,449 @@ " * struct sev_issue_cmd - SEV ioctl parameters\n" " *\n" "-- \n" + "2.25.1\n" + "\n" + "\n" + "X-sender: <linux-crypto+bounces-3107-steffen.klassert=secunet.com@vger.kernel.org>\n" + "X-Receiver: <steffen.klassert@secunet.com> ORCPT=rfc822;steffen.klassert@secunet.com\n" + "X-CreatedBy: MSExchange15\n" + "X-HeloDomain: mbx-essen-01.secunet.de\n" + "X-ExtendedProps: BQBjAAoAFEqmlidQ3AgFADcAAgAADwA8AAAATWljcm9zb2Z0LkV4Y2hhbmdlLlRyYW5zcG9ydC5NYWlsUmVjaXBpZW50Lk9yZ2FuaXphdGlvblNjb3BlEQAAAAAAAAAAAAAAAAAAAAAADwA/AAAATWljcm9zb2Z0LkV4Y2hhbmdlLlRyYW5zcG9ydC5EaXJlY3RvcnlEYXRhLk1haWxEZWxpdmVyeVByaW9yaXR5DwADAAAATG93\n" + "X-Source: SMTP:Default MBX-ESSEN-02\n" + "X-SourceIPAddress: 10.53.40.197\n" + "X-EndOfInjectedXHeaders: 23022\n" + "Received: from mbx-essen-01.secunet.de (10.53.40.197) by\n" + " mbx-essen-02.secunet.de (10.53.40.198) with Microsoft SMTP Server\n" + " (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id\n" + " 15.1.2507.37; Sat, 30 Mar 2024 00:06:58 +0100\n" + "Received: from b.mx.secunet.com (62.96.220.37) by cas-essen-02.secunet.de\n" + " (10.53.40.202) with Microsoft SMTP Server (version=TLS1_2,\n" + " cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35 via Frontend\n" + " Transport; Sat, 30 Mar 2024 00:06:58 +0100\n" + "Received: from localhost (localhost [127.0.0.1])\n" + "\tby b.mx.secunet.com (Postfix) with ESMTP id A3A792032C\n" + "\tfor <steffen.klassert@secunet.com>; Sat, 30 Mar 2024 00:06:58 +0100 (CET)\n" + "X-Virus-Scanned: by secunet\n" + "X-Spam-Flag: NO\n" + "X-Spam-Score: -5.15\n" + "X-Spam-Level:\n" + "X-Spam-Status: No, score=-5.15 tagged_above=-999 required=2.1\n" + "\ttests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.099, DKIM_SIGNED=0.1,\n" + "\tDKIM_VALID=-0.1, DKIM_VALID_AU=-0.1,\n" + "\tHEADER_FROM_DIFFERENT_DOMAINS=0.249, MAILING_LIST_MULTI=-1,\n" + "\tRCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001]\n" + "\tautolearn=ham autolearn_force=no\n" + "Authentication-Results: a.mx.secunet.com (amavisd-new);\n" + "\tdkim=pass (1024-bit key) header.d=amd.com\n" + "Received: from b.mx.secunet.com ([127.0.0.1])\n" + "\tby localhost (a.mx.secunet.com [127.0.0.1]) (amavisd-new, port 10024)\n" + "\twith ESMTP id cvq5nLGcq4z1 for <steffen.klassert@secunet.com>;\n" + "\tSat, 30 Mar 2024 00:06:55 +0100 (CET)\n" + "Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=147.75.199.223; helo=ny.mirrors.kernel.org; envelope-from=linux-crypto+bounces-3107-steffen.klassert=secunet.com@vger.kernel.org; receiver=steffen.klassert@secunet.com \n" + "DKIM-Filter: OpenDKIM Filter v2.11.0 b.mx.secunet.com 2CCE2200BB\n" + "Authentication-Results: b.mx.secunet.com;\n" + "\tdkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=\"EQB9OIea\"\n" + "Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org [147.75.199.223])\n" + "\t(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))\n" + "\t(No client certificate requested)\n" + "\tby b.mx.secunet.com (Postfix) with ESMTPS id 2CCE2200BB\n" + "\tfor <steffen.klassert@secunet.com>; Sat, 30 Mar 2024 00:06:55 +0100 (CET)\n" + "Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])\n" + "\t(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))\n" + "\t(No client certificate requested)\n" + "\tby ny.mirrors.kernel.org (Postfix) with ESMTPS id 3BDFE1C216D9\n" + "\tfor <steffen.klassert@secunet.com>; Fri, 29 Mar 2024 23:06:54 +0000 (UTC)\n" + "Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])\n" + "\tby smtp.subspace.kernel.org (Postfix) with ESMTP id 49FD913E05E;\n" + "\tFri, 29 Mar 2024 23:06:27 +0000 (UTC)\n" + "Authentication-Results: smtp.subspace.kernel.org;\n" + "\tdkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=\"EQB9OIea\"\n" + "X-Original-To: linux-crypto@vger.kernel.org\n" + "Received: from NAM02-DM3-obe.outbound.protection.outlook.com (mail-dm3nam02on2086.outbound.protection.outlook.com [40.107.95.86])\n" + "\t(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))\n" + "\t(No client certificate requested)\n" + "\tby smtp.subspace.kernel.org (Postfix) with ESMTPS id 1559F13E408;\n" + "\tFri, 29 Mar 2024 23:06:24 +0000 (UTC)\n" + "Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.95.86\n" + "ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;\n" + "\tt=1711753587; cv=fail; b=uVxzxBp9ua9ojUje7iOTm6ElFMdMHmdPYW0cUn6bjO7rF9rpTnSFzjBQNwx9spej1SZwD2d3ddUJSL7R2Behss3Yf5iVrst2nE0eE8Kf9rwbOVWN2G2Wo4zkjF8M1GkC3ISI2lp8VHqirYlYmhXAcrvJ0aWXLcJjioCaJ2gdSfo=\n" + "ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org;\n" + "\ts=arc-20240116; t=1711753587; c=relaxed/simple;\n" + "\tbh=KalEbdqRGRxS5KjJYNiUkYknvhPkZuxd2fBb0cCgSeE=;\n" + "\th=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References:\n" + "\t MIME-Version:Content-Type; b=BOktB9YS73vaB1FyI/btKNHhjK+iudqpuFu8zlcHRObZnEOUWR6aTCQIvgQSBjZ5ifi/zYzsQla9sGYZzlKbXFWcfl/2AMUZeZb7bjFZR/d+d1/oa1Sur7wYqaGcpelZf1ezG2GCIarZyD2juMhQo2HIkLuvXaJvQDhjINv0lNo=\n" + "ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=EQB9OIea; arc=fail smtp.client-ip=40.107.95.86\n" + "Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com\n" + "Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com\n" + "ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;\n" + " b=CFHIOL2v24wJaO2yisaKcXeiUV+EUvOpK9IZEbVfDGmni78YdT0lMZvfpeYqipud8yhZ4gHslAMcdAQuRzk7xciD9c1598D8uZ49rcSjondc9yXX8RRPFMtdylgd6HqoBsseYuRzulAUZ37Zap4H6hxM73NbuAGbOPlloxcddZtPSqnauMXbFezr+3Ef+E4FyYSzxbLkuR8lcNsckXvl6B/FSK28NgDvprWlY8C8e9jc5TSQrufwnBwlVZnEXN40saecPKgxuvpcmxoS//9XPnw1OWEwqx0KLvA+oD1DiQhvgTJdmWJjEsN2gPhhKfBV0SxUD3Yml5RkRt2ef4lrrw==\n" + "ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;\n" + " s=arcselector9901;\n" + " h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;\n" + " bh=xP7eiDAex+6DfGwbSIMsn9LpYXQmn4Kn5QQfRgVRAv8=;\n" + " b=ZvZnMU/ezwI47YqFGuq1hiunzr+cbZzvidUZhx+bqCC51581eV856EBTaw2ucSXMHjUU1fVSs08ZRxWyVUFU+/wF/uRF3k0Iix6KbiwZoY0YL5B3dlrL7oOsRCnqkL9AGsjIswEnCUoJQRUfeFtAVIXwhn/edhT3VN+ysHS188w6CWhK5PohJGWVw08l9Xox6RHmIBsgEiWCkMUKnHVeK2jJ4PAXzapHJz+ZZO0o4AoeC3uqTbbl4u1prerJUGbjuHsknwLjMpCEyTpCOFWaDk8hmEZmyCwnK9HDF7HGK0rLEgAVApg+HWWMbhRvvlLZu2ADZx9vo2DqA6wr0mZLDw==\n" + "ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is\n" + " 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com;\n" + " dmarc=pass (p=quarantine sp=quarantine pct=100) action=none\n" + " header.from=amd.com; dkim=none (message not signed); arc=none (0)\n" + "DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1;\n" + " h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;\n" + " bh=xP7eiDAex+6DfGwbSIMsn9LpYXQmn4Kn5QQfRgVRAv8=;\n" + " b=EQB9OIeaxFjsOzOPKNd8cAEUq7aSSCsc1yGTlBbuIZbxYtxUCa2I+XTMLCPgKruQYscZzJF92fnmoACvtFHOjpstNXrXbQkb38Z1Kc0qn5MP4NGE+3/CUP4fiFbfGWpQnglJXfkKUuHWghjC56ZmuNe921Y5nuLVeUGWMqB3KLI=\n" + "Received: from DM6PR01CA0015.prod.exchangelabs.com (2603:10b6:5:296::20) by\n" + " DS7PR12MB8322.namprd12.prod.outlook.com (2603:10b6:8:ed::13) with Microsoft\n" + " SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id\n" + " 15.20.7409.32; Fri, 29 Mar 2024 23:06:21 +0000\n" + "Received: from DS1PEPF00017092.namprd03.prod.outlook.com\n" + " (2603:10b6:5:296:cafe::60) by DM6PR01CA0015.outlook.office365.com\n" + " (2603:10b6:5:296::20) with Microsoft SMTP Server (version=TLS1_2,\n" + " cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7409.40 via Frontend\n" + " Transport; Fri, 29 Mar 2024 23:06:21 +0000\n" + "X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17)\n" + " smtp.mailfrom=amd.com; dkim=none (message not signed)\n" + " header.d=none;dmarc=pass action=none header.from=amd.com;\n" + "Received-SPF: Pass (protection.outlook.com: domain of amd.com designates\n" + " 165.204.84.17 as permitted sender) receiver=protection.outlook.com;\n" + " client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C\n" + "Received: from SATLEXMB04.amd.com (165.204.84.17) by\n" + " DS1PEPF00017092.mail.protection.outlook.com (10.167.17.135) with Microsoft\n" + " SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id\n" + " 15.20.7409.10 via Frontend Transport; Fri, 29 Mar 2024 23:06:21 +0000\n" + "Received: from localhost (10.180.168.240) by SATLEXMB04.amd.com\n" + " (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2,\n" + " cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Fri, 29 Mar\n" + " 2024 18:06:20 -0500\n" + "From: Michael Roth <michael.roth@amd.com>\n" + "To: <kvm@vger.kernel.org>\n" + "CC: <linux-coco@lists.linux.dev>, <linux-mm@kvack.org>,\n" + "\t<linux-crypto@vger.kernel.org>, <x86@kernel.org>,\n" + "\t<linux-kernel@vger.kernel.org>, <tglx@linutronix.de>, <mingo@redhat.com>,\n" + "\t<jroedel@suse.de>, <thomas.lendacky@amd.com>, <hpa@zytor.com>,\n" + "\t<ardb@kernel.org>, <pbonzini@redhat.com>, <seanjc@google.com>,\n" + "\t<vkuznets@redhat.com>, <jmattson@google.com>, <luto@kernel.org>,\n" + "\t<dave.hansen@linux.intel.com>, <slp@redhat.com>, <pgonda@google.com>,\n" + "\t<peterz@infradead.org>, <srinivas.pandruvada@linux.intel.com>,\n" + "\t<rientjes@google.com>, <dovmurik@linux.ibm.com>, <tobin@ibm.com>,\n" + "\t<bp@alien8.de>, <vbabka@suse.cz>, <kirill@shutemov.name>,\n" + "\t<ak@linux.intel.com>, <tony.luck@intel.com>,\n" + "\t<sathyanarayanan.kuppuswamy@linux.intel.com>, <alpergun@google.com>,\n" + "\t<jarkko@kernel.org>, <ashish.kalra@amd.com>, <nikunj.dadhania@amd.com>,\n" + "\t<pankaj.gupta@amd.com>, <liam.merwick@oracle.com>\n" + "Subject: [PATCH v12 28/29] crypto: ccp: Add the SNP_{PAUSE,RESUME}_ATTESTATION commands\n" + "Date: Fri, 29 Mar 2024 17:58:34 -0500\n" + "Message-ID: <20240329225835.400662-29-michael.roth@amd.com>\n" + "X-Mailer: git-send-email 2.25.1\n" + "In-Reply-To: <20240329225835.400662-1-michael.roth@amd.com>\n" + "References: <20240329225835.400662-1-michael.roth@amd.com>\n" + "Precedence: bulk\n" + "X-Mailing-List: linux-crypto@vger.kernel.org\n" + "List-Id: <linux-crypto.vger.kernel.org>\n" + "List-Subscribe: <mailto:linux-crypto+subscribe@vger.kernel.org>\n" + "List-Unsubscribe: <mailto:linux-crypto+unsubscribe@vger.kernel.org>\n" + "MIME-Version: 1.0\n" + "Content-Transfer-Encoding: 8bit\n" + "Content-Type: text/plain\n" + "X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com\n" + " (10.181.40.145)\n" + "X-EOPAttributedMessage: 0\n" + "X-MS-PublicTrafficType: Email\n" + "X-MS-TrafficTypeDiagnostic: DS1PEPF00017092:EE_|DS7PR12MB8322:EE_\n" + "X-MS-Office365-Filtering-Correlation-Id: cc6f20e1-32a1-4880-c374-08dc5044d987\n" + "X-MS-Exchange-SenderADCheck: 1\n" + "X-MS-Exchange-AntiSpam-Relay: 0\n" + "X-Microsoft-Antispam: BCL:0;\n" + "X-Microsoft-Antispam-Message-Info: leMQLN+KuRS4VcoSCnLaLz7JNsXtLC80aCs8Pj12CnRImmggJ3DHcFgvQll5xsifg/F+W9bI5AQmcUgQqWDWwCHPJTd7zXvQ1C82aUFmJN8M/gg3V5yymXo/c4W/5GwrqcAsxOnq+y8DAgVF0P5WdwcNDnOPWozhyr8xPtFKoW39EgfQvEMCSU/tNVuRU6PBH7V7Modl55CEewnnr0D4ldtLJDCpOwlcAI3q5xVSs6RWojWCjRU+ria7e4JSLKysNWfPDUy85V+cH9LSmxMHvyDmXsBLbvC0BK1TWDEmGyH3pPv0fxmSMuZ3r3WP/5PQWR39flwAtRXSe1GYsflpCbTlTZcju0SqiDhOINxrLbgEKF5QTKnQbcLHyIRupp0CVz44dF2Tp75Iznvkycf1Dtoj0uv8DIV9mz8Rc0HdRf40weU8+Btj93wy2FncEGSpr+Yq8o7hRxjhudDxwHaZw2ICisoEs8fbFbJrEzbhB7Iu+/xnn5IooeevBLB0vPQ8F4/qNQIaYMXQC3k2DTd5r0sN+Obmprz0Biq+ngTERL455yH84jkaW/AaZQPdH8+Wim7NFcmnE2BZ/kwo9aksMGZe+A5mV/3rJx+5+H659gQvgkkXJMRVAhmrnKKmZmePZkAQ/O45FJjrxhXXO8xp7UzVUG/jwDXzgRivyEc8VGg/zTNp0EmWwjU/ymrymD6gZPOPrteZxD+dHaHvXopGXCVl1SdmFOgY+UAe+h17Af9Syjhb77+v+JgZBQfK1ZrX\n" + "X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(36860700004)(1800799015)(82310400014)(376005)(7416005);DIR:OUT;SFP:1101;\n" + "X-MS-Exchange-CrossTenant-OriginalArrivalTime: 29 Mar 2024 23:06:21.6538\n" + " (UTC)\n" + "X-MS-Exchange-CrossTenant-Network-Message-Id: cc6f20e1-32a1-4880-c374-08dc5044d987\n" + "X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d\n" + "X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com]\n" + "X-MS-Exchange-CrossTenant-AuthSource: DS1PEPF00017092.namprd03.prod.outlook.com\n" + "X-MS-Exchange-CrossTenant-AuthAs: Anonymous\n" + "X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem\n" + "X-MS-Exchange-Transport-CrossTenantHeadersStamped: DS7PR12MB8322\n" + "Return-Path: linux-crypto+bounces-3107-steffen.klassert=secunet.com@vger.kernel.org\n" + "X-MS-Exchange-Organization-OriginalArrivalTime: 29 Mar 2024 23:06:58.7028\n" + " (UTC)\n" + "X-MS-Exchange-Organization-Network-Message-Id: 2ce8fc15-1b0f-476a-621b-08dc5044ef91\n" + "X-MS-Exchange-Organization-OriginalClientIPAddress: 62.96.220.37\n" + "X-MS-Exchange-Organization-OriginalServerIPAddress: 10.53.40.202\n" + "X-MS-Exchange-Organization-Cross-Premises-Headers-Processed: cas-essen-02.secunet.de\n" + "X-MS-Exchange-Organization-OrderedPrecisionLatencyInProgress: LSRV=cas-essen-02.secunet.de:TOTAL-FE=0.007|SMR=0.007(SMRPI=0.004(SMRPI-FrontendProxyAgent=0.004));2024-03-29T23:06:58.709Z\n" + "X-MS-Exchange-Forest-ArrivalHubServer: mbx-essen-02.secunet.de\n" + "X-MS-Exchange-Organization-AuthSource: cas-essen-02.secunet.de\n" + "X-MS-Exchange-Organization-AuthAs: Anonymous\n" + "X-MS-Exchange-Organization-OriginalSize: 22477\n" + "X-MS-Exchange-Organization-Transport-Properties: DeliveryPriority=Low\n" + "X-MS-Exchange-Organization-Prioritization: 2:ShadowRedundancy\n" + "X-MS-Exchange-Organization-IncludeInSla: False:ShadowRedundancy\n" + "\n" + "These commands can be used to pause servicing of guest attestation\n" + "requests. This useful when updating the reported TCB or signing key with\n" + "commands such as SNP_SET_CONFIG/SNP_COMMIT/SNP_VLEK_LOAD, since they may\n" + "in turn require updates to userspace-supplied certificates, and if an\n" + "attestation request happens to be in-flight at the time those updates\n" + "are occurring there is potential for a guest to receive a certificate\n" + "blob that is out of sync with the effective signing key for the\n" + "attestation report.\n" + "\n" + "These interfaces also provide some versatility with how similar\n" + "firmware/certificate update activities can be handled in the future.\n" + "\n" + "Signed-off-by: Michael Roth <michael.roth@amd.com>\n" + "---\n" + " Documentation/virt/coco/sev-guest.rst | 50 +++++++++++++++++++++++++--\n" + " arch/x86/include/asm/sev.h | 4 +++\n" + " arch/x86/virt/svm/sev.c | 43 +++++++++++++++++++++++\n" + " drivers/crypto/ccp/sev-dev.c | 47 +++++++++++++++++++++++++\n" + " include/uapi/linux/psp-sev.h | 12 +++++++\n" + " 5 files changed, 154 insertions(+), 2 deletions(-)\n" + "\n" + "diff --git a/Documentation/virt/coco/sev-guest.rst b/Documentation/virt/coco/sev-guest.rst\n" + "index e1eaf6a830ce..dd5cf2098afd 100644\n" + "--- a/Documentation/virt/coco/sev-guest.rst\n" + "+++ b/Documentation/virt/coco/sev-guest.rst\n" + "@@ -128,8 +128,6 @@ the SEV-SNP specification for further details.\n" + " \n" + " The SNP_GET_EXT_REPORT ioctl is similar to the SNP_GET_REPORT. The difference is\n" + " related to the additional certificate data that is returned with the report.\n" + "-The certificate data returned is being provided by the hypervisor through the\n" + "-SNP_SET_EXT_CONFIG.\n" + " \n" + " The ioctl uses the SNP_GUEST_REQUEST (MSG_REPORT_REQ) command provided by the SEV-SNP\n" + " firmware to get the attestation report.\n" + "@@ -176,6 +174,54 @@ to SNP_CONFIG command defined in the SEV-SNP spec. The current values of\n" + " the firmware parameters affected by this command can be queried via\n" + " SNP_PLATFORM_STATUS.\n" + " \n" + "+2.7 SNP_PAUSE_ATTESTATION / SNP_RESUME_ATTESTATION\n" + "+--------------------------------------------------\n" + "+:Technology: sev-snp\n" + "+:Type: hypervisor ioctl cmd\n" + "+:Parameters (out): struct sev_user_data_snp_pause_transaction\n" + "+:Returns (out): 0 on success, -negative on error\n" + "+\n" + "+When requesting attestation reports, SNP guests have the option of issuing\n" + "+an extended guest request which allows host userspace to supply additional\n" + "+certificate data that can be used to validate the signature used to sign\n" + "+the attestation report. This signature is generated using a key that is\n" + "+derived from the reported TCB that can be set via the SNP_SET_CONFIG and\n" + "+SNP_COMMIT ioctls, so the accompanying certificate data needs to be kept in\n" + "+sync with the changes made to the reported TCB via these ioctls.\n" + "+\n" + "+Similarly, interfaces like SNP_LOAD_VLEK can modify the key used to sign\n" + "+the attestation reports, which may in turn require updating the certificate\n" + "+data provided to guests via extended guest requests.\n" + "+\n" + "+To allow for updating the reported TCB, endorsement key, and any certificate\n" + "+data in a manner that is atomic to guests, the SNP_PAUSE_ATTESTATION and\n" + "+SNP_RESUME_ATTESTATION commands are provided.\n" + "+\n" + "+After SNP_PAUSE_ATTESTATION is issued, any attestation report requests via\n" + "+extended guest requests that are in-progress, or received after\n" + "+SNP_PAUSE_ATTESTATION is issued, will result in the guest receiving a\n" + "+GHCB-defined error message instructing it to retry the request. Once all\n" + "+the desired reported TCB, endorsement keys, or certificate data updates\n" + "+are completed on the host, the SNP_RESUME_ATTESTATION command must be\n" + "+issued to allow guest attestation requests to proceed.\n" + "+\n" + "+In general, hosts should serialize updates of this sort and never have more\n" + "+than 1 outstanding transaction in flight that could result in the\n" + "+interleaving of multiple SNP_PAUSE_ATTESTATION/SNP_RESUME_ATTESTATION pairs.\n" + "+To guard against this, SNP_PAUSE_ATTESTATION will fail if another process\n" + "+has already paused attestation requests.\n" + "+\n" + "+However, there may be occassions where a transaction needs to be aborted due\n" + "+to unexpected activity in userspace such as timeouts, crashes, etc., so\n" + "+SNP_RESUME_ATTESTATION will always succeed. Nonetheless, this could\n" + "+potentially lead to SNP_RESUME_ATTESTATION being called out of sequence, so\n" + "+to allow for callers of SNP_{PAUSE,RESUME}_ATTESTATION to detect such\n" + "+occurrences, each ioctl will return a transaction ID in the response so the\n" + "+caller can monitor whether the start/end ID both match. If they don't, the\n" + "+caller should assume that attestation has been paused/resumed unexpectedly,\n" + "+and take whatever measures it deems necessary such as logging, reporting,\n" + "+auditing the sequence of events.\n" + "+\n" + " 3. SEV-SNP CPUID Enforcement\n" + " ============================\n" + " \n" + "diff --git a/arch/x86/include/asm/sev.h b/arch/x86/include/asm/sev.h\n" + "index 234a998e2d2d..975e92005438 100644\n" + "--- a/arch/x86/include/asm/sev.h\n" + "+++ b/arch/x86/include/asm/sev.h\n" + "@@ -272,6 +272,8 @@ int rmp_make_private(u64 pfn, u64 gpa, enum pg_level level, u32 asid, bool immut\n" + " int rmp_make_shared(u64 pfn, enum pg_level level);\n" + " void snp_leak_pages(u64 pfn, unsigned int npages);\n" + " void kdump_sev_callback(void);\n" + "+int snp_pause_attestation(u64 *transaction_id);\n" + "+void snp_resume_attestation(u64 *transaction_id);\n" + " #else\n" + " static inline bool snp_probe_rmptable_info(void) { return false; }\n" + " static inline int snp_lookup_rmpentry(u64 pfn, bool *assigned, int *level) { return -ENODEV; }\n" + "@@ -285,6 +287,8 @@ static inline int rmp_make_private(u64 pfn, u64 gpa, enum pg_level level, u32 as\n" + " static inline int rmp_make_shared(u64 pfn, enum pg_level level) { return -ENODEV; }\n" + " static inline void snp_leak_pages(u64 pfn, unsigned int npages) {}\n" + " static inline void kdump_sev_callback(void) { }\n" + "+static inline int snp_pause_attestation(u64 *transaction_id) { return 0; }\n" + "+static inline void snp_resume_attestation(u64 *transaction_id) {}\n" + " #endif\n" + " \n" + " #endif\n" + "diff --git a/arch/x86/virt/svm/sev.c b/arch/x86/virt/svm/sev.c\n" + "index ab0e8448bb6e..09d62870306b 100644\n" + "--- a/arch/x86/virt/svm/sev.c\n" + "+++ b/arch/x86/virt/svm/sev.c\n" + "@@ -70,6 +70,11 @@ static DEFINE_SPINLOCK(snp_leaked_pages_list_lock);\n" + " \n" + " static unsigned long snp_nr_leaked_pages;\n" + " \n" + "+/* For synchronizing TCB/certificate updates with extended guest requests */\n" + "+static DEFINE_MUTEX(snp_pause_attestation_lock);\n" + "+static u64 snp_transaction_id;\n" + "+static bool snp_attestation_paused;\n" + "+\n" + " #undef pr_fmt\n" + " #define pr_fmt(fmt)\t\"SEV-SNP: \" fmt\n" + " \n" + "@@ -568,3 +573,41 @@ void kdump_sev_callback(void)\n" + " \tif (cc_platform_has(CC_ATTR_HOST_SEV_SNP))\n" + " \t\twbinvd();\n" + " }\n" + "+\n" + "+int snp_pause_attestation(u64 *transaction_id)\n" + "+{\n" + "+\tmutex_lock(&snp_pause_attestation_lock);\n" + "+\n" + "+\tif (snp_attestation_paused) {\n" + "+\t\tmutex_unlock(&snp_pause_attestation_lock);\n" + "+\t\treturn -EBUSY;\n" + "+\t}\n" + "+\n" + "+\t/*\n" + "+\t * The actual transaction ID update will happen when\n" + "+\t * snp_resume_attestation() is called, so return\n" + "+\t * the *anticipated* transaction ID that will be\n" + "+\t * returned by snp_resume_attestation(). This is\n" + "+\t * to ensure that unbalanced/aborted transactions will\n" + "+\t * be noticeable when the caller that started the\n" + "+\t * transaction calls snp_resume_attestation().\n" + "+\t */\n" + "+\t*transaction_id = snp_transaction_id + 1;\n" + "+\tsnp_attestation_paused = true;\n" + "+\n" + "+\tmutex_unlock(&snp_pause_attestation_lock);\n" + "+\n" + "+\treturn 0;\n" + "+}\n" + "+EXPORT_SYMBOL_GPL(snp_pause_attestation);\n" + "+\n" + "+void snp_resume_attestation(u64 *transaction_id)\n" + "+{\n" + "+\tmutex_lock(&snp_pause_attestation_lock);\n" + "+\n" + "+\tsnp_attestation_paused = false;\n" + "+\t*transaction_id = ++snp_transaction_id;\n" + "+\n" + "+\tmutex_unlock(&snp_pause_attestation_lock);\n" + "+}\n" + "+EXPORT_SYMBOL_GPL(snp_resume_attestation);\n" + "diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c\n" + "index 97a7959406ee..7eb18a273731 100644\n" + "--- a/drivers/crypto/ccp/sev-dev.c\n" + "+++ b/drivers/crypto/ccp/sev-dev.c\n" + "@@ -2060,6 +2060,47 @@ static int sev_ioctl_do_snp_vlek_load(struct sev_issue_cmd *argp, bool writable)\n" + " \treturn ret;\n" + " }\n" + " \n" + "+static int sev_ioctl_do_snp_pause_attestation(struct sev_issue_cmd *argp, bool writable)\n" + "+{\n" + "+\tstruct sev_user_data_snp_pause_attestation transaction = {0};\n" + "+\tstruct sev_device *sev = psp_master->sev_data;\n" + "+\tint ret;\n" + "+\n" + "+\tif (!sev->snp_initialized || !argp->data)\n" + "+\t\treturn -EINVAL;\n" + "+\n" + "+\tif (!writable)\n" + "+\t\treturn -EPERM;\n" + "+\n" + "+\tret = snp_pause_attestation(&transaction.id);\n" + "+\tif (ret)\n" + "+\t\treturn ret;\n" + "+\n" + "+\tif (copy_to_user((void __user *)argp->data, &transaction, sizeof(transaction)))\n" + "+\t\treturn -EFAULT;\n" + "+\n" + "+\treturn 0;\n" + "+}\n" + "+\n" + "+static int sev_ioctl_do_snp_resume_attestation(struct sev_issue_cmd *argp, bool writable)\n" + "+{\n" + "+\tstruct sev_user_data_snp_pause_attestation transaction = {0};\n" + "+\tstruct sev_device *sev = psp_master->sev_data;\n" + "+\n" + "+\tif (!sev->snp_initialized || !argp->data)\n" + "+\t\treturn -EINVAL;\n" + "+\n" + "+\tif (!writable)\n" + "+\t\treturn -EPERM;\n" + "+\n" + "+\tsnp_resume_attestation(&transaction.id);\n" + "+\n" + "+\tif (copy_to_user((void __user *)argp->data, &transaction, sizeof(transaction)))\n" + "+\t\treturn -EFAULT;\n" + "+\n" + "+\treturn 0;\n" + "+}\n" + "+\n" + " static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg)\n" + " {\n" + " \tvoid __user *argp = (void __user *)arg;\n" + "@@ -2123,6 +2164,12 @@ static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg)\n" + " \tcase SNP_VLEK_LOAD:\n" + " \t\tret = sev_ioctl_do_snp_vlek_load(&input, writable);\n" + " \t\tbreak;\n" + "+\tcase SNP_PAUSE_ATTESTATION:\n" + "+\t\tret = sev_ioctl_do_snp_pause_attestation(&input, writable);\n" + "+\t\tbreak;\n" + "+\tcase SNP_RESUME_ATTESTATION:\n" + "+\t\tret = sev_ioctl_do_snp_resume_attestation(&input, writable);\n" + "+\t\tbreak;\n" + " \tdefault:\n" + " \t\tret = -EINVAL;\n" + " \t\tgoto out;\n" + "diff --git a/include/uapi/linux/psp-sev.h b/include/uapi/linux/psp-sev.h\n" + "index 2289b7c76c59..7b35b2814a99 100644\n" + "--- a/include/uapi/linux/psp-sev.h\n" + "+++ b/include/uapi/linux/psp-sev.h\n" + "@@ -32,6 +32,8 @@ enum {\n" + " \tSNP_COMMIT,\n" + " \tSNP_SET_CONFIG,\n" + " \tSNP_VLEK_LOAD,\n" + "+\tSNP_PAUSE_ATTESTATION,\n" + "+\tSNP_RESUME_ATTESTATION,\n" + " \n" + " \tSEV_MAX,\n" + " };\n" + "@@ -241,6 +243,16 @@ struct sev_user_data_snp_wrapped_vlek_hashstick {\n" + " \t__u8 data[432];\t\t\t\t/* In */\n" + " } __packed;\n" + " \n" + "+/**\n" + "+ * struct sev_user_data_snp_pause_attestation - metadata for pausing attestation\n" + "+ *\n" + "+ * @id: the ID of the transaction started/ended by a call to SNP_PAUSE_ATTESTATION\n" + "+ *\tor SNP_RESUME_ATTESTATION, respectively.\n" + "+ */\n" + "+struct sev_user_data_snp_pause_attestation {\n" + "+\t__u64 id;\t\t\t\t/* Out */\n" + "+} __packed;\n" + "+\n" + " /**\n" + " * struct sev_issue_cmd - SEV ioctl parameters\n" + " *\n" + "-- \n" 2.25.1 -50530d9e7d60e26f8cf3e74f20741ffa82b2b2c4a713cf0f5e4918e86b431c04 +44ef479c247c07c1fc7621dca51e8081ad9cf13941b602bae76d3d22eca3c4f4
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox