From: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com>
To: "Kirill A . Shutemov" <kirill.shutemov@linux.intel.com>
Cc: x86@kernel.org, Dave Hansen <dave.hansen@linux.intel.com>,
Dan Williams <dan.j.williams@intel.com>,
Xiaoyao Li <xiaoyao.li@intel.com>,
linux-kernel@vger.kernel.org, linux-coco@lists.linux.dev
Subject: Re: [PATCH v1] virt: tdx-guest: Handle GetQuote request error code
Date: Tue, 9 Jan 2024 19:56:56 -0800 [thread overview]
Message-ID: <6805ad1f-2c91-4a8d-98c9-5da337dd13f6@linux.intel.com> (raw)
In-Reply-To: <20240109131740.nk54gdmri6gpwkta@box.shutemov.name>
On 1/9/2024 5:17 AM, Kirill A . Shutemov wrote:
> On Tue, Jan 09, 2024 at 05:46:04AM +0000, Kuppuswamy Sathyanarayanan wrote:
>> Currently when a user requests for the Quote generation, the Quote
>> generation handler (tdx_report_new()) only checks whether the VMM
>> successfully processes the Quote generation request (status !=
>> GET_QUOTE_IN_FLIGHT) and returns the output to the user without
>> validating the status of the output data. Since VMM can return error
>> even after processing the Quote request, returning success just after
>> successful processing will create confusion to the user. Although for
>> the failed request, output buffer length will be zero and can also be
>> used by the user to identify the failure case, it will be more clear to
>> return error for all failed cases. So validate the Quote output status
>> and return error code for all failed cases.
>
> Could you split commit message into several paragraphs? It would be easier
> to get along.
>
> It can be helpful to follow structure like:
>
> <Background>
>
> <Problem>
>
> <Solution>
>
How about the following version?
During the TDX guest attestation process, TSM ConfigFS ABI is used by
the user attestation agent to get the signed VM measurement data (a.k.a
Quote), which can be used by a remote verifier to validate the
trustworthiness of the guest. When a user requests for the Quote data
via the ConfigFS ABI, the TDX Quote generation handler
(tdx_report_new()) forwards the request to VMM (or QE) via a hypercall,
and then shares the output with the user.
Currently, when handling the Quote generation request, tdx_report_new()
handler only checks whether the VMM successfully processed the request
and if it is true it returns success and shares the output to the user
without actually validating the output data. Since the VMM can return
error even after processing the Quote request, always returning success
for the processed requests is incorrect and will create confusion to
the user. Although for the failed request, output buffer length will
be zero and can also be used by the user to identify the failure case,
it will be more clear to return error for all failed cases.
So when handling the Quote generation request, validate the Quote data
output status and return error code for all failed cases.
--
Sathyanarayanan Kuppuswamy
Linux Kernel Developer
next prev parent reply other threads:[~2024-01-10 3:56 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-01-09 5:46 [PATCH v1] virt: tdx-guest: Handle GetQuote request error code Kuppuswamy Sathyanarayanan
2024-01-09 13:17 ` Kirill A . Shutemov
2024-01-10 3:56 ` Kuppuswamy Sathyanarayanan [this message]
2024-01-10 12:54 ` Kirill A . Shutemov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=6805ad1f-2c91-4a8d-98c9-5da337dd13f6@linux.intel.com \
--to=sathyanarayanan.kuppuswamy@linux.intel.com \
--cc=dan.j.williams@intel.com \
--cc=dave.hansen@linux.intel.com \
--cc=kirill.shutemov@linux.intel.com \
--cc=linux-coco@lists.linux.dev \
--cc=linux-kernel@vger.kernel.org \
--cc=x86@kernel.org \
--cc=xiaoyao.li@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox