From: Tom Lendacky <thomas.lendacky@amd.com>
To: Dionna Amalie Glaze <dionnaglaze@google.com>
Cc: linux-kernel@vger.kernel.org, x86@kernel.org,
Ashish Kalra <ashish.kalra@amd.com>,
John Allen <john.allen@amd.com>,
Herbert Xu <herbert@gondor.apana.org.au>,
"David S. Miller" <davem@davemloft.net>,
linux-coco@lists.linux.dev,
Sean Christopherson <seanjc@google.com>,
Paolo Bonzini <pbonzini@redhat.com>,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
Dave Hansen <dave.hansen@linux.intel.com>,
Michael Roth <michael.roth@amd.com>,
Luis Chamberlain <mcgrof@kernel.org>,
Russ Weight <russ.weight@linux.dev>,
Danilo Krummrich <dakr@redhat.com>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
"Rafael J. Wysocki" <rafael@kernel.org>,
Tianfei zhang <tianfei.zhang@intel.com>,
Alexey Kardashevskiy <aik@amd.com>,
linux-crypto@vger.kernel.org
Subject: Re: [PATCH v5 07/10] crypto: ccp: Add preferred access checking method
Date: Tue, 12 Nov 2024 15:08:43 -0600 [thread overview]
Message-ID: <5212b2a8-a20a-3702-de07-7c3e3b7e8dcc@amd.com> (raw)
In-Reply-To: <CAAH4kHaAqh1R6CGBKXNsO+uQnscwGo0Y06MTny8CebSWK9QMaw@mail.gmail.com>
On 11/12/24 13:47, Dionna Amalie Glaze wrote:
> On Mon, Nov 11, 2024 at 2:46 PM Tom Lendacky <thomas.lendacky@amd.com> wrote:
>>
>> On 11/7/24 17:24, Dionna Glaze wrote:
>>> sev_issue_cmd_external_user is the only function that checks permissions
>>> before performing its task. With the new GCTX API, it's important to
>>> establish permission once and have that determination dominate later API
>>> uses. This is implicitly how ccp has been used by dominating uses of
>>> sev_do_cmd by a successful sev_issue_cmd_external_user call.
>>>
>>> Consider sev_issue_cmd_external_user deprecated by
>>> checking if a held file descriptor passes file_is_sev, similar to the
>>> file_is_kvm function.
>>>
>>> This also fixes the header comment that the bad file error code is
>>> -%EINVAL when in fact it is -%EBADF.
>>
>> Same comment as before. This commit merely creates a helper function, so
>> this commit message is not appropriate.
>>
>
> Is this a meta-comment about how the commit presupposes being in a
> series with a goal, but should have a self-contained commit message? I
> don't know what "same comment as before" you're referring to.
I made the same comment in your previous series.
> How about this:
>
> crypto: ccp: Add file_is_sev to identify access
>
> Access to the ccp driver only needs to be determined once, so
once per KVM ioctl invocation
> sev_issue_cmd_external_user called in a loop (e.g. for
> SNP_LAUNCH_UPDATE) does more than it needs to.
>
> The file_is_sev function allows the caller to determine access before using
> sev_do_cmd or other API methods multiple times without extra access
> checking.
>
> This also fixes the header comment that the bad file error code is
> -%EINVAL when in fact it is -%EBADF.
Yes, I like this better.
Thanks,
Tom
>
>
>
>
next prev parent reply other threads:[~2024-11-12 21:08 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20241107232457.4059785-1-dionnaglaze@google.com>
2024-11-07 23:24 ` [PATCH v5 04/10] crypto: ccp: Fix uapi definitions of PSP errors Dionna Glaze
2024-11-08 16:14 ` Tom Lendacky
2024-11-08 22:13 ` Dionna Amalie Glaze
2024-11-07 23:24 ` [PATCH v5 05/10] crypto: ccp: Add GCTX API to track ASID assignment Dionna Glaze
2024-11-08 17:24 ` Tom Lendacky
2024-11-08 22:13 ` Dionna Amalie Glaze
2024-11-11 17:13 ` Tom Lendacky
2024-11-11 21:16 ` Kalra, Ashish
2024-11-11 21:35 ` Dionna Amalie Glaze
2024-11-11 21:48 ` Kalra, Ashish
2024-11-07 23:24 ` [PATCH v5 06/10] crypto: ccp: Add DOWNLOAD_FIRMWARE_EX support Dionna Glaze
2024-11-08 15:42 ` Dionna Amalie Glaze
2024-11-08 17:44 ` Tom Lendacky
2024-11-08 22:13 ` Dionna Amalie Glaze
2024-11-11 22:10 ` Kalra, Ashish
2024-11-11 22:37 ` Dionna Amalie Glaze
2024-11-07 23:24 ` [PATCH v5 07/10] crypto: ccp: Add preferred access checking method Dionna Glaze
2024-11-11 22:46 ` Tom Lendacky
2024-11-12 19:47 ` Dionna Amalie Glaze
2024-11-12 21:08 ` Tom Lendacky [this message]
2024-11-07 23:24 ` [PATCH v5 08/10] KVM: SVM: move sev_issue_cmd_external_user to new API Dionna Glaze
2024-11-12 15:52 ` Tom Lendacky
2024-11-12 19:30 ` Dionna Amalie Glaze
2024-11-12 22:06 ` Tom Lendacky
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5212b2a8-a20a-3702-de07-7c3e3b7e8dcc@amd.com \
--to=thomas.lendacky@amd.com \
--cc=aik@amd.com \
--cc=ashish.kalra@amd.com \
--cc=bp@alien8.de \
--cc=dakr@redhat.com \
--cc=dave.hansen@linux.intel.com \
--cc=davem@davemloft.net \
--cc=dionnaglaze@google.com \
--cc=gregkh@linuxfoundation.org \
--cc=herbert@gondor.apana.org.au \
--cc=john.allen@amd.com \
--cc=linux-coco@lists.linux.dev \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mcgrof@kernel.org \
--cc=michael.roth@amd.com \
--cc=mingo@redhat.com \
--cc=pbonzini@redhat.com \
--cc=rafael@kernel.org \
--cc=russ.weight@linux.dev \
--cc=seanjc@google.com \
--cc=tglx@linutronix.de \
--cc=tianfei.zhang@intel.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox