From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 54A8FC61DA4
	for <linux-mm@archiver.kernel.org>; Wed, 22 Feb 2023 20:24:29 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id C0BCD6B0071; Wed, 22 Feb 2023 15:24:28 -0500 (EST)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id BBB3B6B0072; Wed, 22 Feb 2023 15:24:28 -0500 (EST)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id A5BA96B0073; Wed, 22 Feb 2023 15:24:28 -0500 (EST)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14])
	by kanga.kvack.org (Postfix) with ESMTP id 97B5E6B0071
	for <linux-mm@kvack.org>; Wed, 22 Feb 2023 15:24:28 -0500 (EST)
Received: from smtpin22.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay09.hostedemail.com (Postfix) with ESMTP id F232080D00
	for <linux-mm@kvack.org>; Wed, 22 Feb 2023 20:24:27 +0000 (UTC)
X-FDA: 80496055374.22.9D35168
Received: from mail-lf1-f51.google.com (mail-lf1-f51.google.com [209.85.167.51])
	by imf22.hostedemail.com (Postfix) with ESMTP id E5196C0014
	for <linux-mm@kvack.org>; Wed, 22 Feb 2023 20:24:25 +0000 (UTC)
Authentication-Results: imf22.hostedemail.com;
	dkim=pass header.d=gmail.com header.s=20210112 header.b=TJefIB0q;
	dmarc=pass (policy=none) header.from=gmail.com;
	spf=pass (imf22.hostedemail.com: domain of zhi.wang.linux@gmail.com designates 209.85.167.51 as permitted sender) smtp.mailfrom=zhi.wang.linux@gmail.com
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com;
	s=arc-20220608; t=1677097466;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:dkim-signature;
	bh=c+88bH++uusEhsdCC8mbBZL+IqsNGdL/GWZjkaswK2g=;
	b=AAjG9NUhe4hZO8IsrRhs+UbZjmjimcbCCVzZVHIQIvr+85iu9xvHouEFh/qeD7WZZwRtB0
	0UFyozckSdYvNLWibt/zpHrlifney7NXgJyCDJS30OiHDObUKw13BMyUT+WWDP81gAXsuM
	fG9Nu0efwY+64Qd+aMp/l8vIqpFKUno=
ARC-Authentication-Results: i=1;
	imf22.hostedemail.com;
	dkim=pass header.d=gmail.com header.s=20210112 header.b=TJefIB0q;
	dmarc=pass (policy=none) header.from=gmail.com;
	spf=pass (imf22.hostedemail.com: domain of zhi.wang.linux@gmail.com designates 209.85.167.51 as permitted sender) smtp.mailfrom=zhi.wang.linux@gmail.com
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1677097466; a=rsa-sha256;
	cv=none;
	b=dGDUhTgzNABEB5JC0KReqIT0Ukk7YtJCVCDMIRSnf7Qn1NPsgXeQZlleKB+Mn+5wVJ9/le
	OdRekOg1/yRhTeXjCIYnMFKDqMsRE+3CgAjbouHPA0vqRSEI05+nzLDhuuKP4D6nYcuTPA
	7x0ss2gZmhuKo2axkjPgXyF1XzafQSQ=
Received: by mail-lf1-f51.google.com with SMTP id g8so7915982lfj.2
        for <linux-mm@kvack.org>; Wed, 22 Feb 2023 12:24:25 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112; t=1677097464;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:subject:cc:to:from:date:from:to:cc:subject:date
         :message-id:reply-to;
        bh=c+88bH++uusEhsdCC8mbBZL+IqsNGdL/GWZjkaswK2g=;
        b=TJefIB0qefiV0E0Eh1hvJ3Ok+jvjjbxXtGzunNbw3xbB0mLj8aZB6Xz6/dfJEWmZLV
         dIRe6mkVqEYCmWm5sjhsgpaI5Sir+3QpDea40ZLSjncBq3UgEsDDr14oiw2YB6vGI66C
         CQkmGMi/QtXDGjllQwOWjDCshZdYumOJCoFGCVxGD5jYNpf1df9b4o1NKn+jrtR+cZ4B
         L3v35eXWzc6k5T42Pjk9J3br4ElN/hd0mUS4uRDs2sTjuhnTYEJv2C63Of1b7m149Vfc
         Zpg6vGjONgTyHKz2nSnMiYpCmr34O1+LUNOC5YbxUmkNgEPvhMY1V6M923H2cVZ0WFFI
         R10g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112; t=1677097464;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:subject:cc:to:from:date:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=c+88bH++uusEhsdCC8mbBZL+IqsNGdL/GWZjkaswK2g=;
        b=4Tn0fIYQWlmoGRncwWQL+UbFyHUt7sS++ctc1SuxEWIDMWQLWSw6O5vRDym5qjT9dE
         q8CCOEiLXgPhrvwyctCtpm6nb/IxRKm21NNY2+cQPUXZ2SnIFh17gJ9o8j8PrFlssEEv
         qljp0LgRmX059cl2G9f9Wv9+dfW0tdzEiGWE6aYzv4jKyZZTNybTSb0EmCihIZ5UhSzr
         Ch8e8yGrVWT24xjasrggt5kRXKxy9g83E0p+GMu7Ih4TEXJIFEfRNVouDXSxA2xdKwN2
         c3nqQnItdOo3NVZtGtZ+wcQrXrh/vEmCJsQmBIE767an/x42IhyBZYM1dlW8IQXUATy+
         4ZYQ==
X-Gm-Message-State: AO0yUKVcx/SioKdBvbQl3kxNeJTBNHo+KkfoVlbn6hR9yxyby/n+mF1I
	4+yMD1KkiAj9KPOJk4FU4H4=
X-Google-Smtp-Source: AK7set/Whf/6LlbBrRRKoUl5FBXbdlxpDW9V7S/fwraxQrmyav/hzmWIjYBVbXE8NNuUhPQcghsbwg==
X-Received: by 2002:ac2:5470:0:b0:4d2:a03b:2840 with SMTP id e16-20020ac25470000000b004d2a03b2840mr3520811lfn.4.1677097463919;
        Wed, 22 Feb 2023 12:24:23 -0800 (PST)
Received: from localhost (88-115-161-74.elisa-laajakaista.fi. [88.115.161.74])
        by smtp.gmail.com with ESMTPSA id a8-20020a056512020800b004cb1de3f487sm1031840lfo.104.2023.02.22.12.24.23
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 22 Feb 2023 12:24:23 -0800 (PST)
Date: Wed, 22 Feb 2023 22:24:21 +0200
From: Zhi Wang <zhi.wang.linux@gmail.com>
To: Michael Roth <michael.roth@amd.com>
Cc: <kvm@vger.kernel.org>, <linux-coco@lists.linux.dev>,
 <linux-mm@kvack.org>, <linux-crypto@vger.kernel.org>, <x86@kernel.org>,
 <linux-kernel@vger.kernel.org>, <tglx@linutronix.de>, <mingo@redhat.com>,
 <jroedel@suse.de>, <thomas.lendacky@amd.com>, <hpa@zytor.com>,
 <ardb@kernel.org>, <pbonzini@redhat.com>, <seanjc@google.com>,
 <vkuznets@redhat.com>, <jmattson@google.com>, <luto@kernel.org>,
 <dave.hansen@linux.intel.com>, <slp@redhat.com>, <pgonda@google.com>,
 <peterz@infradead.org>, <srinivas.pandruvada@linux.intel.com>,
 <rientjes@google.com>, <dovmurik@linux.ibm.com>, <tobin@ibm.com>,
 <bp@alien8.de>, <vbabka@suse.cz>, <kirill@shutemov.name>,
 <ak@linux.intel.com>, <tony.luck@intel.com>, <marcorr@google.com>,
 <sathyanarayanan.kuppuswamy@linux.intel.com>, <alpergun@google.com>,
 <dgilbert@redhat.com>, <jarkko@kernel.org>, <ashish.kalra@amd.com>,
 <nikunj.dadhania@amd.com>, Brijesh Singh <brijesh.singh@amd.com>
Subject: Re: [PATCH RFC v8 28/56] crypto: ccp: Provide APIs to query
 extended attestation report
Message-ID: <20230222222421.00001a62@gmail.com>
In-Reply-To: <20230220183847.59159-29-michael.roth@amd.com>
References: <20230220183847.59159-1-michael.roth@amd.com>
	<20230220183847.59159-29-michael.roth@amd.com>
X-Mailer: Claws Mail 4.1.0 (GTK 3.24.33; x86_64-w64-mingw32)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-Rspam-User: 
X-Rspamd-Server: rspam02
X-Rspamd-Queue-Id: E5196C0014
X-Stat-Signature: 58by3bzfx5k5q4xeu9qw6jyqz1s8rd6u
X-HE-Tag: 1677097465-898776
X-HE-Meta: U2FsdGVkX181yYKeyC5nuWY+ojZOmG+QJEn7amh4i8VjLWoS3mdhNqARMP3Qa38WL/rlpCnsLXL8zqGfWvRv7JHNTwrh4vk1VQPJigIcFSZhBNUjAwmX2pv4iSrxG1Em6Yn1HKgvs3aPYSAvzHQvMugyJbw/sWETYskonJarkqyaLpTZGfyztMUZUGKRyVIusGj4g1fCTLc+V3Sp5qMrEYNCByAFNLznbQO7XA0PlUoHfDVYyeLzwV4lu6llOnkBHSoR/JfIJUS7z4xYyObps6AjNqALuskFZBRN5XGkBP8zAWb9vfoPaiV/LO4E7RQ/wen3ybwOuoC/uhCqgZVelHvEY/EEy+er2lFKgHZT9C9scJPXL1zBl9d4PQximMns9s5dWNmkcEixebS6B7Nwp68K/0pI1ibAbhmHG+7ti+heW5NIe7XDeOfI5DBoReaWG+jfoPc7S2L42obm9zGZ+1yPKr6M4dYA7V3SpoXCZQnltaM5y5qwJPKzf0M3M6nHvbcO1On3kF4l5PPYT1JGmvLOtFmMbfIOGZ/g6MeoCtA1CR461wgPlpD1XSompqJCnR9zkM/nYgQLZaquMhyQ/kHDEquyRdIi5FkgsLJmKUlMUY2Q0vDy5UJ78/+tJXA7JuqjSeRZE9zA7R08w6zwFQgC1rpKL82JjznYvOzLJXp2FkFx9OZtXuEmlkj1bxUMOQO8747DYoZdDWr4cNJCzxXeENXzm6jVjalYs/kdzXqVVNBfb8f9/jngp4tlsC6vYiMBtf16kqFjZb1ZzuFmambLuL+mDkFsL38oB3KGJZBbTXzxfltHnmEPmj0EQSSkccmBMgPPmQcGI86icBWg0zeyOyq4dSzR2994LyOLqr40m8IiIpL6lJWOt90ZnKZc05hxhdCNmVOiU4gd4wmSq92PBlOm01Vcw35wjF0/d1tUMZUNO52YT5x1NQgXpAy0DgBgRkrQzsw3VsgqE8E
 V2PFA1zS
 CGcw0ylceW13p64e/b1RTPqZb3+ZVfxya/tD6opInAiQOFfHBSZphBaN3ip50hOBi4HGIEgdH3m9MABAUb6gdRPCNndlS6pf8LS5PVuh5QNPu0l3t3MM+46Xm7vPo0Bk8PrI6sFPFK8JUpXbFqaTRACqtV4CuyIyqSamz8UTegyf9YxJoMVjhna/Y9sTXBLm6qQUo+aLPBxB3gjO6fQ/v5jIMsfx3kPL0QTsR7YMq7PfGMzRWqHx5/78Qse1fXYxo0tyxsKY54dfu83YethOnFsmf+pbCqU/ojYNuZ4jbTsyoAmk3vLyXBuoZRpySEPjG0wjMLzGBZDDVSqmqDHdORRl43Bgd8LnKvNFHx0+2jiChqG6xuRYwE1m3a+HgKW58R0dyEk5izSEmaZ5fo9iH9vxW2zU0AdFJOH0f8TEg9Kth7OTc9JiUsgyn8tUIttODF9HcahbCFO09YQsgRXIbil51lY4M1PirlNG+PsfmEw/sgXT98rxQV4z/Gp7fgkiLfAc1eTnlJgY0qwrgsKdGg16mCkiXGoQge0DJBcBC2MQpHcT5VzYz2VxmwA==
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

On Mon, 20 Feb 2023 12:38:19 -0600
Michael Roth <michael.roth@amd.com> wrote:

It seems in the discussion:
https://lore.kernel.org/lkml/f18fae8b-a928-cd82-e0b3-eac62ad3e106@amd.com/,
this API is going to be removed. Will that fix land in this patch series or not?
If not, It would be better to mention it in the comment message of this one
or patch 45.
If yes, I guess this patch is not needed.

> From: Brijesh Singh <brijesh.singh@amd.com>
> 
> Version 2 of the GHCB specification defines VMGEXIT that is used to get
> the extended attestation report. The extended attestation report includes
> the certificate blobs provided through the SNP_SET_EXT_CONFIG.
> 
> The snp_guest_ext_guest_request() will be used by the hypervisor to get
> the extended attestation report. See the GHCB specification for more
> details.
> 
> Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
> Signed-off-by: Ashish Kalra <ashish.kalra@amd.com>
> Signed-off-by: Michael Roth <michael.roth@amd.com>
> ---
>  drivers/crypto/ccp/sev-dev.c | 47 ++++++++++++++++++++++++++++++++++++
>  include/linux/psp-sev.h      | 33 +++++++++++++++++++++++++
>  2 files changed, 80 insertions(+)
> 
> diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c
> index b56b00ca2cd4..e65563bc8298 100644
> --- a/drivers/crypto/ccp/sev-dev.c
> +++ b/drivers/crypto/ccp/sev-dev.c
> @@ -2017,6 +2017,53 @@ int sev_guest_df_flush(int *error)
>  }
>  EXPORT_SYMBOL_GPL(sev_guest_df_flush);
>  
> +int snp_guest_ext_guest_request(struct sev_data_snp_guest_request *data,
> +				unsigned long vaddr, unsigned long *npages, unsigned long *fw_err)
> +{
> +	unsigned long expected_npages;
> +	struct sev_device *sev;
> +	int rc;
> +
> +	if (!psp_master || !psp_master->sev_data)
> +		return -ENODEV;
> +
> +	sev = psp_master->sev_data;
> +
> +	if (!sev->snp_initialized)
> +		return -EINVAL;
> +
> +	mutex_lock(&sev->snp_certs_lock);
> +	/*
> +	 * Check if there is enough space to copy the certificate chain. Otherwise
> +	 * return ERROR code defined in the GHCB specification.
> +	 */
> +	expected_npages = sev->snp_certs_len >> PAGE_SHIFT;
> +	if (*npages < expected_npages) {
> +		*npages = expected_npages;
> +		*fw_err = SNP_GUEST_REQ_INVALID_LEN;
> +		mutex_unlock(&sev->snp_certs_lock);
> +		return -EINVAL;
> +	}
> +
> +	rc = sev_do_cmd(SEV_CMD_SNP_GUEST_REQUEST, data, (int *)fw_err);
> +	if (rc) {
> +		mutex_unlock(&sev->snp_certs_lock);
> +		return rc;
> +	}
> +
> +	/* Copy the certificate blob */
> +	if (sev->snp_certs_data) {
> +		*npages = expected_npages;
> +		memcpy((void *)vaddr, sev->snp_certs_data, *npages << PAGE_SHIFT);
> +	} else {
> +		*npages = 0;
> +	}
> +
> +	mutex_unlock(&sev->snp_certs_lock);
> +	return rc;
> +}
> +EXPORT_SYMBOL_GPL(snp_guest_ext_guest_request);
> +
>  static void sev_exit(struct kref *ref)
>  {
>  	misc_deregister(&misc_dev->misc);
> diff --git a/include/linux/psp-sev.h b/include/linux/psp-sev.h
> index d19744807471..81bafc049eca 100644
> --- a/include/linux/psp-sev.h
> +++ b/include/linux/psp-sev.h
> @@ -931,6 +931,32 @@ void snp_free_firmware_page(void *addr);
>   */
>  void snp_mark_pages_offline(unsigned long pfn, unsigned int npages);
>  
> +/**
> + * snp_guest_ext_guest_request - perform the SNP extended guest request command
> + *  defined in the GHCB specification.
> + *
> + * @data: the input guest request structure
> + * @vaddr: address where the certificate blob need to be copied.
> + * @npages: number of pages for the certificate blob.
> + *    If the specified page count is less than the certificate blob size, then the
> + *    required page count is returned with error code defined in the GHCB spec.
> + *    If the specified page count is more than the certificate blob size, then
> + *    page count is updated to reflect the amount of valid data copied in the
> + *    vaddr.
> + *
> + * @sev_ret: sev command return code
> + *
> + * Returns:
> + * 0 if the sev successfully processed the command
> + * -%ENODEV    if the sev device is not available
> + * -%ENOTSUPP  if the sev does not support SEV
> + * -%ETIMEDOUT if the sev command timed out
> + * -%EIO       if the sev returned a non-zero return code
> + */
> +int snp_guest_ext_guest_request(struct sev_data_snp_guest_request *data,
> +				unsigned long vaddr, unsigned long *npages,
> +				unsigned long *error);
> +
>  #else	/* !CONFIG_CRYPTO_DEV_SP_PSP */
>  
>  static inline int
> @@ -968,6 +994,13 @@ static inline void *snp_alloc_firmware_page(gfp_t mask)
>  
>  static inline void snp_free_firmware_page(void *addr) { }
>  
> +static inline int snp_guest_ext_guest_request(struct sev_data_snp_guest_request *data,
> +					      unsigned long vaddr, unsigned long *n,
> +					      unsigned long *error)
> +{
> +	return -ENODEV;
> +}
> +
>  #endif	/* CONFIG_CRYPTO_DEV_SP_PSP */
>  
>  #endif	/* __PSP_SEV_H__ */