From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id EBF04C6379F for ; Thu, 23 Feb 2023 08:15:05 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 2809A6B0072; Thu, 23 Feb 2023 03:15:05 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 231C86B0073; Thu, 23 Feb 2023 03:15:05 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 0D2E96B0074; Thu, 23 Feb 2023 03:15:05 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id EE98B6B0072 for ; Thu, 23 Feb 2023 03:15:04 -0500 (EST) Received: from smtpin09.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay01.hostedemail.com (Postfix) with ESMTP id B7C1A1C6B5A for ; Thu, 23 Feb 2023 08:15:04 +0000 (UTC) X-FDA: 80497846128.09.2B50113 Received: from mail-lj1-f178.google.com (mail-lj1-f178.google.com [209.85.208.178]) by imf20.hostedemail.com (Postfix) with ESMTP id BB7B71C0002 for ; Thu, 23 Feb 2023 08:15:01 +0000 (UTC) Authentication-Results: imf20.hostedemail.com; dkim=pass header.d=gmail.com header.s=20210112 header.b=ktgvXtmj; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (imf20.hostedemail.com: domain of zhi.wang.linux@gmail.com designates 209.85.208.178 as permitted sender) smtp.mailfrom=zhi.wang.linux@gmail.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1677140101; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=433bYYY/TmoUpHBBY/tF9/GMluKPjfLdJmiTSrcvVWQ=; b=uAjhGf+ZDkBg5sOENPR8dCyKX9DPgdA6ZfAyUg5LzsK8lrZP9qbRwjDAAMGhFdzw6JKx3d wsidRDood3UoniX/cllHjyZm3sxFNZcARg084gBGUTi9IMrG+Ftes74fIUoI6SAcRB8F0G vfs8W0vwVEYZbveFy/npxhMQwB8P5Vw= ARC-Authentication-Results: i=1; imf20.hostedemail.com; dkim=pass header.d=gmail.com header.s=20210112 header.b=ktgvXtmj; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (imf20.hostedemail.com: domain of zhi.wang.linux@gmail.com designates 209.85.208.178 as permitted sender) smtp.mailfrom=zhi.wang.linux@gmail.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1677140101; a=rsa-sha256; cv=none; b=RzsAd9K/oJVw8p5KAbDblUNArDXohktDRPuIS++gqjTnmYQkMLnMKj0hFMoRpjs3QnIJoA PbwE8AhwZwnNQB93TmeqPlU1+vTeeZ0KDCKfxBjPO5ELw5dkNTG5S6q/Lgsu1c9DMgLwm5 HPKtXaRxZbiT731VtmCxHg2DoGShKDo= Received: by mail-lj1-f178.google.com with SMTP id e24so3866226ljj.3 for ; Thu, 23 Feb 2023 00:15:01 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:subject:cc:to:from:date:from:to:cc:subject:date :message-id:reply-to; bh=433bYYY/TmoUpHBBY/tF9/GMluKPjfLdJmiTSrcvVWQ=; b=ktgvXtmjePsRRHA2T3w8lM2xrjXS/08CD5atW+arTYAcRj8dsMzcBKjOLIP5saXWZx vMYppLTWw+nrGswXuDS6tugtxeNF9G9TDd3bvsTcgCzQcdHWqKD3aES8A2O76C6tHgcm vBeXi6ziB7vO6zOA26AEOu9fPi98odlT/tYmiE2VwQ/feJ8JAeaKO+1V6B8CI4TwR/aM 0NmuvOYBPLsCifYLfuNIPpbGWgpblX1/72Xk+KuO8WMwkVyEC2iIAQYx6b5LlxHKFOdM ne5mpbMdbr+HsuO8kWAIhw2gL6U2pQA11lN2DbL30A+8Mbba0JbRa1QKOP1AvyB4A4fE 4lpA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:subject:cc:to:from:date:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=433bYYY/TmoUpHBBY/tF9/GMluKPjfLdJmiTSrcvVWQ=; b=dR+8l5gUih4I7JLADiMIg8OvCeTO9paZQWPLZMGG/igNYTRwJ17srgLtssNZoqKJ35 b/nAXY95/lhhBCdRNTj9n134o2yasPCsZJHQO5uKJPJXoAxeXb1Mpw2yvx4Pudqugh54 /lPqXPD0gaeUeaT3sZenbS+25cPBqwCDKv/B6ow6uNFQt2uwfJcD/I6/9AsrrbTHYMfS gyv5ONm3Z9j9IsEo1tGsS4ZG4hrv3MRdo8W9qtxqpIVRrj3swPzAPFQ5536x+imeDLTr k4aBnWBx5m817RU1z5o0i57yML5lDGjRkLqaFLnhNwQ5NEooN+DSzVVGqwwT+RAgoXxv DIXQ== X-Gm-Message-State: AO0yUKXw/OchIFdrPR7ZnEIdLgDPMqOP8LbRWZpONmzHSems1j6yzkMz 2VtvFdNFpjfyU3n3lDEPAfQ= X-Google-Smtp-Source: AK7set/Ixb3WSqFMEhxCzQ689X3ZTVmK8ruI8pPEZ7ylGKFiKBp4ONoeUFKy8Fks/gcWB3v04QjpIw== X-Received: by 2002:a2e:bd06:0:b0:290:6302:8c7e with SMTP id n6-20020a2ebd06000000b0029063028c7emr4290489ljq.3.1677140099620; Thu, 23 Feb 2023 00:14:59 -0800 (PST) Received: from localhost (88-115-161-74.elisa-laajakaista.fi. [88.115.161.74]) by smtp.gmail.com with ESMTPSA id 10-20020ac2568a000000b004db39e80733sm1244450lfr.155.2023.02.23.00.14.59 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 23 Feb 2023 00:14:59 -0800 (PST) Date: Thu, 23 Feb 2023 10:14:57 +0200 From: Zhi Wang To: "Kalra, Ashish" Cc: Michael Roth , kvm@vger.kernel.org, linux-coco@lists.linux.dev, linux-mm@kvack.org, linux-crypto@vger.kernel.org, x86@kernel.org, linux-kernel@vger.kernel.org, tglx@linutronix.de, mingo@redhat.com, jroedel@suse.de, thomas.lendacky@amd.com, hpa@zytor.com, ardb@kernel.org, pbonzini@redhat.com, seanjc@google.com, vkuznets@redhat.com, jmattson@google.com, luto@kernel.org, dave.hansen@linux.intel.com, slp@redhat.com, pgonda@google.com, peterz@infradead.org, srinivas.pandruvada@linux.intel.com, rientjes@google.com, dovmurik@linux.ibm.com, tobin@ibm.com, bp@alien8.de, vbabka@suse.cz, kirill@shutemov.name, ak@linux.intel.com, tony.luck@intel.com, marcorr@google.com, sathyanarayanan.kuppuswamy@linux.intel.com, alpergun@google.com, dgilbert@redhat.com, jarkko@kernel.org, nikunj.dadhania@amd.com, Brijesh Singh Subject: Re: [PATCH RFC v8 28/56] crypto: ccp: Provide APIs to query extended attestation report Message-ID: <20230223101457.000051ae@gmail.com> In-Reply-To: <8462a7e8-f021-6b55-75b4-5dbdaf013897@amd.com> References: <20230220183847.59159-1-michael.roth@amd.com> <20230220183847.59159-29-michael.roth@amd.com> <20230222222421.00001a62@gmail.com> <8462a7e8-f021-6b55-75b4-5dbdaf013897@amd.com> X-Mailer: Claws Mail 4.1.0 (GTK 3.24.33; x86_64-w64-mingw32) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Rspam-User: X-Rspamd-Server: rspam02 X-Rspamd-Queue-Id: BB7B71C0002 X-Stat-Signature: 4hpsqg4ejztcodf3xouo7yy4nqx9sqw5 X-HE-Tag: 1677140101-475514 X-HE-Meta: U2FsdGVkX19WnRzbsHe6VIaoGnTaQXjS5OmSMiwnDNYyfXPBj6ng0TRY9gz3pLWiL42TpYVvqhWYoKC8VibXN51Pl/dCEddzWKG2p0LOUzl5V55bQgfp0Y6mSdFiogkdWK2LSDqFps/Sljh/K8seyG3HAB5gEApMk2BCfHK2p68gYvuaS6U9/BTcYvbPCxUZbrPGfd/CWoaoPwHjpRK++8pAmb/woKJ0f4dZihTZdi1lvZdyOieewlpEitlrAhAPtAryYn8R2DVkZXMceC0/wPftH7fhj7kNI08wVu7/+PsGAhgO2cuEF1Qmur5OtO6ooPrggTi4yaOu+3iBxn3bCJrMMk3v1vogxWNG343Yjjg4YdRPZsH31ZhyjXD8REjj9kfzvRzeuoMtMSHL5xmtakr+r8HXxeXnodpmDZ/atV+wvwP9EVXLP9gkJ7ltUzKH+XV3paWm1fbE3N/3rMeohMMUS7qRg4hX/fq8WoFRL/a5NJA3+4NJpbejYBJJqlJlhCygC9n0MlNR+uAAyOnNkLc6cTjS4SZ5VsOD0F1H30igAv56k6tg37L1E30kh2aX+pd7uOY1mjWULlhi7EPRYJk8NfQcsJdE62osXLpi9/WVPB85W+Nvx6UhhUrEVhNGtl0TCxUCSeaM8RaLo94H+MPxOHtfaQrZio0ly2zqn6kaaQcGgLfs+xoZ/EHQ5MsT7wIjUnLSs6bfTBsL2wqMmJZ8JvCXkYmh2k18syypZhzMX16HYpTd10um9SyaCwYC/+krnXpxFmpNXAu1IzrdLEptSsKg13OMKPY9wEPuOM6opecjd/YmuAOHdCZyR0bXE1eoxkFkhE+g1ChY+NfyUzilnZ9dMFm0ZwWdRuRdILVn7RnbSzrR++Uba3DCT7XQ3BNZx044yG2PANaaybJ95kexqgmr3oj/Zqmpj1XFyREkl30DzmiyfOAKIBJhXv2SHsEc6NG1iAF4Pq4aFqd mUAv0snu acf/vXEHIOzIoQ8+hDFzK09p7yBc5CuDErx1XEY/8QnhTJwvUywagjnzSUAOF/lSlFCVOWKaPrlr6ri9XyN2aV2UfovJhGO2QACnPdVP6N06Ue2do3GULN9FS/Mhnxl1Vh8hCCYOvzyQgaKukDDx1Qr8zjZgYoIecpRnafATAKJmhXyeYIBg7R8yorWmB/FbKDjfli+hdYHkTbjvY5yWKQp0SlKUiN+vjimLKsXLg26YCLinc7AXyYvIe1/v5Q8246ncQVFFo3JNV0QvzyZQOTuBFNO8z//Wj65UA5t96EQjgDIy4QP5isPJ8i22PQEMbprBeMNenJYSz35dCWZJ8GSfbYmFIlA6FJ6NbOgV7kAmdUrle14+OH22Ej0VBXv6PFkCJ8iuo5HlxPijs/zGt1Bvtc5SWPjNTv/vpJ5bjCF0LVtSw9QFEpxzoedFOaeXDQagWnWTQF6R2t+zZqGIsSPFmUdovtCv1Gumrb4me5RNpDh5msqgRd5/fq53WO56WKSPQoRBXFHXa7xyOkdVOx7rw0oKCOLoqSl3TtGcrQ9gZl/i4nzmARieOIw== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Wed, 22 Feb 2023 16:35:43 -0600 "Kalra, Ashish" wrote: > On 2/22/2023 2:24 PM, Zhi Wang wrote: > > On Mon, 20 Feb 2023 12:38:19 -0600 > > Michael Roth wrote: > > > > It seems in the discussion: > > https://lore.kernel.org/lkml/f18fae8b-a928-cd82-e0b3-eac62ad3e106@amd.com/, > > this API is going to be removed. Will that fix land in this patch series or not? > > If not, It would be better to mention it in the comment message of this one > > or patch 45. > > If yes, I guess this patch is not needed. > > > > This API is definitely not going to be removed. > > There will be some fixes and optimizations added to the API > implementation (as per the discussions) and that will be included in v9. > Thanks. I should use the term "this API is going to be refined" as snp_guest_ext_guest_request() is going to be renamed and refined. I gave this comment because when digging this patch, I found this API was going to be changed in the discussion based on v7 when digging this patch. It would be really nice to mention it in the v8 so that some review efforts can be saved. For example, some people might choose to skip reviewing this one in v8 and get back on it in the next version when it is ready. Or people can also evaluate the possible changes in v9 when reviewing this part. > Thanks, > Ashish > > >> From: Brijesh Singh > >> > >> Version 2 of the GHCB specification defines VMGEXIT that is used to get > >> the extended attestation report. The extended attestation report includes > >> the certificate blobs provided through the SNP_SET_EXT_CONFIG. > >> > >> The snp_guest_ext_guest_request() will be used by the hypervisor to get > >> the extended attestation report. See the GHCB specification for more > >> details. > >> > >> Signed-off-by: Brijesh Singh > >> Signed-off-by: Ashish Kalra > >> Signed-off-by: Michael Roth > >> --- > >> drivers/crypto/ccp/sev-dev.c | 47 ++++++++++++++++++++++++++++++++++++ > >> include/linux/psp-sev.h | 33 +++++++++++++++++++++++++ > >> 2 files changed, 80 insertions(+) > >> > >> diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c > >> index b56b00ca2cd4..e65563bc8298 100644 > >> --- a/drivers/crypto/ccp/sev-dev.c > >> +++ b/drivers/crypto/ccp/sev-dev.c > >> @@ -2017,6 +2017,53 @@ int sev_guest_df_flush(int *error) > >> } > >> EXPORT_SYMBOL_GPL(sev_guest_df_flush); > >> > >> +int snp_guest_ext_guest_request(struct sev_data_snp_guest_request *data, > >> + unsigned long vaddr, unsigned long *npages, unsigned long *fw_err) > >> +{ > >> + unsigned long expected_npages; > >> + struct sev_device *sev; > >> + int rc; > >> + > >> + if (!psp_master || !psp_master->sev_data) > >> + return -ENODEV; > >> + > >> + sev = psp_master->sev_data; > >> + > >> + if (!sev->snp_initialized) > >> + return -EINVAL; > >> + > >> + mutex_lock(&sev->snp_certs_lock); > >> + /* > >> + * Check if there is enough space to copy the certificate chain. Otherwise > >> + * return ERROR code defined in the GHCB specification. > >> + */ > >> + expected_npages = sev->snp_certs_len >> PAGE_SHIFT; > >> + if (*npages < expected_npages) { > >> + *npages = expected_npages; > >> + *fw_err = SNP_GUEST_REQ_INVALID_LEN; > >> + mutex_unlock(&sev->snp_certs_lock); > >> + return -EINVAL; > >> + } > >> + > >> + rc = sev_do_cmd(SEV_CMD_SNP_GUEST_REQUEST, data, (int *)fw_err); > >> + if (rc) { > >> + mutex_unlock(&sev->snp_certs_lock); > >> + return rc; > >> + } > >> + > >> + /* Copy the certificate blob */ > >> + if (sev->snp_certs_data) { > >> + *npages = expected_npages; > >> + memcpy((void *)vaddr, sev->snp_certs_data, *npages << PAGE_SHIFT); > >> + } else { > >> + *npages = 0; > >> + } > >> + > >> + mutex_unlock(&sev->snp_certs_lock); > >> + return rc; > >> +} > >> +EXPORT_SYMBOL_GPL(snp_guest_ext_guest_request); > >> + > >> static void sev_exit(struct kref *ref) > >> { > >> misc_deregister(&misc_dev->misc); > >> diff --git a/include/linux/psp-sev.h b/include/linux/psp-sev.h > >> index d19744807471..81bafc049eca 100644 > >> --- a/include/linux/psp-sev.h > >> +++ b/include/linux/psp-sev.h > >> @@ -931,6 +931,32 @@ void snp_free_firmware_page(void *addr); > >> */ > >> void snp_mark_pages_offline(unsigned long pfn, unsigned int npages); > >> > >> +/** > >> + * snp_guest_ext_guest_request - perform the SNP extended guest request command > >> + * defined in the GHCB specification. > >> + * > >> + * @data: the input guest request structure > >> + * @vaddr: address where the certificate blob need to be copied. > >> + * @npages: number of pages for the certificate blob. > >> + * If the specified page count is less than the certificate blob size, then the > >> + * required page count is returned with error code defined in the GHCB spec. > >> + * If the specified page count is more than the certificate blob size, then > >> + * page count is updated to reflect the amount of valid data copied in the > >> + * vaddr. > >> + * > >> + * @sev_ret: sev command return code > >> + * > >> + * Returns: > >> + * 0 if the sev successfully processed the command > >> + * -%ENODEV if the sev device is not available > >> + * -%ENOTSUPP if the sev does not support SEV > >> + * -%ETIMEDOUT if the sev command timed out > >> + * -%EIO if the sev returned a non-zero return code > >> + */ > >> +int snp_guest_ext_guest_request(struct sev_data_snp_guest_request *data, > >> + unsigned long vaddr, unsigned long *npages, > >> + unsigned long *error); > >> + > >> #else /* !CONFIG_CRYPTO_DEV_SP_PSP */ > >> > >> static inline int > >> @@ -968,6 +994,13 @@ static inline void *snp_alloc_firmware_page(gfp_t mask) > >> > >> static inline void snp_free_firmware_page(void *addr) { } > >> > >> +static inline int snp_guest_ext_guest_request(struct sev_data_snp_guest_request *data, > >> + unsigned long vaddr, unsigned long *n, > >> + unsigned long *error) > >> +{ > >> + return -ENODEV; > >> +} > >> + > >> #endif /* CONFIG_CRYPTO_DEV_SP_PSP */ > >> > >> #endif /* __PSP_SEV_H__ */ > >