From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752569AbdJ0L2w (ORCPT ); Fri, 27 Oct 2017 07:28:52 -0400 Received: from mail-sn1nam01on0044.outbound.protection.outlook.com ([104.47.32.44]:48880 "EHLO NAM01-SN1-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1752151AbdJ0L2s (ORCPT ); Fri, 27 Oct 2017 07:28:48 -0400 Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; Cc: brijesh.singh@amd.com, kvm@vger.kernel.org, Paolo Bonzini , =?UTF-8?B?UmFkaW0gS3LEjW3DocWZ?= , Herbert Xu , Gary Hook , Tom Lendacky , linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [Part2 PATCH v6 13/38] crypto: ccp: Add Secure Encrypted Virtualization (SEV) command support To: Borislav Petkov References: <20171020023413.122280-1-brijesh.singh@amd.com> <20171020023413.122280-14-brijesh.singh@amd.com> <20171023092020.GB19523@nazgul.tnic> <20171026135614.GA12359@nazgul.tnic> <9258d8e7-b185-01d2-be92-d7d2820c7eb6@amd.com> <20171026174427.GB29782@nazgul.tnic> <20171026201322.GA32181@nazgul.tnic> <89f4ec21-e31e-18f2-27c5-946c38cd128d@amd.com> <20171027075650.GA1276@nazgul.tnic> From: Brijesh Singh Message-ID: <323f3862-b326-e6b4-015f-6d923d7c700f@amd.com> Date: Fri, 27 Oct 2017 06:28:38 -0500 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101 Thunderbird/52.4.0 MIME-Version: 1.0 In-Reply-To: <20171027075650.GA1276@nazgul.tnic> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Content-Language: en-US X-Originating-IP: [70.112.153.56] X-ClientProxiedBy: BN6PR1201CA0008.namprd12.prod.outlook.com (2603:10b6:405:4c::18) To DM2PR12MB0156.namprd12.prod.outlook.com (2a01:111:e400:50ce::19) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: b0ab4c06-9b23-431b-0e2e-08d51d2de175 X-MS-Office365-Filtering-HT: Tenant X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:(22001)(48565401081)(4534020)(4602075)(4627075)(201703031133081)(201702281549075)(2017052603199);SRVR:DM2PR12MB0156; X-Microsoft-Exchange-Diagnostics: 1;DM2PR12MB0156;3:i3DFaOPpPnDroA136ZibQ3PycWWzl0YetQcTSiysiP1kDcnVjL0pOXZhJDB0nvokIc8x+mpBvA1CD0MehpCPLlYt1gEZgPUjhaN2p3AAJX71Rium51YfOeTsORSkTLEtqvgL1uZlJ58k/bMR3AomWaaukldH3K3OnQ+VVCr9PdhJaql+OF12dEF+rZbkPnPwyY3ooMUu+8x7bqBxl5tRgKIEfLHcLSRl16mIZfRVI/7T2Xuf7jh6rfurbpbUaZS1;25:9bpDhJD3HwDoU7r2d7OBhaz7v+dLRTqjfbE9kV4MYJa1rg+uhweQGGe3KP9+q8p7vQISrtIP6rPZ66jETQuMQaVOAI8EDmLEOAL8oajAeoQNTLDBJC+2HdIDwTwH9v0ypwOEAxv94/ymFAmhTK5hvgTOBBAZ3LKT+tQM2BEcRKUaQsW9HrUVuw7BpBcbWiTi30k399J2FwGrPVV+CpUnkiNXjmu/pqhOjMXQo6x+w0PdGsiNowJfaOP893pS85MSMCT1r8F+pKziDV2Uuc83fimO6f+32jsBp4ctkHvaTrgoMw/5clR2gIoF6J+r3AJ+orqfr8zgqbDZ7maxQqyp/VDedY2MuHihqA2jFVB9WDw=;31:M9HeL5hXP5OQ6TrVcyN8Nfga7ZwN4Na0qXBxmSLDxSvij87ep/Mgp6eUSIvM2+1TuGlmBNDOi4cr5csijXjGAe62CUXVtRwnoOz/0NFcH/xu5r02Zn2C57qMFQKrsklHYl/VSV5R0Zq8mDvzAqQBacP7by48f+IMRdpgla1lWGhlXbwStbZy/kAKfBIxlcXiXBKohJGiLen74GeBmeWjvtmzJCQ2FZdgZQNj6EWxr9I= X-MS-TrafficTypeDiagnostic: DM2PR12MB0156: X-Microsoft-Exchange-Diagnostics: 1;DM2PR12MB0156;20:efZlUzOr2+tVQqk6X6jjD80nPmlk8U0kzvx/d5pNZLyV0OAnY4ylwtmj8sCJ+eTdS4bD8JPuyuBWCw6xuEiVthsgDnHZFLa/+v0ZHnRjSm4xddqukV/0HbtKP/UmuyRJ6m5yMJfTDAZMIAH7BRyBUoXrUpp6Ol4x1yGNqdZL5p35FegVR+b14U/wdg9qSW5rsa97DrzzDMwTAudZSCGzubFmuSEaR8IC/aMZJnf/q5iN/1ufSAzyI/G3qyp4bfWcU5Wtbo1M06jxXcTjG3gaM2YXHp2cD4/6cgDF7j0JlBLW7kONzr9nd0haaHUrpZe5VLDnyKloNrewzCAd9dRYLSJCy2bkM09ZKN6SSiMz86aSBe3XikuJ6EUfiKlhP70eXuwiW7giouQuYcHmEwV9qdb+ZsB6Q74kyTKfbPJ8KKH6PkapppFHSCoVk2CbVwwh54Fxw+DNTv21RlzpuJKVGtAMYTHup/R8HgP0sp4gu7jqlyC5pO6pALWpiJFKcDXM;4:djdwME+3febKAJ31YcBeUBgoIsZlXYWbKfJMBotX42EjsPRh39qhRF6uLfdXMzX6G7g4KM703hKL5EKGq0FeHI5lFojg5sNvgYq5mUX2izEafWeME2VQIqgbllRuMqkGd2krc1I72gy1FJFt/Ro64MmrvKWOVjU9R8WCX1gf/KRcZkrRSBlPS/JjiC6oxYjlWNn+tA+0/AZHcO1CY+d84dvebeA9g94ia6dpoL7f6zgUt6uwUqdJ/rXZmvWi4Zm/ X-Exchange-Antispam-Report-Test: UriScan:; X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(5005006)(8121501046)(93006095)(93001095)(100000703101)(100105400095)(3231020)(3002001)(10201501046)(6055026)(6041248)(20161123562025)(20161123555025)(20161123564025)(20161123560025)(20161123558100)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095);SRVR:DM2PR12MB0156;BCL:0;PCL:0;RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095);SRVR:DM2PR12MB0156; X-Forefront-PRVS: 0473A03F3F X-Forefront-Antispam-Report: SFV:NSPM;SFS:(10009020)(6009001)(39860400002)(376002)(346002)(24454002)(199003)(189002)(6116002)(97736004)(2906002)(53546010)(83506002)(65826007)(4326008)(54906003)(33646002)(23676002)(93886005)(8936002)(50466002)(81156014)(2950100002)(2870700001)(5660300001)(81166006)(6916009)(106356001)(47776003)(76176999)(36756003)(68736007)(54356999)(86362001)(65956001)(6512007)(478600001)(229853002)(50986999)(7736002)(105586002)(6666003)(31696002)(101416001)(65806001)(6486002)(305945005)(8676002)(31686004)(6506006)(16526018)(53936002)(316002)(6246003)(66066001)(189998001)(58126008)(3846002)(64126003)(25786009);DIR:OUT;SFP:1101;SCL:1;SRVR:DM2PR12MB0156;H:Brijeshs-MacBook-Pro.local;FPR:;SPF:None;PTR:InfoNoRecords;A:1;MX:1;LANG:en; X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtETTJQUjEyTUIwMTU2OzIzOk1qWW5xME5UWjFlVEJWY1M0UGFNbVZYd0NN?= =?utf-8?B?akVaSjJkSDVPZkRIb3E5MjBLSmtONUI5bWxCeUtoc09pc2VxZ3hETnJRcUhQ?= =?utf-8?B?cDlMUHM3MGdSNHdOU25CQ2VnRER0N2ttVnZyd29WNnpUcDJVWDZpTEJEaXRh?= =?utf-8?B?TWhLK1hjQVY2djR4eE85SUdpdnRvMDNUM3ZZSnlTUHBnWStNS05aYlZSTWRq?= =?utf-8?B?d1JTZzF5dUc0dlBMZ2VIM3ZEODg5blArdjJpcUdwZWVwOEtxQTQ3OWNrbjZt?= =?utf-8?B?RDYyRzhwWjVVcklETXVKeE1IVW85a1B4L0JIcUw3QWwvUFEzdHlXNnNiazVl?= =?utf-8?B?VVdwc0Q2Z0JYbHd1UTVqdXFnNHFrQWtXMmtqaHBtWlYrR2w1Z24yY1NtTU5x?= =?utf-8?B?alovY3ZKNHdFWW1sNDFZYWthcTlTMWJNWGhjcVBuek9xU2hYYk9KcTBUOVVB?= =?utf-8?B?RFlLais0SlEvNkh5ZzkzQnlaSC8xQVBzenVtekxUMWNoVGo0eDFtZ1RjTUtS?= =?utf-8?B?Umh2QXc5SnByaDZsaWZpQ2xmbldrTzRqS2ZodFgvdEhOVUJ6WEdHQ1ZReGFx?= =?utf-8?B?MUN2TFNBZzVMbm1wTFVGdEowSk16bnFZbEQzTDRQaEUzYXhmZExwcHMzS1hL?= =?utf-8?B?ZWQ2VkhiUk5VMEp1STd6emFhaGFQbDhnU3hJUWRSYTNxZGY1K0w2V1VWV0R6?= =?utf-8?B?UHl2UEtjQmIyT0lWR2NIbTZOUWY1Zm93V3h6UnZxbkJEdmlwQTRxLzZvcDFJ?= =?utf-8?B?VzZ2dkx0aFZrMkxUTzI5R3ZPNzdDYTFZODFJR0JyZi9vdTM2bnN0RW5ZUUc5?= =?utf-8?B?T09MS1RMOFNHRVBwSk5HUWlVaXBrcjBlYlQ3NmhYSVdtTFMxQnl4STUzVG4v?= =?utf-8?B?Tnp5UlF6YkdwakZJaENpZUpUVExDL0lGME5sa1VXZ2lFQ3AxNEJSR2Zpd0dq?= =?utf-8?B?RHYvSy8zcyt4Y1pQNzZWVUc1dEFDOUZZV09Jd1VLWnRwZXdTanFQVDd5Q29l?= =?utf-8?B?NFh1MzZ3YUQ5enpSd3N4NnYxY0l0SGI5WFVyZEFLendhTXVJZzhhcXBia2Ro?= =?utf-8?B?TVZydy9LT2VGT0xqZkc2bFlRQUhXdTBzSnlnTHk3VXJsMjVqL2pEWmFLKzQ0?= =?utf-8?B?eFYyVC9IUTRrcUJaZU4xd1VCOU4xWlJ4NWhsZ3BCeTZTaUtDQnRmNld3K1FL?= =?utf-8?B?TlBieTRnanFXcXRKMkNmMmlacndyUGMzVEpDaGFKTk5uY1N4bmk0UE5peGw4?= =?utf-8?B?RSt0QW1iaVB0M3VZeFBEcE50RjJ6c0xwbC9TRkxMTExZaG9ibk1Uc2JGcXho?= =?utf-8?B?dCtHdzNCaHZOcEtmVmE5SUpqUTRtNWVPY3NBdk1wa0V2ZXo2Q3J3YlB1SkNM?= =?utf-8?B?cElBcEVaRGp0VUw3dnJxaEl3YWNUaE1lenRIeVpSYmc1RmFEeDRLSHpuUGYw?= =?utf-8?B?ZzM5a3B4UXltY3FnYXF3MjFlYTJRcFY2SlJKZE1wTWhHcjhLdmM1UkpFQkd0?= =?utf-8?B?cTQwZHVBMWhMYzJMRm9CaGFIRFJHRXVRQnpyZkZVemNzSm9IR3p5L1NyTVVO?= =?utf-8?B?RkRaaEk1NHJseCtQVWFEc1NPT29wMHNIZktiN0ExL21LYUxIMU1Dcm90bjBY?= =?utf-8?B?MUZmbEtEcjhEenF3Z0hobTU1OXV2UUkyVEExc1ZBUy9wY0hDS2hBOTk4S0d6?= =?utf-8?B?VGZnUFJkRXpwU20ra1YxUDhOOFlKUVJSUEFrdWEwOHdWTkhVNXNsMHdjQUx4?= =?utf-8?B?VUVZdVhwdDZYaEQwRkdibHRWT2hMdGIybktUdVhRQXlpdk8vOHFiaHk1SUs3?= =?utf-8?B?QkpySHZDUzBiVTd5OGpDc0N3Uk1xUkRFUWIxWWViNTV3bFE9PQ==?= X-Microsoft-Exchange-Diagnostics: 1;DM2PR12MB0156;6:7awtN0ieFgbcfbYcTOgFPyILC5Eze2M+I8J3K9qT99d3dpKKkoABVMmpu1HNCp3OUj5MXvzs3LzAZFPW+FiEcMa6tENzP4TM/UrO/qUZ/GLR/yKDsvdAjrE0lPHC2LAf+p4dLYjEe7FkzhklP23ShgmaYkcAZH3Qxd4bLFZQrgJTS/FY2X9y4CP1H/KI5KiO5k/lHsc9aO7A0wG3Q+v56kI62bfPDhylfv3gfuk/l1q2zwuYoL3OkhYBgMxiVnyoeYrFyvtFi+68ZOS39N+JNhjkeHnDnoIAr8oZ5p/rsOY5VhtC96upOTzvmsxkUS4MHGpLTxNc8g2QmFXQcbo1rA==;5:ETXgDWWO6JrrDSVRDEsklDT8cvraJRKmAZA3/fv4ntwO2vB/a/0hQgf3ebaObPg+UmBV6kWSNr9uC/F3JDOS6I7hvATtv3wOO70sOCKyGYHjZYNvo/9d78q8NUoAjq0m66nCyeHfndhudqHt99XVxA==;24:nIg2NBUSejzozokOau7FtURw6X2rlayeKXpQg6MvHEuv3PvOOZwh7iKTuo4R02jlITWRXfxjnchbdA/AT5Zeif++p/sNH67rdVN2fjhCN44=;7:0XuhODRo8FL30RpWCUL6E4/0czuMVogQgtbVT89fWUm+4VBooqaKeflRwsApbTU+2CupQdb29/F8yVClyaqepw//v0oZmQ0Wgh3rI7/xlGmRoWY4U2xLtZgPA26T0Pl7qjGFUqPp56DhvLaPRw7Lpf5V7anmk9GKgW5Mc/cSzqoBIHayB9E32NPUcXq/epC94WQwBiCORPF1ecLtGm7Fyt9elJUHUCL0Cenh7wLf+Vs= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1;DM2PR12MB0156;20:+Gycl+oAuIsmUg4A9aRs58zZxBmQxWmwK9hpm10fLXr5iY/f2tmBJAhI7htkDZhLL/DA0+U4j64pzm43usGQoiItIQuRhoR8GQfv5fJ4eDva4vHKpVx97J9hAoC7CG/5HtCy4VQYb95/WLVCH4MFYiiSbiWRlpgdbCp7OAj7I9p6Dwc7dfujsamLz40r6rM9WN+dT80j9gMzRiWWekLtRQSR06QYJr66mtuucXx3zUryCwp71Y5rvxn0ZYf8Tinq X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 27 Oct 2017 11:28:42.4821 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: b0ab4c06-9b23-431b-0e2e-08d51d2de175 X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM2PR12MB0156 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 10/27/17 2:56 AM, Borislav Petkov wrote: > On Thu, Oct 26, 2017 at 03:59:32PM -0500, Brijesh Singh wrote: >> we can workaround #1 by adding some hooks in sp_pci_init() to invoke the PSP >> initialization routines after pci_register_driver() is done but #2 can get >> painful because it will require us calling the SHUTDOWN outside the >> sp_pci_exit() code flow. > Ok, do that and init the PSP master and then put the device in UNINIT > state only in the functions which execute those commands which need the > device to be in UNINIT state, e.g., wrap the SEV_CMD_FACTORY_RESET glue > in a command function which does put the device in the UNINIT state as a > first step. transiting a platform in UINIT state to handle the FACTORY_RESET can have a negative consequence. Consider this scenario: Process A --------- sev_launch_start(...) while (count < 10000) {     sev_launch_update(...) } sev_launch_finish() ... ... Process B: --------- .... sev_factory_reset(); .... If in order to handle the FACTORY_RESET we  transition a platform in UINIT state then it will results as unexpected failure from the sev_launch_update() because the FACTORY_RESET command remove all the state information created by sev_launch_start() etc.  I think our design so far is simple, if command require INIT state then caller executes sev_platform_init(), then command and finish with sev_platform_shutdown(). If command does not require INIT state, then simply issue the command. e.g currently, when caller issues FACTORY_RESET then we pass command directly to PSP and if FW is in INIT state then FACTORY_RESET returns error (INVALID_STATE/EBUSY) and we propagate the error code to userspace.  User can retry the command sometime later when nobody else is using the PSP. > > Then, when that function is done, put the device in the mode which the > other commands would expect it to be in, e.g., INIT state. > > This way you'll simplify the whole command flow considerably and won't > have to "toggle" the device each time and will save yourself a lot of > time on command execution. > > Thx. >