From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id ADB81CDB474 for ; Mon, 16 Oct 2023 23:12:03 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 106FD8D00CA; Mon, 16 Oct 2023 19:12:03 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 092578D00B8; Mon, 16 Oct 2023 19:12:03 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id E99A38D00CA; Mon, 16 Oct 2023 19:12:02 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id D4D738D00B8 for ; Mon, 16 Oct 2023 19:12:02 -0400 (EDT) Received: from smtpin24.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay01.hostedemail.com (Postfix) with ESMTP id 9F5911CB69C for ; Mon, 16 Oct 2023 23:12:02 +0000 (UTC) X-FDA: 81352874484.24.6CF42DC Received: from mail-ed1-f45.google.com (mail-ed1-f45.google.com [209.85.208.45]) by imf26.hostedemail.com (Postfix) with ESMTP id DF185140008 for ; Mon, 16 Oct 2023 23:12:00 +0000 (UTC) Authentication-Results: imf26.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=F8bmhrVJ; spf=pass (imf26.hostedemail.com: domain of dionnaglaze@google.com designates 209.85.208.45 as permitted sender) smtp.mailfrom=dionnaglaze@google.com; dmarc=pass (policy=reject) header.from=google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1697497921; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=INYfmMsWN7edn0Gii+wE0NftUpFkex0ev6KVgsT42SE=; b=ZmGiD0M+CX/b/lG/EO1zXVE39jsdXgXcSBBNQgH1zGuQJ6oNGcRPj3IJIHwEGSMPpzz+cV U+hAMuJgTwepyeV4fWCKhhpJElOzCcOpujAGRgqRE4AOW8b82vrLjrgjUVbZHq8qyV5RGg wX/JihxDclNgs1pYJy8brnVLkdo4Aiw= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1697497921; a=rsa-sha256; cv=none; b=DhQpDTn/ADl8Zjwi8toFaDPGMH89ajFQKEXJyyqt3eLoWrhLeC6aYiPA3qnAl2NmbkpaVj F7/i7OFiMbRJgGLxPm9cLSXKgaU7W20J2XzLZk7/v6h4UJ3tIT4TK+UCe+Q1PYrfgyUCSw 06ArueYWFfEHxd6bG0CeGAMa75ioEaE= ARC-Authentication-Results: i=1; imf26.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=F8bmhrVJ; spf=pass (imf26.hostedemail.com: domain of dionnaglaze@google.com designates 209.85.208.45 as permitted sender) smtp.mailfrom=dionnaglaze@google.com; dmarc=pass (policy=reject) header.from=google.com Received: by mail-ed1-f45.google.com with SMTP id 4fb4d7f45d1cf-534694a9f26so2724a12.1 for ; Mon, 16 Oct 2023 16:12:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1697497919; x=1698102719; darn=kvack.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=INYfmMsWN7edn0Gii+wE0NftUpFkex0ev6KVgsT42SE=; b=F8bmhrVJ8PFldN6xwjVw56SrmcLGIjzPsAYpjBxqGbQijc5BIoft5vQ8Ypqy9NQkxM 4OxC5t2zNp4NnMPueaS7nkTP6cL1nN/bwdBgdqt+FID/bLxzz+TpnwK7AYwl9Tr/hAjy ae7tMuujQRfG5hpDWHkcYAvEj1DpF021wIqDd6ZtiAj9/o9rfnWhSUyNKnnkHFDh5DYc 7vBid7yxbqpARdi1mFrpR5eEWcyuGnncZWUA8hSEAbBUlGp9KNO8J3mmVl3XAi3PrV3o K8NrDhzHnSig1T7lf9h7bEgmQhvPIADoSyg/oEhPnfrydrsDC9AWkBLq6R4i5ep7wdLO 11MA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1697497919; x=1698102719; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=INYfmMsWN7edn0Gii+wE0NftUpFkex0ev6KVgsT42SE=; b=ebO+nsVsi9BDQSnKiU31u3UqIHZUmXjsXb4vxM6IqZ3UcvNk9Mup7E93dCHLMNjYne VzJOtu43TCPTPX6Av3v4fVc9GyfDC8ja38G7PHCiT5GvF05bhGl1PlBSYjbsLOqTlhRQ GRnqilpXYZ6xhUgYT9xG9VBmxRviO+EMraHF8sFbXBbY5z0RC5d60Tn0tZrYJ3m+XE+V 1xJ7fs7qs8yBlTwCv+VvTsgw2zpigzricr+QH6ILABIZS6ZUyB7o6T5XUFG0K4klyajF DRbtvaojlENwfxDs0x5r97wgBggS0u0LOxpX/RHfWwA+tOnGw18JRCi2kt9dcXlMdRAb jbQQ== X-Gm-Message-State: AOJu0Yxk5BzVepeu9GF+1D0/Y+uJfYZz/EFtmxnFSXAs+k3Umo/1yl+c 26BVTrVzL0CoXobz3zdw8hqdfoSX3tXoy5OfcvQlNA== X-Google-Smtp-Source: AGHT+IG1cYwz5bu/5ZgBzdw9ECTZUbCA2/P7RKfZVDqe7dVEa7NHVFBLtd0yrRKFg2ZVXhodz1Qj9XcCQ0fTbqf323w= X-Received: by 2002:a50:c31b:0:b0:538:5f9e:f0fc with SMTP id a27-20020a50c31b000000b005385f9ef0fcmr56602edb.0.1697497919196; Mon, 16 Oct 2023 16:11:59 -0700 (PDT) MIME-Version: 1.0 References: <20231016132819.1002933-1-michael.roth@amd.com> <20231016132819.1002933-47-michael.roth@amd.com> In-Reply-To: <20231016132819.1002933-47-michael.roth@amd.com> From: Dionna Amalie Glaze Date: Mon, 16 Oct 2023 16:11:45 -0700 Message-ID: Subject: Re: [PATCH v10 46/50] crypto: ccp: Add the SNP_{SET,GET}_EXT_CONFIG command To: Michael Roth Cc: kvm@vger.kernel.org, linux-coco@lists.linux.dev, linux-mm@kvack.org, linux-crypto@vger.kernel.org, x86@kernel.org, linux-kernel@vger.kernel.org, tglx@linutronix.de, mingo@redhat.com, jroedel@suse.de, thomas.lendacky@amd.com, hpa@zytor.com, ardb@kernel.org, pbonzini@redhat.com, seanjc@google.com, vkuznets@redhat.com, jmattson@google.com, luto@kernel.org, dave.hansen@linux.intel.com, slp@redhat.com, pgonda@google.com, peterz@infradead.org, srinivas.pandruvada@linux.intel.com, rientjes@google.com, dovmurik@linux.ibm.com, tobin@ibm.com, bp@alien8.de, vbabka@suse.cz, kirill@shutemov.name, ak@linux.intel.com, tony.luck@intel.com, marcorr@google.com, sathyanarayanan.kuppuswamy@linux.intel.com, alpergun@google.com, jarkko@kernel.org, ashish.kalra@amd.com, nikunj.dadhania@amd.com, pankaj.gupta@amd.com, liam.merwick@oracle.com, zhi.a.wang@intel.com, Brijesh Singh , Alexey Kardashevskiy Content-Type: text/plain; charset="UTF-8" X-Rspamd-Queue-Id: DF185140008 X-Rspam-User: X-Stat-Signature: ns7ktjhkbsxykxberwwtpdc3ojtfkift X-Rspamd-Server: rspam03 X-HE-Tag: 1697497920-977390 X-HE-Meta: U2FsdGVkX1+gOisdoLcsVKfSn5jL38aYOXNthPK2LMS3NbRs9xYkDbFGSOvsoGOxIdjDRr8s/IZDTV044FRGSy00hPURvgZVk3CROjq7PhJtzcmsBmzXIaZgHnqFFHSdz7eDTfCG26aKa1bFHxxPQoaiDsQwfGsKkj2bA9jr78uNiIFpm1+wEdWsY1BErR2s1X5pkVXOGre+ay0uNigpYCKuWWcvm/OTBs7lj28BHhbBBAkFtnNJoirsN/QMXIQaUlzOKncrp3+Vb8krVCgWAxt72NelE2AYtdW0d0PXMyGGoBIKbIqfhtNb2R+C6QnpBobE6Z5PivVgF+sNTF3wPyqROwXJU8xfOnuEdPni7i6JGyYA1PMjxY1Moiny7MVT8roAyfrDz+Hn9RFQcRwE1+QkjZaa0eQUJdKFgT6wuZ5tjE/KFMlCYrE/5Qy2Yc+xhxpG2h8rSHNEP0We84Lz+DgyZ12RfSw1Jg1Lu+5kXdokNzOGIpDU83V3fD2lgo8mrRIUwyxhvD/0AFGn5b2Utp6HTdtNOvHSHJIb45mCPg4kP4Qz+HxfCeeSFIGj1utWMThVz7hL+tYAb0S8nujfk8LdeVfJXJjar5xXxMfAs/drRrgXQJXzuG1DrrQhSlEJZORoOMGnsIALDeUPgzaeRSsok1ieww9Igqkscm0c5Piuah8H3jf/JZoQgNUKCmepVZakcUZWvn4xej0L0G/hlnk6w/WvEGbBrDnyoUsgD7wgFgHCC0+kAXUMB1hgZJgTYmY9lHp82OXa1DkvW04Jjik/Q7/X3G9Ve+eBA0WZQFWsG3sXRQ1yl3O9qfdG/ROwaaL1g3KyBPU7eO61tBNj+v4D9Xt9wFR96+CNmhYtZ6kONM2BxeWNZn0B7YQIoNyXlNGuRFx3NYVTDlwWmlf7ROL5i/z6/8h2fFQ3eRT+xaQG57/WEj5hK+Jq6oRNaWI9W8M8xW6vGjSjPAGSN30 0WZVYILB jZfcOvBNl1d7NIIIM3j8ZSDmz9CEY+TiTBJ8eEJO3hWkix4zL0gf0piwNVDbA6Fr6R6qtZTVj7mA2CcizpwQ1D/32e1u7wYrLNXbQ3840ojf2SdEBFX+S9/SQMW4UEzzS3zr/tBHidtKyUuzmQSBZTdzDknAfHmSsvim2aXeSM4lwFd75EcmVcNb3CXIK0uKxgcJzLsMrnrGauNwynd+//lZ88TsHja3JKHLDA7OuGGL9KszHxaLYgCWbBRLM942dWGF/cZS95YgIJOKMneQMTxcSEw== X-Bogosity: Ham, tests=bogofilter, spamicity=0.004589, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: > +/** > + * struct sev_data_snp_ext_config - system wide configuration value for SNP. > + * > + * @config_address: address of the struct sev_user_data_snp_config or 0 when > + * reported_tcb does not need to be updated. > + * @certs_address: address of extended guest request certificate chain or > + * 0 when previous certificate should be removed on SNP_SET_EXT_CONFIG. > + * @certs_len: length of the certs > + */ > +struct sev_user_data_ext_snp_config { > + __u64 config_address; /* In */ > + __u64 certs_address; /* In */ > + __u32 certs_len; /* In */ > +} __packed; > + Can we add a generation number to this? Whenever user space sets the certs blob it will invalidate the instance-specific certificates that are settable in KVM. The VMM will need to weave the instance-specific data with the new certs installed at the machine level since we're not adding interpretation of the cert blob to KVM. -- -Dionna Glaze, PhD (she/her)