From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 406BBCDB474 for ; Mon, 16 Oct 2023 23:18:32 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id B6E128D00CB; Mon, 16 Oct 2023 19:18:31 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id B45348D00B8; Mon, 16 Oct 2023 19:18:31 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id A335C8D00CB; Mon, 16 Oct 2023 19:18:31 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by kanga.kvack.org (Postfix) with ESMTP id 91DC88D00B8 for ; Mon, 16 Oct 2023 19:18:31 -0400 (EDT) Received: from smtpin20.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay06.hostedemail.com (Postfix) with ESMTP id 6013DB5F0C for ; Mon, 16 Oct 2023 23:18:31 +0000 (UTC) X-FDA: 81352890822.20.6AEB60A Received: from mail-ed1-f47.google.com (mail-ed1-f47.google.com [209.85.208.47]) by imf29.hostedemail.com (Postfix) with ESMTP id ACC5A12000C for ; Mon, 16 Oct 2023 23:18:29 +0000 (UTC) Authentication-Results: imf29.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=FX+ovaVG; dmarc=pass (policy=reject) header.from=google.com; spf=pass (imf29.hostedemail.com: domain of dionnaglaze@google.com designates 209.85.208.47 as permitted sender) smtp.mailfrom=dionnaglaze@google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1697498309; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=iC/11YtDunCM076LJgjQ2zeYYGBdalGng9NijQt/KpE=; b=fWrQhg536HEzB5NElIJ8j38M7aCJGkg8uC3840Pk3nMG7Ob4nZMkSmSG6m3qpUd5Vdz3cV aQXKgrGBKF9+WuFy03j2MaAbYRb9/BtTHmMLGYfwtV08YGPIzP4SHlQaq4SPV1OcXihvoe Uj2iwYgcpZxYsGW9RQZL6Ffbkh9NSsI= ARC-Authentication-Results: i=1; imf29.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=FX+ovaVG; dmarc=pass (policy=reject) header.from=google.com; spf=pass (imf29.hostedemail.com: domain of dionnaglaze@google.com designates 209.85.208.47 as permitted sender) smtp.mailfrom=dionnaglaze@google.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1697498309; a=rsa-sha256; cv=none; b=pf2WqwFCbk8clI2NsyOgJh9KSgEqA8X3DTBHvQSTnNzkWYFsE33P4xiH5/dXfqZGuHeqO9 LsM0TYiIuTj6yLJC6yHZMql745gHv63HnJbzg7sxCrvywQ13de6U4lajiLI2Z0BhdwJkJP KWNYQ5Zziy1LnjzKJgGnQoIQMh23aaw= Received: by mail-ed1-f47.google.com with SMTP id 4fb4d7f45d1cf-536ef8a7dcdso2822a12.0 for ; Mon, 16 Oct 2023 16:18:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1697498308; x=1698103108; darn=kvack.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=iC/11YtDunCM076LJgjQ2zeYYGBdalGng9NijQt/KpE=; b=FX+ovaVGPBrMa9GbBaV7z6Mvdo93HhTetkwDPamFl2Xe5nkxVYo4s5v0gIYnnmpAlQ alOEDkgWPUxSLFXx1cGGiPCAc03GkRdtNsZoVE6GDkecX/BL6CQ0NfzddxmvMegFA4WZ RHeyCCFXXmB6UxARQ1zgqGwi4XgFHhHGtMmJSxxUtFTqkYhmSSxuE6OwOeNQT02T27rG Qj51rLhyvWz/oIcxQemwOPrannddHmUC7ShyOudV9vua5pVU+3++7hH/3gNsfFV/cHb3 gPu6lFEW+RX1hNGP2nZQkjfdXjzFalRYD23CBwaAo6efGVbr/iHbc+8MZFvQWDF8oQqS nqeQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1697498308; x=1698103108; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=iC/11YtDunCM076LJgjQ2zeYYGBdalGng9NijQt/KpE=; b=fZsqd5wjl+65iORFEHCGFQLqV6RbDeT/6ijJg4SBLCbNIsK5E7xPJHH3g6GzxNOM6Z yBifDIuT/asA3iVKCLmoutY/z2TmJVnPX4/qzLV682cckhQcDqgoQ6SfzfLkB4td7tSb lZoXCHR1JX3HUKX4Yqn3l65bSvnL9+ULAfPT/+cdqzWRAdNNFKiNiE3eprCfyB8ZgTf9 /dI9HPZS6MkGNqPeA7AScraZ3curh7/4mfpo1/49FOfVhcPTIke6GYiff4buOJndZ/ts 7ICAXqiglHnrXu3WNUx9gwdO0+phtwYCEUjZSC3vRu7enPLNEOr9cbIsK7YFPBkagY4l 9RXQ== X-Gm-Message-State: AOJu0YzUM8sBfCLlHO+FOiT5y4rKCcD4cJfC+redMd1GMv2CzUFQhLEJ sTJYGghtxXTa7G2sn9uinPR3f5KUogq8KLIOZMuYbWZQuMtPkHa3qvfFvA== X-Google-Smtp-Source: AGHT+IHSDQVFWveLXyGf0tUPijXYrSYM2YYlGt8C3Vmqr3FgJBMJpfYl60pFDrziom8VotGlWJVPTuF/S05fQjy7/O0= X-Received: by 2002:a50:8ad6:0:b0:522:4741:d992 with SMTP id k22-20020a508ad6000000b005224741d992mr50659edk.4.1697498308135; Mon, 16 Oct 2023 16:18:28 -0700 (PDT) MIME-Version: 1.0 References: <20231016132819.1002933-1-michael.roth@amd.com> <20231016132819.1002933-49-michael.roth@amd.com> In-Reply-To: <20231016132819.1002933-49-michael.roth@amd.com> From: Dionna Amalie Glaze Date: Mon, 16 Oct 2023 16:18:16 -0700 Message-ID: Subject: Re: [PATCH v10 48/50] KVM: SEV: Provide support for SNP_GUEST_REQUEST NAE event To: Michael Roth Cc: kvm@vger.kernel.org, linux-coco@lists.linux.dev, linux-mm@kvack.org, linux-crypto@vger.kernel.org, x86@kernel.org, linux-kernel@vger.kernel.org, tglx@linutronix.de, mingo@redhat.com, jroedel@suse.de, thomas.lendacky@amd.com, hpa@zytor.com, ardb@kernel.org, pbonzini@redhat.com, seanjc@google.com, vkuznets@redhat.com, jmattson@google.com, luto@kernel.org, dave.hansen@linux.intel.com, slp@redhat.com, pgonda@google.com, peterz@infradead.org, srinivas.pandruvada@linux.intel.com, rientjes@google.com, dovmurik@linux.ibm.com, tobin@ibm.com, bp@alien8.de, vbabka@suse.cz, kirill@shutemov.name, ak@linux.intel.com, tony.luck@intel.com, marcorr@google.com, sathyanarayanan.kuppuswamy@linux.intel.com, alpergun@google.com, jarkko@kernel.org, ashish.kalra@amd.com, nikunj.dadhania@amd.com, pankaj.gupta@amd.com, liam.merwick@oracle.com, zhi.a.wang@intel.com, Brijesh Singh , Alexey Kardashevskiy Content-Type: text/plain; charset="UTF-8" X-Rspamd-Server: rspam09 X-Rspamd-Queue-Id: ACC5A12000C X-Stat-Signature: tdsmfbdnguz14a48rejbp5mp9a7orssd X-Rspam-User: X-HE-Tag: 1697498309-14574 X-HE-Meta: U2FsdGVkX18VULGO3HiO97burOeaIbNG49Iv7DlGhcHolTgPfhTVgV6gVW9xswNCgM2lbAsdLM98v3XHvOaMje/5kK9ZJYNVhZ7U+vqHaxjGX0LbCAF1BJM7eY53KDDpcQ8XEcTFh1rp8Wq6GOMUUVWCLzbi4eIN2RScmg2oxXWg7nud2povqrrtqazTQGR1lbfglaqliOlqhtP7pMXJ7nnihKRc6x4xkYm29c/09pC2mXTVEZF+YsHT8nUV71euepDfQDnPfAGzjmUTqvAwZZek7YiyTstr6N3jYeblD/vlyYyA94UjxGKuoCwI6bErK8JxrwiLC+hghT/QSwFPFPOaseS2OPi2FLIH25kkhTs7o67eL/OiUCWsfX0WgiA9EkRSkvsvLsi6dTrlumn5dQ3Rf3LTb5k0lznBLW1+RoXFLVYZXdGCJKiROFd+p2KKRHFhSA9JBIqnnSrxzoa2entxeaov7i+jeCP5TpoiyT6Hg2Yu/2aqXQ40ypKnug7IwUGqLBas7LrFkXdTzBnZWHJ7f2k10+Njc28qzfCI+1fNzc1emiIbkWx4X7s8ktaTEKa363rMUZqvbyPs9Hgy1Fq24uv1j43s5POeOFM6p6QbfAYoH9T1NtHBFxgs6HcLFrPaT6OUap1QPHP35v/DyHVM4BgbUlJ3CTmXakZ94YN3VzuknBuFXi9GhCgcbAXJnGaywChmdin3iwYtoqkZSPDQJU+1WpGYoigUwyTORsQLlmH+ogJ9NV0yQvDymsJbP7sie5WNWChgLITu0M4U6gwu//YUSfSsrRkMQM/fLFc7a3oLiaXcuegOL2goqzGc6uCsJd3M7LqTkCl9uq5QIGS1r0tqUG6pF3i5ndcVm7oq+SCXA1hmr1zoDVdGs8GuiQb1AN7kXCD80yiWVL1fWZllp7cpBVIh9o5fO7ZoCMf2CDQIZSqV+UWTDiEo2KcLuU66Yd04dZAP/OxXUMP YYIDndAm ZdAL89C/w4rChHm5+/fC3Z6wfht+yBaHhDWXe4U2C33FBegXaW81s77VNKnwwlpGvvuvIFBkLeou0iK92Naagu/cCYJ3rJRvqkDfVXx0KSr0HoYrP7R2AXkqdnggdtOmRmqgMHD5c+QjSFgdo/pN6wCAtpDCJWzj5gfzNJzlx0/lt6IEkBtiX+Six16noxMCuIkjEgC4cRH0JhQ70W2w1GPx0hUSdhsY4qubly6+FBajIUQ2f7PF0d/4mQh122WxeTZ3RUghKF03wHlS2e97bSGITPA== X-Bogosity: Ham, tests=bogofilter, spamicity=0.072989, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: > + > + /* > + * If a VMM-specific certificate blob hasn't been provided, grab the > + * host-wide one. > + */ > + snp_certs = sev_snp_certs_get(sev->snp_certs); > + if (!snp_certs) > + snp_certs = sev_snp_global_certs_get(); > + This is where the generation I suggested adding would get checked. If the instance certs' generation is not the global generation, then I think we need a way to return to the VMM to make that right before continuing to provide outdated certificates. This might be an unreasonable request, but the fact that the certs and reported_tcb can be set while a VM is running makes this an issue. -- -Dionna Glaze, PhD (she/her)