From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id C266FCDB47E for ; Wed, 18 Oct 2023 20:38:50 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 5C5FD8D0190; Wed, 18 Oct 2023 16:38:50 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 54EF38D0016; Wed, 18 Oct 2023 16:38:50 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 3C8768D0190; Wed, 18 Oct 2023 16:38:50 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id 2A3588D0016 for ; Wed, 18 Oct 2023 16:38:50 -0400 (EDT) Received: from smtpin11.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay04.hostedemail.com (Postfix) with ESMTP id E6F511A03A5 for ; Wed, 18 Oct 2023 20:38:49 +0000 (UTC) X-FDA: 81359745978.11.A75B8AC Received: from mail-yw1-f201.google.com (mail-yw1-f201.google.com [209.85.128.201]) by imf05.hostedemail.com (Postfix) with ESMTP id 3B6B910000E for ; Wed, 18 Oct 2023 20:38:48 +0000 (UTC) Authentication-Results: imf05.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=vIL2weks; spf=pass (imf05.hostedemail.com: domain of 3V0IwZQYKCMwAws51uy66y3w.u64305CF-442Dsu2.69y@flex--seanjc.bounces.google.com designates 209.85.128.201 as permitted sender) smtp.mailfrom=3V0IwZQYKCMwAws51uy66y3w.u64305CF-442Dsu2.69y@flex--seanjc.bounces.google.com; dmarc=pass (policy=reject) header.from=google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1697661528; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=B2vuxwNUjHanOakE7PhkoyaYiDRMZoiUmEZlALcX3Sg=; b=jFjz0UrfkUdTj0ZsjBXmUwCfTPB7ErcbGl88SyANpuYu4bTFygiatN9mCfHUVDXbLNNrNv SAe9+9gynAe8RLFi9h3O0ean7kQirBeb/K9DXlLAyIbuIR/0PQSwIKAnDxncJOuBd3bRPv xfI3o48UvqU391BeeoxwN7cb5hx8BNs= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1697661528; a=rsa-sha256; cv=none; b=y/4lVzAaOHxw2qMJNdhrwed+DS73BNIdbWjwnfkPLiyNU9ed2Lcnfi36GGBR2lrNh63VCP pcS64xQc+bl3ZxGL1pGTihhHQgr8vo/nGhmzLvWOb1y39nrCtlpAY8vCqMtVuv8USX2X9a XsTGovohorjpEUA5g93LqfmnfRGdyk4= ARC-Authentication-Results: i=1; imf05.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=vIL2weks; spf=pass (imf05.hostedemail.com: domain of 3V0IwZQYKCMwAws51uy66y3w.u64305CF-442Dsu2.69y@flex--seanjc.bounces.google.com designates 209.85.128.201 as permitted sender) smtp.mailfrom=3V0IwZQYKCMwAws51uy66y3w.u64305CF-442Dsu2.69y@flex--seanjc.bounces.google.com; dmarc=pass (policy=reject) header.from=google.com Received: by mail-yw1-f201.google.com with SMTP id 00721157ae682-5a7af53bde4so117852447b3.0 for ; Wed, 18 Oct 2023 13:38:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1697661527; x=1698266327; darn=kvack.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=B2vuxwNUjHanOakE7PhkoyaYiDRMZoiUmEZlALcX3Sg=; b=vIL2weks4s8LF+UoPxuOLR2omwlhtIZr/Poe6KRUHaW7rdtzqa00cDvb6pdy70ob7G wiKYvGhm3b38n1qWfvfkpEASSRCijjwq9iv4vH4XwW6bkjgnZgwldBk3mIqtF1uG3Wg0 C73oZ+NGaymAKQEdCkbN240X5X6T8mCubGQkopc28xgP9Y48egQGrvSgBJqaxXZ3KSDG nG3HVWw5zrSgjYOquYDmOgE5OuwHNGGNmQly3HZoaU6rN9YHmP49cf2rnMQagMaYsbdk uc7BrRW/oZRJT2bxUnifAXrkAEbeKuP+V9LVJR3MoFMFXDX3PnrQjQqtmAz4gMK2bUFB hwtw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1697661527; x=1698266327; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=B2vuxwNUjHanOakE7PhkoyaYiDRMZoiUmEZlALcX3Sg=; b=dHdd8cX3iWFEtM8KhxvCDGTo6aoTXyQwBprgqFA8nv/YEVYMUJY9bP/z+PGMV9mGmI yduV1/bi6BycsmGIZ2NXrituNNf6GvvGwG24LkesWdc09OBJ1yR2l9TKyKjVWYKPklOr KJJYOnawWTOmSSt62dBAkz1tU5SaNuEGcPasQB9BZxB7RgCW2MreSB33mjE4UmSrzlZ3 HcYQemI0WfpLUTv5zHSF24Dn1iCPXdoC3wEVHslZPpzVXkAEISCskykFLK9UCyeQzxoH GbnY4pIjM5GUgemAShtY13r92MGOqEzKadZ110sLERvtNVv4+SsWZhJ+37XaQG11IrdS cAZQ== X-Gm-Message-State: AOJu0Yx6JTZue0CmBP3VYKW/+Cg7Lrq54bmBklFOWZ5n8Y45onG23Dx5 R6U76ez+ZUZ3BC8HBGfloodTczOqiLI= X-Google-Smtp-Source: AGHT+IGd6l8t7dSPqvjLwr1up5LbNppFyLB+KHswpcTN3MkRXf+fX3swfqUVEKJu/4yV2rYkq43dRov4EMo= X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a0d:d5ca:0:b0:5a8:7b96:23d8 with SMTP id x193-20020a0dd5ca000000b005a87b9623d8mr9852ywd.3.1697661527331; Wed, 18 Oct 2023 13:38:47 -0700 (PDT) Date: Wed, 18 Oct 2023 13:38:46 -0700 In-Reply-To: <09556ee3-3d9c-0ecc-0b4a-3df2d6bb5255@amd.com> Mime-Version: 1.0 References: <20231016132819.1002933-1-michael.roth@amd.com> <20231016132819.1002933-49-michael.roth@amd.com> <09556ee3-3d9c-0ecc-0b4a-3df2d6bb5255@amd.com> Message-ID: Subject: Re: [PATCH v10 48/50] KVM: SEV: Provide support for SNP_GUEST_REQUEST NAE event From: Sean Christopherson To: Ashish Kalra Cc: Alexey Kardashevskiy , Dionna Amalie Glaze , Michael Roth , kvm@vger.kernel.org, linux-coco@lists.linux.dev, linux-mm@kvack.org, linux-crypto@vger.kernel.org, x86@kernel.org, linux-kernel@vger.kernel.org, tglx@linutronix.de, mingo@redhat.com, jroedel@suse.de, thomas.lendacky@amd.com, hpa@zytor.com, ardb@kernel.org, pbonzini@redhat.com, vkuznets@redhat.com, jmattson@google.com, luto@kernel.org, dave.hansen@linux.intel.com, slp@redhat.com, pgonda@google.com, peterz@infradead.org, srinivas.pandruvada@linux.intel.com, rientjes@google.com, dovmurik@linux.ibm.com, tobin@ibm.com, bp@alien8.de, vbabka@suse.cz, kirill@shutemov.name, ak@linux.intel.com, tony.luck@intel.com, marcorr@google.com, sathyanarayanan.kuppuswamy@linux.intel.com, alpergun@google.com, jarkko@kernel.org, nikunj.dadhania@amd.com, pankaj.gupta@amd.com, liam.merwick@oracle.com, zhi.a.wang@intel.com, Brijesh Singh Content-Type: text/plain; charset="us-ascii" X-Rspamd-Queue-Id: 3B6B910000E X-Rspam-User: X-Rspamd-Server: rspam11 X-Stat-Signature: hsn8rhirttt7btnnpp9sd6nx4be6nqh4 X-HE-Tag: 1697661528-334155 X-HE-Meta: U2FsdGVkX19YCQB4qN+IvzspjymvloyOq+nClOameVf8/5U4Fks/XNklCKqoLf6UHbEcjkyKC9Fk0/dSYixZ2VseSPcVFhGPbAM8+C/f9Cnqo88920v+1I5VUsMUmVQ5a8sw4n1JWDULpe/H2ZX4lUMRIDWeXMLiNKbWYj0YJfUyoEYp1X4/tNK6pf5WHeSNzQ3Yef6KZzbt58ehXjuJSjJeH836bPPBgRxjiWFIdf+H/AYNU5cTUUTcEQM8sDmONZNDCBKFG3D5k1ZE/WUpr5hwR5ftZf4dpSKySpWjsEB52vlt1dJNtWHH6dKi7pWgZqlgeWcTg5NbngBUxnhdl8DyEYzJ/rZlz1Ib5KhRYn1Yo9VEUBm1OJMMrydR6hxEuzLmZfBnQgfW3Tq4LhO8cnsIfyiNhF5GoZxFb2I672TAl1mjpaMjkgoUR9ecWrGNIx4Kcp2BOVDwRXgxwWp1d4j3K08EBBjRcM4H29txWURD7zNTieoUd/3wxaK2sVi47EV5csoP0KOAXxgGO8d2w/hlFMHyx8YPauVRBom5/40rBQVqT6nJa7aeX+uHjR30KBFsV+kK8SQR91MDSjXffswCdqoRWHbDpAMVXQ6X9QG3lrGGyrnch0zI4lGuH6JUmL3Yn6akTvhkk0mBQ1VSw6J1txIVn5ImkkV/TTXomsYEOhbqgqVGG7cdOl0oY3bwYrJiSLq50J93ClWrGa2QI7Yk3YbS4+VlpJq9Ts9mhSFfCfQDQcIck/k4/zQ+q+Cd2WjG4iMd/OyBuYUfBmgq+rrPiZP9/qfL/V0mebewz5OhpwM7HYRselc0NgMi8px3kPViq4MEyHdN1Zo1Eq/WKnrwz3CP/zJdaxuC5d3Yvfa8CNDOIc5+6YuSbDKoasjylRodeCbFvvrDqqaAi8oJhjGaHMBinKTCbjXJAIUD+uiSpmz8jb7q/gsTRdxr0CV7Poj3gbk9oPEQE0WpjpM dlgHp9OL sBeDo4EtA6ihOW2KW1L0G80039t6mZNoieC8Eg+qIXW9BqTgfkcyLeay9JsTi6t07+QYj7F9fdyzeQ7nR6nrXSwcqpifkPrLInZZmFAyDrbW1oA4wXEegU186LR/qDITLj3K+aVDATFIggygPjwN4K8EWfDjflwwNU/FjU+ZdNFbyFaIgEU+M6jpsuIYd+pjYV/3EQyd8u6WVh8ExXfw8TfbDO4ZthmDPOovXdTQkOrPTX5KMVSN0h3Nb4MvTT2tzBsucB6XfEVEfU4PsXHOZ4qJo+AROwDi9VTO9UEACeCDcxIzpS+d8RfpLN6yz+l84i6tth7U+uxzZUbSiPe5swS7oLuEi53nGT611kzZ5DsKEXd8okVUXL8t9qsk0rYeWliLGhvKg9WCRBaXrypXknCe6J8hvHSRKAEpDlhYBjSimY1frYgz2PccFEGw4aigZ5xXVSAdxWbhukAqXZo6fRVHspJ0iehkVJ2GNzSlbviUb24au8RrXf5mRqzBm4fOpwmM4ZDhZIMbUepWE6nFwwhfBjnECeAa/EM5gUTGxLXpoC9pwes6bn3UAPRZCkCrF/e6CsPWpJtmFfxczxqQKymHj2GH5V3CaRh8e3W2hdYA3y/SRH1QSXkYr6IhwrxyAwgae X-Bogosity: Ham, tests=bogofilter, spamicity=0.017823, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Wed, Oct 18, 2023, Ashish Kalra wrote: > > static int snp_handle_ext_guest_request(struct vcpu_svm *svm) > > { > > struct kvm_vcpu *vcpu = &svm->vcpu; > > struct kvm *kvm = vcpu->kvm; > > struct kvm_sev_info *sev; > > unsigned long exitcode; > > u64 data_gpa; > > > > if (!sev_snp_guest(vcpu->kvm)) { > > ghcb_set_sw_exit_info_2(svm->sev_es.ghcb, SEV_RET_INVALID_GUEST); > > return 1; > > } > > > > data_gpa = vcpu->arch.regs[VCPU_REGS_RAX]; > > if (!IS_ALIGNED(data_gpa, PAGE_SIZE)) { > > ghcb_set_sw_exit_info_2(svm->sev_es.ghcb, SEV_RET_INVALID_ADDRESS); > > return 1; > > } > > > > vcpu->run->hypercall.nr = KVM_HC_SNP_GET_CERTS; > > vcpu->run->hypercall.args[0] = data_gpa; > > vcpu->run->hypercall.args[1] = vcpu->arch.regs[VCPU_REGS_RBX]; > > vcpu->run->hypercall.flags = KVM_EXIT_HYPERCALL_LONG_MODE; > > vcpu->arch.complete_userspace_io = snp_complete_ext_guest_request; > > return 0; > > } > > > > IIRC, the important consideration here is to ensure that getting the > attestation report and retrieving the certificates appears atomic to the > guest. When SNP live migration is supported we don't want a case where the > guest could have migrated between the call to obtain the certificates and > obtaining the attestation report, which can potentially cause failure of > validation of the attestation report. Where does "obtaining the attestation report" happen? I see the guest request and the certificate stuff, I don't see anything about attestation reports (though I'm not looking very closely).