From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 670D3CDB47E for ; Wed, 18 Oct 2023 21:43:39 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id E0CE98004F; Wed, 18 Oct 2023 17:43:38 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id DBC2C8D0016; Wed, 18 Oct 2023 17:43:38 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id C850B8004F; Wed, 18 Oct 2023 17:43:38 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id BA8688D0016 for ; Wed, 18 Oct 2023 17:43:38 -0400 (EDT) Received: from smtpin06.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay09.hostedemail.com (Postfix) with ESMTP id 8D77A805BF for ; Wed, 18 Oct 2023 21:43:38 +0000 (UTC) X-FDA: 81359909316.06.B1C91EA Received: from mail-pf1-f202.google.com (mail-pf1-f202.google.com [209.85.210.202]) by imf02.hostedemail.com (Postfix) with ESMTP id CFA8C80007 for ; Wed, 18 Oct 2023 21:43:36 +0000 (UTC) Authentication-Results: imf02.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=fCQT6eQM; spf=pass (imf02.hostedemail.com: domain of 3h1EwZQYKCBwK62FB48GG8D6.4GEDAFMP-EECN24C.GJ8@flex--seanjc.bounces.google.com designates 209.85.210.202 as permitted sender) smtp.mailfrom=3h1EwZQYKCBwK62FB48GG8D6.4GEDAFMP-EECN24C.GJ8@flex--seanjc.bounces.google.com; dmarc=pass (policy=reject) header.from=google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1697665416; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=yHOjPmOC7r0r+5ar9NobWThJ75pkt4P9q/gadRDvKdc=; b=Z8faaavz6wD8UNZ0ic8cvl/n8lTydn2l5lU63koVG0XiZv//0xdUuQLYGcWbxmHDLxRjcY XuLuF8VDrzZ0SKzRViBlUZT7g7EGhOtnnoFnhmzxxTJHQtJTKIEkD687cQeFt/y0+qiYR4 r1PzV9IXR8KyNKhlN8Yuql2rGK+Tlgc= ARC-Authentication-Results: i=1; imf02.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=fCQT6eQM; spf=pass (imf02.hostedemail.com: domain of 3h1EwZQYKCBwK62FB48GG8D6.4GEDAFMP-EECN24C.GJ8@flex--seanjc.bounces.google.com designates 209.85.210.202 as permitted sender) smtp.mailfrom=3h1EwZQYKCBwK62FB48GG8D6.4GEDAFMP-EECN24C.GJ8@flex--seanjc.bounces.google.com; dmarc=pass (policy=reject) header.from=google.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1697665416; a=rsa-sha256; cv=none; b=iHZxmbXB5k7pMdu5/GVhmuYYCOSesUblh3zLtmss51/2VrOP/Oe+MUZumLwslfa2mLy2vg S7rgrp+uo3lIMPvKm3+CM9z+xW69kb3l2jMdG2CetCNNtQZHu7TJTqP/npKHbqwq2T0y6O 1Q77D2oJzhm1bo4vQ/pmXPGyBqz8TJk= Received: by mail-pf1-f202.google.com with SMTP id d2e1a72fcca58-6b496e1e53bso4924347b3a.0 for ; Wed, 18 Oct 2023 14:43:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1697665415; x=1698270215; darn=kvack.org; h=content-transfer-encoding:cc:to:from:subject:message-id:references :mime-version:in-reply-to:date:from:to:cc:subject:date:message-id :reply-to; bh=yHOjPmOC7r0r+5ar9NobWThJ75pkt4P9q/gadRDvKdc=; b=fCQT6eQMQntSNMCdfgQWP2NVMLpEHgrMLWROFWiiw/Boc4OuLnwSuMXCr2QMJlHSJg IUM5Nkc6PzVpAB7HF4/oX0cgOgVOt/hO1OAo4Jg0QiluUsVs5ah9g840j9Ac3fMWvOtv UkMiuYXo4plp9aEXKfJr38se65SzDBoUMYcCIy/d7VRP6EuGev29cKtCWoOy0TxKhDSI eFgsed/DgZHn5G//lgww57URNgLqORIyRJGDH8wGGQTUxDK/ZZEguZ3aVp80wFvXJZIt B6Sv83hNi3AZ2r8KF3IzV5J8gUjQsY4J/Jg9OZmpGb92GyKIJQe68A4RtR1aWMIG6uQh fnbw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1697665415; x=1698270215; h=content-transfer-encoding:cc:to:from:subject:message-id:references :mime-version:in-reply-to:date:x-gm-message-state:from:to:cc:subject :date:message-id:reply-to; bh=yHOjPmOC7r0r+5ar9NobWThJ75pkt4P9q/gadRDvKdc=; b=JmO4/vZ6krOB3LDvR8aWNtfVk1GJUCtF/ZT28toKm9zH/KIZQpnVxC1grG6fUCUDkW w0JTd1d18x5XC1F4b9xkh9aHrcyMHzvSa7kkiBY3mEnIK9Sdlk5QsCSx1qk5d6kKYPbH hc+h++ZzpaGzO6oPfff0e1s6nfDGib5XJpBe3RJswmxXHpRP8qaqQdsnhj0jCi+Tob8X kLUVb2ZGc5A4xZoh+T4TdxhAos8AzK8HaS5Qck71fIKnCIApnUKPnvrgmcU/f9Zq7D7B h3msf+35ckJFAcn3Em6pVdVPIyqEQUnrUCgI3LGO/UlZ+Qd8iA0KiHowXYnULXGFkpJ8 48pQ== X-Gm-Message-State: AOJu0Yzplr3rPRkEAAdpY//MZibRX0XvnfPvQGbxd5Bb6VXXIEtpYKJo ey0yfHSLphDeqR911VbpsgAv89ZGn8w= X-Google-Smtp-Source: AGHT+IGUIkCQe1UK/QW99mdDBgVsiaYRLV507eIWp4Sq8wCBVUL0fhdbBBlk6yGAr+Sqlx1A3Hmy2I+nx8s= X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:aa7:8f96:0:b0:68f:cb69:8e76 with SMTP id t22-20020aa78f96000000b0068fcb698e76mr7929pfs.2.1697665415538; Wed, 18 Oct 2023 14:43:35 -0700 (PDT) Date: Wed, 18 Oct 2023 14:43:33 -0700 In-Reply-To: <4f8bb755-e208-fd8c-f948-f7d64260f8a7@amd.com> Mime-Version: 1.0 References: <20231016132819.1002933-1-michael.roth@amd.com> <20231016132819.1002933-49-michael.roth@amd.com> <09556ee3-3d9c-0ecc-0b4a-3df2d6bb5255@amd.com> <4f8bb755-e208-fd8c-f948-f7d64260f8a7@amd.com> Message-ID: Subject: Re: [PATCH v10 48/50] KVM: SEV: Provide support for SNP_GUEST_REQUEST NAE event From: Sean Christopherson To: Ashish Kalra Cc: Alexey Kardashevskiy , Dionna Amalie Glaze , Michael Roth , kvm@vger.kernel.org, linux-coco@lists.linux.dev, linux-mm@kvack.org, linux-crypto@vger.kernel.org, x86@kernel.org, linux-kernel@vger.kernel.org, tglx@linutronix.de, mingo@redhat.com, jroedel@suse.de, thomas.lendacky@amd.com, hpa@zytor.com, ardb@kernel.org, pbonzini@redhat.com, vkuznets@redhat.com, jmattson@google.com, luto@kernel.org, dave.hansen@linux.intel.com, slp@redhat.com, pgonda@google.com, peterz@infradead.org, srinivas.pandruvada@linux.intel.com, rientjes@google.com, dovmurik@linux.ibm.com, tobin@ibm.com, bp@alien8.de, vbabka@suse.cz, kirill@shutemov.name, ak@linux.intel.com, tony.luck@intel.com, marcorr@google.com, sathyanarayanan.kuppuswamy@linux.intel.com, alpergun@google.com, jarkko@kernel.org, nikunj.dadhania@amd.com, pankaj.gupta@amd.com, liam.merwick@oracle.com, zhi.a.wang@intel.com, Brijesh Singh Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Rspamd-Queue-Id: CFA8C80007 X-Rspam-User: X-Stat-Signature: 4e7dzgx61pj5ht9h3jrfbuged9kzo1bi X-Rspamd-Server: rspam01 X-HE-Tag: 1697665416-878583 X-HE-Meta: U2FsdGVkX1+RmayUHaviU7SwGisfQiK6bgRBnZalSUgjwlLzcPtTdgmYSTIKU0kGrGfqKf+tHujAXsmMMGF6TWlD9NTRqy0Qnz39rO5UgeMbnCM34Hi2AAQ95fBeD/+Su5HbXiG9HOUcTteWQ93cBqTv5iTHYw7TQYo5XOkwWvAkzR8CzY6x85IQ4C026Z5PMJqnP+Tmw2nPXpXnbcST+IXBXpZkQ/4Ae5Kv4+vnaXIC7D/I3tT2BCYCMlPZF8x37MUQ3mB9hXoBs87WFFLGWXWfIK8EJbXFUdZYsEGfxVnBqwB1IitYZbuT46HFGSm0yq+hw7orr0gpepLci+FP/alpYEj9cJmF2OmGCx47IPBPYrkwe3aSBO4AyuvMPQW7GhNl1BInb+2+/5eDqoXw1XEYbIopK4dOHNgWGCi8bh+n0Ma3fxuRvqGkUFmwTQ3OwvR43hewK6kRvbF7pst66IVEYlZ8mq03WPKF8kJ6X9V7zYDPp0FmCnpniV9kS/Bl2MVQkQOilhe0GZwO+RSC+vZ+8mVwGuFnSomalsJCELmty5XWVBU6He+nig6C6gK6ZTh8VV3/XfZVeNvjNf4HdqEBdgH617iFsuWJIssuX6j4sA6/v/Iyt72tnjQtz/TqKoysOYLA4SeX1zplbPk5y6GHJlInCZGI8rzFGQHrbRrH2aEA3F97XG9TlmxlSsRyBaRlPQEp2GYsiKttDuhctimln2YsqNoDWUCVtfzOGE/F/+MaswC23QJkRyhrlnll5+gOwctgtKbnMvK9TBrlcaUtNxnL0ofilccrJPtGZEXQhJ0yuA3nRm8lBupyJM2eyO+94bC7Jx3a6/iQcI0by7v3rM4S5L0S/tZhlI3FAwUbRPeDJgOxcY9fQWjN3sJmm7vlmOqq5mcOoADxo/ViNIJx/ns1F7CYTadXgNamQzjmJC7CnF7au58HsSbZMeYH6IjirZvnf83IuijuwTB lmQFjxtv zJdFev1CXkVUvzn9N29r10J8nuaPSzmwK6xrZ5mKQ1m3o/KzEIVqgZbNyrBGGbIoLutc0GsRwRhcD11m7dz3jAxywdoW4/1a9WeO1pN7Rb1ulpwEe526pwesJrJ5p5t3I+R8ORkrh/AoHipe4SwHmjKV7vgDcH+V73asTg86C+Iav++3IA4aEqifhoRbUa9jUT1cd88bfqjOjw/OpM1T2imJ3grr/g8tGPlwwJdBaNmGjos76Fe3wumJiojgoOGOX+yhzrnDuagzSahf7u07HT1rOhk/53xvKCuN3Kd1hKHNiJUAmX5DpyF62ka/tLqnZz2d2Lw87/a6HxS5MuIUs88TbBSEv5sdwRbtCur6MQNDbWQVybOLhm7YgPKZnMdHwzZbiXteFICmmrCy8K0fNxnn1iw4VOp2RG00hjbTuooY6UfOHy1SMzy3xtZkZ692EetEq0CDJu9enH7so5RCZXL/Hnx1LKCKyNj2EOiSxy0d0X/NDdvwWmHfDX7LXJD1yIfgKTi5+X1GgXmC2j1+3mtRpG6+gwHe02pBev7viOPmePp1H42cReG0VF0S57959v3ayjdRCjWuICoW+yFXMYFQqFiwD5G7G/vcaww8CD8doheSyOAIFPIrVT7RPg8z6A4vs X-Bogosity: Ham, tests=bogofilter, spamicity=0.001986, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Wed, Oct 18, 2023, Ashish Kalra wrote: >=20 > On 10/18/2023 3:38 PM, Sean Christopherson wrote: > > On Wed, Oct 18, 2023, Ashish Kalra wrote: > > > > static int snp_handle_ext_guest_request(struct vcpu_svm *svm) > > > > { > > > > struct kvm_vcpu *vcpu =3D &svm->vcpu; > > > > struct kvm *kvm =3D vcpu->kvm; > > > > struct kvm_sev_info *sev; > > > > unsigned long exitcode; > > > > u64 data_gpa; > > > >=20 > > > > if (!sev_snp_guest(vcpu->kvm)) { > > > > ghcb_set_sw_exit_info_2(svm->sev_es.ghcb, SEV_RET_INVALID_GUEST); > > > > return 1; > > > > } > > > >=20 > > > > data_gpa =3D vcpu->arch.regs[VCPU_REGS_RAX]; > > > > if (!IS_ALIGNED(data_gpa, PAGE_SIZE)) { > > > > ghcb_set_sw_exit_info_2(svm->sev_es.ghcb, SEV_RET_INVALID_ADDRESS= ); > > > > return 1; > > > > } > > > >=20 Doh, I forget to set vcpu->run->exit_reason =3D KVM_EXIT_HYPERCALL; > > > > vcpu->run->hypercall.nr =3D KVM_HC_SNP_GET_CERTS; > > > > vcpu->run->hypercall.args[0] =3D data_gpa; > > > > vcpu->run->hypercall.args[1] =3D vcpu->arch.regs[VCPU_REGS_RBX]; > > > > vcpu->run->hypercall.flags =3D KVM_EXIT_HYPERCALL_LONG_MODE; > > > > vcpu->arch.complete_userspace_io =3D snp_complete_ext_guest_reques= t; > > > > return 0; > > > > } > > > >=20 > > >=20 > > > IIRC, the important consideration here is to ensure that getting the > > > attestation report and retrieving the certificates appears atomic to = the > > > guest. When SNP live migration is supported we don't want a case wher= e the > > > guest could have migrated between the call to obtain the certificates= and > > > obtaining the attestation report, which can potentially cause failure= of > > > validation of the attestation report. > >=20 > > Where does "obtaining the attestation report" happen? I see the guest = request > > and the certificate stuff, I don't see anything about attestation repor= ts (though > > I'm not looking very closely). > >=20 >=20 > The guest requests that the firmware construct an attestation report via = the > SNP_GUEST_REQUEST command. The certificates are piggy-backed to the guest > along with the attestation report (retrieved from the FW via the > SNP_GUEST_REQUEST command) as part of the SNP Extended Guest Request NAE > handling. Ah, thanks! In that case, my proposal should more or less Just Work=E2=84=A2, we simply= need to define KVM's ABI to be that userspace is responsible for doing KVM_RUN with vcpu->run->immediate_exit set before migrating if the previous exit was KVM_EXIT_HYPERCALL with KVM_HC_SNP_GET_CERTS. This is standard operating p= rocedure for userspace exits where KVM needs to "complete" the VM-Exit, e.g. for MMI= O, I/O, etc. that are punted to userspace.