From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id D54B3C001DF for ; Fri, 20 Oct 2023 00:13:55 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 4FB8C8D01B1; Thu, 19 Oct 2023 20:13:55 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 484BC8D01B0; Thu, 19 Oct 2023 20:13:55 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 324F08D01B1; Thu, 19 Oct 2023 20:13:55 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id 1C3488D01B0 for ; Thu, 19 Oct 2023 20:13:55 -0400 (EDT) Received: from smtpin24.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay06.hostedemail.com (Postfix) with ESMTP id E1E2EB65E9 for ; Fri, 20 Oct 2023 00:13:54 +0000 (UTC) X-FDA: 81363916788.24.08A0120 Received: from mail-pl1-f202.google.com (mail-pl1-f202.google.com [209.85.214.202]) by imf03.hostedemail.com (Postfix) with ESMTP id 411372000C for ; Fri, 20 Oct 2023 00:13:53 +0000 (UTC) Authentication-Results: imf03.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=B3KLA5VP; dmarc=pass (policy=reject) header.from=google.com; spf=pass (imf03.hostedemail.com: domain of 3P8YxZQYKCMI0mivrkowwotm.kwutqv25-uus3iks.wzo@flex--seanjc.bounces.google.com designates 209.85.214.202 as permitted sender) smtp.mailfrom=3P8YxZQYKCMI0mivrkowwotm.kwutqv25-uus3iks.wzo@flex--seanjc.bounces.google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1697760833; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=MAD0GymonKhVp5idan/hQP/ZSGOOIuiLDIayqa/R+JY=; b=FTdMM4uSJIavQMmuPyi5FCjeMyFY4h6GG7D/Xn1v+b3mN1jm7oe1KmApEY7KBap8W6X7Q6 7aCN01Eh+huwOFnWujhBxmtnJGSe7OgQL0ypVJkv7aongMKbj+ulJso4WBedwXTj1s2kC+ K94n1+65b+4DUrQ+J7z502Q8eDqermU= ARC-Authentication-Results: i=1; imf03.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=B3KLA5VP; dmarc=pass (policy=reject) header.from=google.com; spf=pass (imf03.hostedemail.com: domain of 3P8YxZQYKCMI0mivrkowwotm.kwutqv25-uus3iks.wzo@flex--seanjc.bounces.google.com designates 209.85.214.202 as permitted sender) smtp.mailfrom=3P8YxZQYKCMI0mivrkowwotm.kwutqv25-uus3iks.wzo@flex--seanjc.bounces.google.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1697760833; a=rsa-sha256; cv=none; b=VwX6VV+ifDA2k0HQB9t4k/mQ8MIqCkGV9znHAc7wI3vlJH8e0YTnqoscMEsDiQ4V4xk0OD 3apAM2dRXG8ABevbBaOyjKhjmgHO5N6bGJyWjX+nFcxh2ZM/6HLcWuEwHf8TdkGJKJh4sx uFOaJLmKX2NS8tFJ/mSWBZ8YLG/061g= Received: by mail-pl1-f202.google.com with SMTP id d9443c01a7336-1c9cce40f7eso1733665ad.3 for ; Thu, 19 Oct 2023 17:13:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1697760832; x=1698365632; darn=kvack.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=MAD0GymonKhVp5idan/hQP/ZSGOOIuiLDIayqa/R+JY=; b=B3KLA5VP8GbCCLV/K9qdRKn1KBTR0BCTAN2Oo9F9fFgBNjsg+aiqpJDu/ghy0S368H GKYRo3/QyHqllf1WrCkP9xVKJ58OnfRn3a1u+pCnEWzVM44Zvz2Uta+EwFtT6+o30THO +l6Jd/gXyg59/9WWJlCMlS6B1a9wqSdjAOpxp6vSut+4YwdauElu79DCf3ZR4sy+ZeGa n0DlPec2t5Mdbd+LYNi2kti1WB6qlHEXtVty7GtjI8zC099B+PELMVEPeGC4Wfao/rrD KVzijfJK8fO4vvo4XjX/mKtKEnD+RaC5uKaA81ONwRDZuigmBvE2XQ7WeygqlUg2UaV4 QvLw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1697760832; x=1698365632; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=MAD0GymonKhVp5idan/hQP/ZSGOOIuiLDIayqa/R+JY=; b=sWYMet4gLTopGuq1BFfngH/AkOy5foHXspxRfw5wtbWo01NpYqnHOHQ1eJ+l6BGdUI 3+wGxI9koDPtFiVII4Jgn0Sh+EnkDplTGWcpzYvoti+MXuBDjrA6GpcovDAWZQf+Ze2L VVJvkb2g6jAxgVYmytjjpiT5fFhO+ycImE2Et4bGGYv2N2D5m+7anD0evFY9kOnThjiL QmIYe/BFYJWHT19SFPIppt6ZJxkIpyTLlVqpg/0LcqrPKQH7XQYCRtn/XslwKFr2HRKH TZvzoZQaPQaDU9Cc8JNFq5VFvIlq7J8scrLMhD179x6PbnDW6dZhjejWeMnPliS0LkCC 4wbQ== X-Gm-Message-State: AOJu0YyOWmofConMrAKCqUnvLHQafC8H6Gh+N5CKwDwd3Vd+2/LXMexn eV9OwUUFquPFUZEGv67f55P7Ofj+rMU= X-Google-Smtp-Source: AGHT+IFyYxrvznGGGQlvwIi5BcnD4kPqU6aMry2TjpSLSB2IZR8/8bU6BC4niY0jsoo5JMNhR/z1HTzXD5I= X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a17:902:ab03:b0:1c3:4d70:6ed9 with SMTP id ik3-20020a170902ab0300b001c34d706ed9mr9607plb.3.1697760831964; Thu, 19 Oct 2023 17:13:51 -0700 (PDT) Date: Fri, 20 Oct 2023 00:13:50 +0000 In-Reply-To: <2034624b-579f-482e-8a7a-0dfc91740d7e@amd.com> Mime-Version: 1.0 References: <20231016132819.1002933-1-michael.roth@amd.com> <20231016132819.1002933-49-michael.roth@amd.com> <924b755a-977a-4476-9525-a7626d728e18@amd.com> <2034624b-579f-482e-8a7a-0dfc91740d7e@amd.com> Message-ID: Subject: Re: [PATCH v10 48/50] KVM: SEV: Provide support for SNP_GUEST_REQUEST NAE event From: Sean Christopherson To: Alexey Kardashevskiy Cc: Dionna Amalie Glaze , Michael Roth , kvm@vger.kernel.org, linux-coco@lists.linux.dev, linux-mm@kvack.org, linux-crypto@vger.kernel.org, x86@kernel.org, linux-kernel@vger.kernel.org, tglx@linutronix.de, mingo@redhat.com, jroedel@suse.de, thomas.lendacky@amd.com, hpa@zytor.com, ardb@kernel.org, pbonzini@redhat.com, vkuznets@redhat.com, jmattson@google.com, luto@kernel.org, dave.hansen@linux.intel.com, slp@redhat.com, pgonda@google.com, peterz@infradead.org, srinivas.pandruvada@linux.intel.com, rientjes@google.com, dovmurik@linux.ibm.com, tobin@ibm.com, bp@alien8.de, vbabka@suse.cz, kirill@shutemov.name, ak@linux.intel.com, tony.luck@intel.com, marcorr@google.com, sathyanarayanan.kuppuswamy@linux.intel.com, alpergun@google.com, jarkko@kernel.org, ashish.kalra@amd.com, nikunj.dadhania@amd.com, pankaj.gupta@amd.com, liam.merwick@oracle.com, zhi.a.wang@intel.com, Brijesh Singh Content-Type: text/plain; charset="us-ascii" X-Rspam-User: X-Stat-Signature: gzyso4awxneaz45rkb3yw8nefddbgoay X-Rspamd-Server: rspam07 X-Rspamd-Queue-Id: 411372000C X-HE-Tag: 1697760833-193365 X-HE-Meta: U2FsdGVkX18FP15lzgsMBBwSoHA+Cp23akSWxFkT0GK+RnuHknqMQhiBV3DxiFiN3yBnhQ+l1b1b2TdoTVKi805klPVSiwioV3O7AgRkuP0OS574hGKXsoHtJ9YIgUCqXKLYLOlzwbL3D5LkJ0zxYKmrwTk6JWshEgyVSb5zmffmDAbUT/T1Sft080bGHvcBe0pXpNOTxXL23GBDdWLOlZQuquwMLHW6B3kKtcpYCFRo9LX9tGvhQPCNi7rsnmokCfTply8iZFzLGMHOalVO9zNSIhs/MMDl+kvMTjWWl+WvFfJg3T6HBYrMxg9UAAfIt4JLWsxVYwcEWUqOPN6UTc0FSEZRzmveAVdz0qTb7azyIWX4oy07QC/3RGMWAjZz2TUY4fsgLmqo/uU62bkNdu0ThR47fiHE6vJe+cavp5Y9ooyptKX4kLQEcqXr58QCN/Ozj+R1Zf/hUTb9P/TUIMT6ha00q2c9FjG7WyQTo4ALU5bIEU/yv/egVOsR/82FoqyrtArPblZwA1kArlxhMln24ufTBvIRpLW4X72PULA7X97Tv8wLKm9e+cDFKr1VV7ZsakD2ssC2ViMPIdYhmnk2LlXeZfobLK1hWevhWusDoFY9rWbteDManD5ld0HrGmdrQpDvlBdky9r/b/5+lkGimTnexVvR5stDw+t95usyN8aTuWDjcNbWxYO0Zee1qGIDPPacIPaEZPlCp+9CelKekn3WJsi2PM5Wz8Xd/fZKammpmA3IC3aiHjbcVhcparczsTwoS62z5OR4WApMkodHvPYx4yVvtw/GHtD1VOPeiX+iSqY34dJX7iRhc1tj4mD27QWH96h35V8hIqbw2O5WmTLqtL0d/iFRUUzYfcMG+kOzRaukaf+ujBQh5HehhuGHZnLJoHjryOQS34cFXVnX6EO6hPRZiR2nibHkkv5HrHNtMgq45E5N7/ZuK6LROiitXmXJFTGUGJetAzs cPy1tlRS KCn6dhPJ2E5ICc+7Uk0vL6c7F1fS2vH3iLZLp1bw4UNrPGCBIww+PyWYv2gS5vvmS3TKGfsttSFSF+VscA/TQnSusHwdf3IbMjK5Yx4qn/LTgtsV5WarO8Z5RHgot/+O5NNuxCHygKlHIdpXk60ZAGUNiNXbVE1auTTyb0doNwFc4+zMlGwNedTTvlwvGPCl/Xueo1V9gOZJyAtcBXk+7D2H+7NCauU2d3l8iKwjEC+E76wmpHgetz8/gd8URq4BgW/w25aIAhO/fNNeabprk0Ywhtpp3YlgySIrOc4HlioCWfu8YMeThxEDrTzSLF4CiJt/ZcSzwmf43sHGLQCR4ty1sy91nTP2r4uOOBxcE5mMf64HK/QEcaG6nqDqMPwVVbrh6/a1mrUjOz85ZhnchzEGk5EJ+hs1Iz7aVXOFer1zXXxgz8LgGD6OUDwbEbaAUYsbGRq35aC/EEB2DIbugFvtJKH9enlFA8F9mj4r+4V/VfvbPgo8RmeJN3YPro1+Lzcww/fTse5VH7mIjkvCwKjzC0cJY8mkp/Oh8Z+4nNS596vhOqBemmwGDBh26OHh+5cwz7GK5f+asM6ZjJ1SSb/X//248vqa7Uf5200k1WN0ZXHdMRiydou/FIw== X-Bogosity: Ham, tests=bogofilter, spamicity=0.111928, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Fri, Oct 20, 2023, Alexey Kardashevskiy wrote: > > On 20/10/23 01:57, Sean Christopherson wrote: > > On Thu, Oct 19, 2023, Alexey Kardashevskiy wrote: > > > > vcpu->arch.complete_userspace_io = snp_complete_ext_guest_request; > > > > return 0; > > > > } > > > > > > This should work the KVM stored certs nicely but not for the global certs. > > > Although I am not all convinced that global certs is all that valuable but I > > > do not know the history of that, happened before I joined so I let others to > > > comment on that. Thanks, > > > > Aren't the global certs provided by userspace too though? If all certs are > > ultimately controlled by userspace, I don't see any reason to make the kernel a > > middle-man. > > The max blob size is 32KB or so and for 200 VMs it is: Not according to include/linux/psp-sev.h: #define SEV_FW_BLOB_MAX_SIZE 0x4000 /* 16KB */ Ugh, and I see in another patch: Also increase the SEV_FW_BLOB_MAX_SIZE another 4K page to allow space for an extra certificate. -#define SEV_FW_BLOB_MAX_SIZE 0x4000 /* 16KB */ +#define SEV_FW_BLOB_MAX_SIZE 0x5000 /* 20KB */ That's gross and just asking for ABI problems, because then there's this: +:: + + struct kvm_sev_snp_set_certs { + __u64 certs_uaddr; + __u64 certs_len + }; + +The certs_len field may not exceed SEV_FW_BLOB_MAX_SIZE. > - 6.5MB, all in the userspace so swappable vs > - 32KB but in the kernel so not swappable. > Sure, a box capable of running 200 VMs must have plenty of RAM but still :) That's making quite a few assumptions. 1) That the global cert will be 32KiB (which clearly isn't the case today). 2) That every VM will want the global cert. 3) That userspace can't figure out a way to share the global cert. Even in that absolutely worst case scenario, I am not remotely convinced that it justifies taking on the necessary complexity to manage certs in-kernel. > Plus, GHCB now has to go via the userspace before talking to the PSP which > was not the case so far (though I cannot think of immediate implication > right now). Any argument along the lines of "because that's how we've always done it" is going to fall on deaf ears. If there's a real performance bottleneck with kicking out to userspace, then I'll happily work to figure out a solution. If.