From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 75AF4C4332F for ; Fri, 10 Nov 2023 22:47:59 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id B9B84440152; Fri, 10 Nov 2023 17:47:58 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id B4BED8D0005; Fri, 10 Nov 2023 17:47:58 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 9ECFD440152; Fri, 10 Nov 2023 17:47:58 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id 8ED458D0005 for ; Fri, 10 Nov 2023 17:47:58 -0500 (EST) Received: from smtpin20.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay07.hostedemail.com (Postfix) with ESMTP id 60D1C160D07 for ; Fri, 10 Nov 2023 22:47:58 +0000 (UTC) X-FDA: 81443533836.20.7413497 Received: from mail-yw1-f201.google.com (mail-yw1-f201.google.com [209.85.128.201]) by imf26.hostedemail.com (Postfix) with ESMTP id B07D2140024 for ; Fri, 10 Nov 2023 22:47:56 +0000 (UTC) Authentication-Results: imf26.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=d30ZFP6+; dmarc=pass (policy=reject) header.from=google.com; spf=pass (imf26.hostedemail.com: domain of 3G7NOZQYKCOwgSObXQUccUZS.QcaZWbil-aaYjOQY.cfU@flex--seanjc.bounces.google.com designates 209.85.128.201 as permitted sender) smtp.mailfrom=3G7NOZQYKCOwgSObXQUccUZS.QcaZWbil-aaYjOQY.cfU@flex--seanjc.bounces.google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1699656476; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=HDGYhhOiBni+WGtNPfLYpO88NsOvPheEqc/xC92J1aQ=; b=tIAhEs9ibawVSZVU7x10tRTPMt1hfxZ1lt9GrvxP9K9IpJe1qFyiblxCnEtDStEm1GSphC 8R0HRpVpzyStt6NcpNyb5xLFbhc5UpTV6DgkUMRAC7UNw1CmIw11mqGleJs/PWNztW0D70 WXzeBQGs2CBKorB6XFKih9zIqPD3k2A= ARC-Authentication-Results: i=1; imf26.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=d30ZFP6+; dmarc=pass (policy=reject) header.from=google.com; spf=pass (imf26.hostedemail.com: domain of 3G7NOZQYKCOwgSObXQUccUZS.QcaZWbil-aaYjOQY.cfU@flex--seanjc.bounces.google.com designates 209.85.128.201 as permitted sender) smtp.mailfrom=3G7NOZQYKCOwgSObXQUccUZS.QcaZWbil-aaYjOQY.cfU@flex--seanjc.bounces.google.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1699656476; a=rsa-sha256; cv=none; b=OBLDVfQ3It1NUZSbbK3ZJHZXcEoZE7A2KrVZH8EhhjR3LTd9zkEHH1G9/vqSRNliQcLCUz t3JDUaEag2iqLy3F+pXCfLqbV2G29liC4+k/wuXm2CgZ1ImzBglb+pxvn4yGCQV4vCxUeD 9YC5tQoQVAgP16PbGv7Gi5HZICOVC/Q= Received: by mail-yw1-f201.google.com with SMTP id 00721157ae682-5afe220cadeso36299747b3.3 for ; Fri, 10 Nov 2023 14:47:56 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1699656476; x=1700261276; darn=kvack.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=HDGYhhOiBni+WGtNPfLYpO88NsOvPheEqc/xC92J1aQ=; b=d30ZFP6++5Op2xOTyyBVs34D9Iv3Tn8DlWFTYnUxVbxLE6DEVV+WwjH3YiiB82kqB7 MiiDTdxhb0s4+orEYvlvpiInOfFi/AQ1neI69eOUW7z2wM/exMTZW1r9lrHpyUFAcOhW 0tOQyL7aL6Bqh2k9D4RPxDa1dgO5dj9A5+QdzChuKjfR2exkwmYr1u4KVYmDntPK8DbU WsRxPACqyKDhy8uA+FFulABVuDcoQ7pQPLDLdYra5izARJoG/UlyVewEUvXpmJxEOkf9 6XUL3mNzJgvl7bxYTD1rQGvXD3Qpdghjs1dWt9lYKBHKUU96obqZbyygxv9fNMHg5o9L MUIw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1699656476; x=1700261276; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=HDGYhhOiBni+WGtNPfLYpO88NsOvPheEqc/xC92J1aQ=; b=B4gnXtHgFxls3lh+HKkzoO5bMmM8+1xOdXsBMuFEjN+KzpIy8feLxr8p/j1Y0cWfyL PpowyC9rHpyCC2XPs8VlxNZ0y8YhpCxtBb6JmKfCPVv9H6zO5a0j7bm7Qh+U2CeF0gJV tZ6pE2EYrUrOSgVR9Mv3uJOZZtL3QoDvM14VIgThZjX/LBQitZKLUoCZ2hkgbaj5GFHk qY/f7R1obaR2ApwRl5Jggcvj/i9/NG9VCG731lX42nL24AG7RtxVdo5F73qTWZksp8/t AHr8AFbt9Up4EUoKTAYrrAHG7LujNvLawQZ6tgjOpIR0+DlRN47da9zWPdhA/OFka4RT 4ujg== X-Gm-Message-State: AOJu0YytrHwHcRp31BktnmAxQ7YgxpFMKmgCeLUhJoy7u1l1ffgyiR8W +r4Zr1z1AzemcFtag0Ena2IDubcyFZQ= X-Google-Smtp-Source: AGHT+IGuCejQ9nzI6qVXkD9n/wUtUbU2Z8Vq+rLz0v+Hp4KUZKh+APKUTptATg9yX5HKoQF7ptWDVbyT1fU= X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a81:6d4d:0:b0:576:af04:3495 with SMTP id i74-20020a816d4d000000b00576af043495mr17658ywc.9.1699656475780; Fri, 10 Nov 2023 14:47:55 -0800 (PST) Date: Fri, 10 Nov 2023 14:47:54 -0800 In-Reply-To: <20231110220756.7hhiy36jc6jiu7nm@amd.com> Mime-Version: 1.0 References: <20231016132819.1002933-1-michael.roth@amd.com> <20231016132819.1002933-49-michael.roth@amd.com> <20231110220756.7hhiy36jc6jiu7nm@amd.com> Message-ID: Subject: Re: [PATCH v10 48/50] KVM: SEV: Provide support for SNP_GUEST_REQUEST NAE event From: Sean Christopherson To: Michael Roth Cc: Alexey Kardashevskiy , Dionna Amalie Glaze , kvm@vger.kernel.org, linux-coco@lists.linux.dev, linux-mm@kvack.org, linux-crypto@vger.kernel.org, x86@kernel.org, linux-kernel@vger.kernel.org, tglx@linutronix.de, mingo@redhat.com, jroedel@suse.de, thomas.lendacky@amd.com, hpa@zytor.com, ardb@kernel.org, pbonzini@redhat.com, vkuznets@redhat.com, jmattson@google.com, luto@kernel.org, dave.hansen@linux.intel.com, slp@redhat.com, pgonda@google.com, peterz@infradead.org, srinivas.pandruvada@linux.intel.com, rientjes@google.com, dovmurik@linux.ibm.com, tobin@ibm.com, bp@alien8.de, vbabka@suse.cz, kirill@shutemov.name, ak@linux.intel.com, tony.luck@intel.com, sathyanarayanan.kuppuswamy@linux.intel.com, alpergun@google.com, jarkko@kernel.org, ashish.kalra@amd.com, nikunj.dadhania@amd.com, pankaj.gupta@amd.com, liam.merwick@oracle.com, zhi.a.wang@intel.com, Brijesh Singh Content-Type: text/plain; charset="us-ascii" X-Rspam-User: X-Rspamd-Server: rspam12 X-Rspamd-Queue-Id: B07D2140024 X-Stat-Signature: abhej13xfj9gu1xuo64u1hf6xuxojb73 X-HE-Tag: 1699656476-442993 X-HE-Meta: U2FsdGVkX19wHAgwqfWTANCSEfLFSbOPYffMyczFrsVqegEKCXPa/sycA3BARS32v58r2SXrmsCn5E9s4v0dc8IO1mZ1Fxl7medVkJG4tD0v863ube0MIAIdsWkaxCWAS3a/mifJMn1K+c+EWsNjxLIkjBITO74hIeIlpEIz3rrnFMeeXrvgc2tuzCedW5lxB+Kvl33Pb6Zs1YYiYvsXeOoXPPo7ifK+38sIcOvzyTtVCd4C2Rd2Rvvk2tB/k0WJMHrJIog7pn5KL5Pz1veUMthaExRxJ7+KBh47+RqmBs+8kVMvUrrdenexfsg8ebQ3c9gSBJQw0C972ra6M9plV/IOcKWgdnGVQ1NwhgIy6E0V0P/93YUb51NyDkqpOQD4Pa2PV7HKJI96ehbFgzM+G3Gz1TqdN5GAX9pPhMX6TCOut8oQuwqTlG0F1nqfPdzNNRHxXG+FSRxBXRAfAaB+twt5eoyb3cEcG4UCXtKNmQOrhf6b5Pymug+lt8WCpNxN2Dc+DC+i2ItqTtqzYqnxSLUbfZIkRJrmeAJo6mwGLv131RRHwqv3Eou1GwyLGMrV0de4EITTy5dOGpk+JUA50gFCW/2euHNm0IC4sCBvXGeKPzex9pCKZ7wX16I8zfjgLv++8SZm/DtQVFreGhSsjec/iFIXb5goL2KW9wwPU6pK5dJbGNmWvz1VH679uPY4dO0/s4K1lIP8LfWFRazmimVIFeSXedARyOKhMNnKs0XNBs9ThpoMo0fEOM9Vx/qJZCmikGl1sFsD8Tti4DCrg2K1032ZQ+mhPaN+n+9EAgMzCxKFJ9uLyT7OUWMD7/e3oqTxsPRKLqvmg7Hi4wwGPimUoxb5n+OYsccNIzm89butJplekRQQDeRql+VSNMjy+Av5K7kzacVN8aLAU0XC4+HdmeVNYyvM/H8aUUoKZlAG4EhPPMkQNjDt03yMVj107FuomT3EpH5upIj2lY5 2hqnb+nF QSlkwnx3aaUYYMzQjHCy1revpH5VAwEgkjxJeQrg/9rKRrNWeNKnmf5TnXvEf59zYZ0MFbLA4yEQqsBGQObQt/DNdR+GTIvfrTDhykz/JWktyJVhsJWql1xJ/pCdSOjHbecncsEmVIVZ21qkkH6WkFJWZfOOW8KPx7J+fHHalm4snqRGP4wouXB3AVG3QyXyOt34diYzatwEw1jC+ok9bpHSYF/XLrrjaRwDVcMMozAgWsq+VxbeLxVea9K14R1/v91U9kq36xTdrchzhk1CklDfUlmlCHdYVaLp65n+X9TsrpLV0FJ59+OQpxVEJgJzds0ZBFKu8V/nHppAZ/PdC01FHwuyuvP+3IZQI/cA5yYPDNO4/kJvX+q17YL4+ws3D2E09MDH+mhfeB7xCsVPA0bqn6xyEky/qJQBouN/LawbkI8812m1bEJYHi5yBugasEV1l+lSHttGAnvGaG1nx70aD24SrEP9Xalhw5DOuuFM+XvmMUb1OkvBSrf4/Lpds6AjtBbx+zwmvtiq3slIOv33oEC+sg2Mp8skgxZBY4LlVQYxbo9uZgErlJQm1xYaXOrTwHFC/0Sj9Isy8ikWna36tYDOgH/tM1LNvtWokzkpz38HQ2vV3k9WBii/1jU7EdpD+ X-Bogosity: Ham, tests=bogofilter, spamicity=0.001267, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Fri, Nov 10, 2023, Michael Roth wrote: > On Wed, Oct 18, 2023 at 06:48:59AM -0700, Sean Christopherson wrote: > > On Wed, Oct 18, 2023, Alexey Kardashevskiy wrote: > > Anyways, back to punting to userspace. Here's a rough sketch. The only new uAPI > > is the definition of KVM_HC_SNP_GET_CERTS and its arguments. > > This sketch seems like a good, flexible way to handle per-VM certs, but > it does complicate things from a userspace perspective. As a basic > requirement, all userspaces will need to provide a way to specify the > initial blob (either a very verbose base64-encoded userspace cmdline param, > or a filepatch that needs additional management to store and handle > permissions/etc.), and also a means to update it (e.g. a HMP/QMP command > for QEMU, some libvirt wrappers, etc.). > > That's all well and good if you want to make use of per-VM certs, but we > don't necessarily expect that most deployments will necessarily want to deal > with per-VM certs, and would be happy with a system-wide one where they could > simply issue the /dev/sev ioctl to inject one automatically for all guests. > > So we're sort of complicating the more common case to support a more niche > one (as far as userspace is concerned anyway; as far as kernel goes, your > approach is certainly simplest :)). > > Instead, maybe a compromise is warranted so the requirements on userspace > side are less complicated for a more basic deployment: > > 1) If /dev/sev is used to set a global certificate, then that will be > used unconditionally by KVM, protected by simple dumb mutex during > usage/update. > 2) If /dev/sev is not used to set the global certificate is the value > is NULL, we assume userspace wants full responsibility for managing > certificates and exit to userspace to request the certs in the manner > you suggested. > > Sean, Dionna, would this cover your concerns and address the certificate > update use-case? Honestly, no. I see zero reason for the kernel to be involved. IIUC, there's no privileged operations that require kernel intervention, which means that shoving a global cert into /dev/sev is using the CCP driver as middleman. Just use a userspace daemon. I have a very hard time believing that passing around large-ish blobs of data in userspace isn't already a solved problem.