From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9E7A8C4345F for ; Thu, 25 Apr 2024 00:15:45 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 0D2E56B0096; Wed, 24 Apr 2024 20:15:45 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 0829A6B0098; Wed, 24 Apr 2024 20:15:45 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id E8BB56B0099; Wed, 24 Apr 2024 20:15:44 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id CCEEC6B0096 for ; Wed, 24 Apr 2024 20:15:44 -0400 (EDT) Received: from smtpin05.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay04.hostedemail.com (Postfix) with ESMTP id 729831A10CC for ; Thu, 25 Apr 2024 00:15:44 +0000 (UTC) X-FDA: 82046135808.05.AADC95A Received: from mail-pg1-f201.google.com (mail-pg1-f201.google.com [209.85.215.201]) by imf24.hostedemail.com (Postfix) with ESMTP id D061818001B for ; Thu, 25 Apr 2024 00:15:42 +0000 (UTC) Authentication-Results: imf24.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b="zxC56NH/"; spf=pass (imf24.hostedemail.com: domain of 3raApZgYKCMwAws51uy66y3w.u64305CF-442Dsu2.69y@flex--seanjc.bounces.google.com designates 209.85.215.201 as permitted sender) smtp.mailfrom=3raApZgYKCMwAws51uy66y3w.u64305CF-442Dsu2.69y@flex--seanjc.bounces.google.com; dmarc=pass (policy=reject) header.from=google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1714004142; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=phUjQDDq8M6U9JQBTiJHu0B69Sr2zO6j83b67DrRLu8=; b=JQEHHNpE7zx2QOFbFfsCyLsPqkXoOoSN7KyWw/PwbaW0+Jo75rqEkmM12l5/t8lQAx8+Lw OUQbi1v5/C+5U6KclFkXWFL6i0UAX3HbR3ulKy/DA89BuPZQF1EnbD5/WziOKyl7WsFUrM FcvalHa0KDDL+7cKNQBwMEjerCpomhg= ARC-Authentication-Results: i=1; imf24.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b="zxC56NH/"; spf=pass (imf24.hostedemail.com: domain of 3raApZgYKCMwAws51uy66y3w.u64305CF-442Dsu2.69y@flex--seanjc.bounces.google.com designates 209.85.215.201 as permitted sender) smtp.mailfrom=3raApZgYKCMwAws51uy66y3w.u64305CF-442Dsu2.69y@flex--seanjc.bounces.google.com; dmarc=pass (policy=reject) header.from=google.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1714004142; a=rsa-sha256; cv=none; b=GUwEoStHadMBkVgtcrFj+1hdDQTU2jMgxbasIfqz/fP8aEfyw0qSGqEb7OFWD5rw2YUxja PBzs6E/Ssz286s3o0nkyKT/5q6GuN6Y2k/LOq7F2i6xikoJvzPIarSWZbxSLhQxeAH+A/F 91E0BXL0fz5iGcALHYO3lZHc4joELTM= Received: by mail-pg1-f201.google.com with SMTP id 41be03b00d2f7-5cec090b2bdso390224a12.0 for ; Wed, 24 Apr 2024 17:15:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1714004142; x=1714608942; darn=kvack.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=phUjQDDq8M6U9JQBTiJHu0B69Sr2zO6j83b67DrRLu8=; b=zxC56NH/1GNGnHx82mwSSlFHodfougVUYww6wiaqOTvqn5jC2FzelXn8X+WXBl3yhy 2glrcg4osGdulsJWMHaGxhO7aHUaYtjQEGBfaWrOB/MCaZcSxp0hZulUoh2k82yXJODd nchMzN5G/jvYPIb2eFXzhNebhsCNDn4e8LmzJ2iS92IsA1qz0paxBsM7P/zWyEqdhZSq e/6RRDcIvuCMG75f7qGQ5kJzHwYUIBsmhbN+B8qkB11RtMfETGJ6aFpd7a5WMoUHazIX sIWosX6qx5SVSCiSVq2qejq/y3QPiswap6wRQEyahcMAGHe19R5YnUCwRDo66v47D3Kv Kk1w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1714004142; x=1714608942; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=phUjQDDq8M6U9JQBTiJHu0B69Sr2zO6j83b67DrRLu8=; b=h/EPm0MS8lUzT8JTfPVxZ35PNxit36I/Bup4AHE2N/JO0WI5QQcORuJHSxBAnSZAb2 hfZ8/yhoC2C2zk1fVyZFrvgVoCeY6NJbE/kh+C8NoAYAla0+n8tX/FKoFhrV4NKez2p5 lzhhnUXMwr9VdqYlVJKw6s0xAaPcUGziPyqV32zEsBfWNTYBpOdh5qQBXE61bq6reb76 1FW2p37IJcrf1oirp+AmJRkXiv1+U9a9LdfK/Q0Rx0vg4Hn3+A2b/ng37nn5eGi5jRjD yxT1osBsJMjm/eF74YLbNjL+m8YBCsICujxtbyE86HM3/iqyYICukxy2Qkms76kAKtMY to5A== X-Forwarded-Encrypted: i=1; AJvYcCXC218L0xuR7jXVmf8mRZY+Vh2jyiierCzbfx/MMIMRD+ozctbhbmz4X23vsCOgC/UTj39+hmzbFLOzXEil+NAW8+M= X-Gm-Message-State: AOJu0YywDlKzbT1YEx2kSKdSduLsVJ3v+Kws53trKF8bXLXK3jQAGagd ICoTOVPi+ACQ6afo8P/mCaU/hwtPHVOGyIrq6MRoqTk97jgbxREnT3kC6r57gR/OsuGC6jJaP27 1YA== X-Google-Smtp-Source: AGHT+IFpMCiw3G/yjKQSya55GEaNi7BT0tDLkwsfoAUywNRODVW0WdG85voz0VSIDV0w8EcxGv/B7fSOJOw= X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a65:674d:0:b0:5cd:9ea4:c99 with SMTP id c13-20020a65674d000000b005cd9ea40c99mr16727pgu.6.1714004141606; Wed, 24 Apr 2024 17:15:41 -0700 (PDT) Date: Wed, 24 Apr 2024 17:15:40 -0700 In-Reply-To: <20240421180122.1650812-22-michael.roth@amd.com> Mime-Version: 1.0 References: <20240421180122.1650812-1-michael.roth@amd.com> <20240421180122.1650812-22-michael.roth@amd.com> Message-ID: Subject: Re: [PATCH v14 21/22] crypto: ccp: Add the SNP_{PAUSE,RESUME}_ATTESTATION commands From: Sean Christopherson To: Michael Roth Cc: kvm@vger.kernel.org, linux-coco@lists.linux.dev, linux-mm@kvack.org, linux-crypto@vger.kernel.org, x86@kernel.org, linux-kernel@vger.kernel.org, tglx@linutronix.de, mingo@redhat.com, jroedel@suse.de, thomas.lendacky@amd.com, hpa@zytor.com, ardb@kernel.org, pbonzini@redhat.com, vkuznets@redhat.com, jmattson@google.com, luto@kernel.org, dave.hansen@linux.intel.com, slp@redhat.com, pgonda@google.com, peterz@infradead.org, srinivas.pandruvada@linux.intel.com, rientjes@google.com, dovmurik@linux.ibm.com, tobin@ibm.com, bp@alien8.de, vbabka@suse.cz, kirill@shutemov.name, ak@linux.intel.com, tony.luck@intel.com, sathyanarayanan.kuppuswamy@linux.intel.com, alpergun@google.com, jarkko@kernel.org, ashish.kalra@amd.com, nikunj.dadhania@amd.com, pankaj.gupta@amd.com, liam.merwick@oracle.com Content-Type: text/plain; charset="us-ascii" X-Rspamd-Queue-Id: D061818001B X-Stat-Signature: ewonzid6t39xbe33jdtk4soeefes81je X-Rspam-User: X-Rspamd-Server: rspam07 X-HE-Tag: 1714004142-650785 X-HE-Meta: U2FsdGVkX1/DiFZEGwZWa8VcFbfXpl0eS3a65KMqsbE4edbFkgQkyb2KnV1F3c5g7H1IRPthtpQrZrE8hLWOgw0/g261BxsxD94VlXI2Lqpf6RjJqDPgtQ1cv7R3notalF51hZH7DgCsMrEhian20up8b/3sdJEZL5JmR7gbf0mGr/CTBn561BGRa8hYjIR86iYYemXHCdGxKPi8Gv2jXRAL4NQAMv2zfFsK7ZI9za1HpPtczChMsVBQI4iXfGAJLp+mJjPGvMBEpFoWKGhBZHKAWTP4GpU+znTUBwKsiIdER/mGkFhi4AAzK4CkK2JliBVjd+nB0UVytQDNy1U6aDj0+T/XFG//6GGI7Lg3O2VwRYeGVp0E3jLmmcJRHowa1grWv3Hr3iEjSO0Ey+gsgsJtwARmI7YWlo6W+rvnvyzQPRUmOViaU2NyBNPJ15Zdc5P0ykQaSFgDy0u9Cy0lU3ZvB53JQe80G43huGzijQayRL5poU/qyk0A9ECm4HEOVKIDMlHf5Y7CVW2tuFzHgXHhoy0JQIwE4lMrQulrAyHt1TWn6Ib7kIVNOqh3n5n1w8f5zfTmEPZIhwxWZrpwyO8P4Rwv6t+lTQn0U35XgmYKdcaOhMbskqu6CfGtfPtzmjZvImxfDS1S610EhQivCDd4P1vUUNowDAZ7Uf58rTtmsBIx3WUFeM+5rQ823q0napO2oXBUnfr40s5SngxRD5yy+Jx7FMC0wS/T7U0qzb72X9GPgwzyhZ7M5Dut5OHS620/neJBBKs/50+SdsZt/GfZWKzjGz5C98qB7GY8ZcLsPh7NZ02hRqNmMHKyaSSVZqKCjxRQrS/hs3cvh02KDisCCXtWZ78TeAq2FgRxbLyqRvT4lGWMczvuhEdt63CDXteE2PcxiIveR/WvOV7yhkN8SiXnaxYzfF4KTLm69O+c8L0BZrC3R9+IxCi7SYKiBkrM8ydFKf/kDh3lqs7 0pqXsizy q97HBAfDgijytGsWNzBwW35ldfcG4LUOUpys9xV4UCXSqdCBgEvD+N7ZVHjLcACV3qYhg1bTQI7VK8rAN5si/70dhIGhTmhUj8pSZflHLEFkq/FTviJT+oDbZBggCONwhjEUtL/ogYbxzW0w0OHqAjNUvxYtMFjM/4UgnqIzltka2RacJ6EqcqVdcven44/UJ3j1LERL2JLneZgH0Ny7eE19E2nnxcdw/hlOuVzQhWujDDTdrLLBfTXv+4Xel3mZhk/7zUGBj0I69wdYeylEnFidH5AoBJ2WFoTCtO2ghx2OZd0/VzK6ctsezLvxwytemp4ECveI3w0viRP/TwqwKzjKtnuWvE8zG5RyMvu57fo5n34Cx5p845mP5hk9aK33e/6HEuYXNp/9ujVw= X-Bogosity: Ham, tests=bogofilter, spamicity=0.077016, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Sun, Apr 21, 2024, Michael Roth wrote: > These commands can be used to pause servicing of guest attestation > requests. This useful when updating the reported TCB or signing key with > commands such as SNP_SET_CONFIG/SNP_COMMIT/SNP_VLEK_LOAD, since they may > in turn require updates to userspace-supplied certificates, and if an > attestation request happens to be in-flight at the time those updates > are occurring there is potential for a guest to receive a certificate > blob that is out of sync with the effective signing key for the > attestation report. > > These interfaces also provide some versatility with how similar > firmware/certificate update activities can be handled in the future. Wait, IIUC, this is using the kernel to get two userspace components to not stomp over each other. Why is this the kernel's problem to solve?