From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id AFC2DC4345F for ; Sat, 27 Apr 2024 00:10:16 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 247226B0085; Fri, 26 Apr 2024 20:10:16 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 1F7046B0087; Fri, 26 Apr 2024 20:10:16 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 0BF1C6B0088; Fri, 26 Apr 2024 20:10:16 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id E1BBC6B0085 for ; Fri, 26 Apr 2024 20:10:15 -0400 (EDT) Received: from smtpin04.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay05.hostedemail.com (Postfix) with ESMTP id 651EC403F0 for ; Sat, 27 Apr 2024 00:10:15 +0000 (UTC) X-FDA: 82053379590.04.FA541F7 Received: from mail-pl1-f201.google.com (mail-pl1-f201.google.com [209.85.214.201]) by imf14.hostedemail.com (Postfix) with ESMTP id 9C9DB10000D for ; Sat, 27 Apr 2024 00:10:13 +0000 (UTC) Authentication-Results: imf14.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=GYIHAcHe; spf=pass (imf14.hostedemail.com: domain of 3ZEIsZgYKCNEF1xA6z3BB381.zB985AHK-997Ixz7.BE3@flex--seanjc.bounces.google.com designates 209.85.214.201 as permitted sender) smtp.mailfrom=3ZEIsZgYKCNEF1xA6z3BB381.zB985AHK-997Ixz7.BE3@flex--seanjc.bounces.google.com; dmarc=pass (policy=reject) header.from=google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1714176613; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=pX3e6V8dfSE3Gfut3DvSdpkoJdELEXC0BtcZAcuIozM=; b=JtHfNMKN77FSsXhWhglMdV6S51NPalZVBtuTQOvUaDHlI0kH2Uj2UXagyq5V0qkxR316B9 /D35x32SPUxROivECyqA6iwMf9DGHuXfb9cxJs8ZiqjZZz4E5z1yOPX8bqh6Lo9nnI382n 7guNZVcwD4VbYCsYiWYrLT7ztQr/bIU= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1714176613; a=rsa-sha256; cv=none; b=HxPzVpG/o9NV3edt8rzrGCSP/KFFQ4hp5dcLefOiUood5crbUVfnuHPQauANAwTAPdZxLm PYEChFIexWkeVJanrHQA5XRoKYDfxrih28dYMzXttWJfPnJm/syPnlbFzFizrxlSpQDoMa BR0eQ1hNJHyIbwjkZprDIDhtsAE7iC4= ARC-Authentication-Results: i=1; imf14.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=GYIHAcHe; spf=pass (imf14.hostedemail.com: domain of 3ZEIsZgYKCNEF1xA6z3BB381.zB985AHK-997Ixz7.BE3@flex--seanjc.bounces.google.com designates 209.85.214.201 as permitted sender) smtp.mailfrom=3ZEIsZgYKCNEF1xA6z3BB381.zB985AHK-997Ixz7.BE3@flex--seanjc.bounces.google.com; dmarc=pass (policy=reject) header.from=google.com Received: by mail-pl1-f201.google.com with SMTP id d9443c01a7336-1eab15b38b9so19636895ad.0 for ; Fri, 26 Apr 2024 17:10:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1714176612; x=1714781412; darn=kvack.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=pX3e6V8dfSE3Gfut3DvSdpkoJdELEXC0BtcZAcuIozM=; b=GYIHAcHel6000agC75Xg1zB2u25lr+1VM1S3FwLmXLkWbgRT9lbhib53ag2Vuvw93P l8Zc9RUiePPteYMx6GvPoIEiIA7/Bkkf/YyJY7a0mXbUttu0nbN8+8G3UDZCBzpLtFHj rOtmnv6aOcNmr6pvqJXYovwO8O8UiQ1bl1A+saAaXP1zG4kTPrMhIPw1oUBXzkV58DcW wP9dxzUZmL8Z1ig0YzY2tAojBL/OZ3ibB3uho/WGQq39PfsJKrnnvn3bz28cKA92Cuq+ WRny5tXlSHoZjaDtyxxDIsaXgHuCcxop7mbyakupgJ9wMobY2coz2SH5mHHhlbK7CMku jSEQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1714176612; x=1714781412; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=pX3e6V8dfSE3Gfut3DvSdpkoJdELEXC0BtcZAcuIozM=; b=CDlEXdXtsbnDAhqnSpwYpoafI0bVE40idhZV6YGjdrfi473aQylecafRpwmDDmEGqQ hFQAgtmDOhccNdgI/s6WeETo9PFMF0wSa1R0dKFzmoMkThaLeOl4PcUzUYmklt00S49Z +DidCX8TKUKnPgmH/Xsw2XfppS5q8+E7heVtNfq7yiCs4PLO4WXvb2KZ4dcKTUgbBP9O bq8gQZDXhJvPIWqO12PexqhfHK6CfBrGBhk92IID9SxvPzxCtiV4TGHwuTCQug5w7jqb CJfrniMXiJgW7GWsJRk5EQRpENkimZ+qzLnpzR5cdSHWA3N5/6YT6qeBc5Myr3iI92Sz 3GWQ== X-Forwarded-Encrypted: i=1; AJvYcCWhFpTnSYj8/Aq5D1SJG4gSZp1//f12D+I0ptFy7PV1Wm4Xn+l9NAOzOMuXR8lrcyr8xGYHIxr62A6ENjDa3+BBQ24= X-Gm-Message-State: AOJu0YzMPa1/ePUuE7lK5bEa5qihRGb5+TeEx5bLKm9ShVeU5OpfhEq2 77DahukniKr3S4xa69dcUyiuDZtjVhsO9lhXio+pfRFj6QQgKs6olny+s+MfpuR20wAHaGqs6Yi RIA== X-Google-Smtp-Source: AGHT+IGeE+8TCHmYAm9ZGbpmSgEKJqEs1Jp1O3g0e+nnHHLhKIoKgjH9RHf12yfFHhvL2WEZcXN4ybRfODI= X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a17:902:d4c1:b0:1e5:5c69:fcd7 with SMTP id o1-20020a170902d4c100b001e55c69fcd7mr67795plg.5.1714176612367; Fri, 26 Apr 2024 17:10:12 -0700 (PDT) Date: Fri, 26 Apr 2024 17:10:10 -0700 In-Reply-To: <20240426214633.myecxgh6ci3qshmi@amd.com> Mime-Version: 1.0 References: <20240421180122.1650812-1-michael.roth@amd.com> <20240421180122.1650812-22-michael.roth@amd.com> <20240426173515.6pio42iqvjj2aeac@amd.com> <20240426214633.myecxgh6ci3qshmi@amd.com> Message-ID: Subject: Re: [PATCH v14 21/22] crypto: ccp: Add the SNP_{PAUSE,RESUME}_ATTESTATION commands From: Sean Christopherson To: Michael Roth Cc: kvm@vger.kernel.org, linux-coco@lists.linux.dev, linux-mm@kvack.org, linux-crypto@vger.kernel.org, x86@kernel.org, linux-kernel@vger.kernel.org, tglx@linutronix.de, mingo@redhat.com, jroedel@suse.de, thomas.lendacky@amd.com, hpa@zytor.com, ardb@kernel.org, pbonzini@redhat.com, vkuznets@redhat.com, jmattson@google.com, luto@kernel.org, dave.hansen@linux.intel.com, slp@redhat.com, pgonda@google.com, peterz@infradead.org, srinivas.pandruvada@linux.intel.com, rientjes@google.com, dovmurik@linux.ibm.com, tobin@ibm.com, bp@alien8.de, vbabka@suse.cz, kirill@shutemov.name, ak@linux.intel.com, tony.luck@intel.com, sathyanarayanan.kuppuswamy@linux.intel.com, alpergun@google.com, jarkko@kernel.org, ashish.kalra@amd.com, nikunj.dadhania@amd.com, pankaj.gupta@amd.com, liam.merwick@oracle.com, Larry.Dewey@amd.com Content-Type: text/plain; charset="us-ascii" X-Rspam-User: X-Stat-Signature: wxmi4yjueu7bd4ph57bnft19yqmt1fmj X-Rspamd-Server: rspam11 X-Rspamd-Queue-Id: 9C9DB10000D X-HE-Tag: 1714176613-584696 X-HE-Meta: U2FsdGVkX1/mZKorN0R2rQqNBOgsiirHsFXmQq3bVchyObwkUtKWjx/YKx3cfQlsZo7D44VgnBbqef0bIRiP31ILblbpfMyxxiwvI53G9QUL4Wj3Gvgumj8UMUDlNqRoe9QqRlA9M9cSjBgnHQDKHV3TwrhCAbuNZv5pKJez7q75bE/eAKKI9n4Jr71gXNH11nReKQqF//YQtDi2A007q8WDZvBhISok2J96FOeAUsBOUAOB6kK4KhPgEhFef1HTT/JHynFWmv8nDCHEj9n26bJAlqNgRdQLxN1PBGQ4ixzdrGrFgl7L0Cx43Hp2VgYR1k+DUhF8iVaBsQmyj8FopNhWWrnwR9bT2m9WRpUJBC0Uy057R6KYqIh7mq3vyFsGkmduw0CZaBR7r/8NSRAi9syNjZAqEWf6lRYoSM3IzIBrXn2TiJcLpXR1ZduNxyBvedoBea10bIxuf39jtv5ODnQzgBMq3whY9EyEDb5N8s7SZNqQbyq2SzLFML+Atc5VHI1nHmHk+8Gps5n0AMRQgiA7E0CEVEHzng5UXVZ1Tmn79UgjRmdoPBA6gaFoyrYf7uvga4UW7GwYB9s2/BFI8tsg96FyHC1ugz7Ncopq33r6UGLrZw3ASgsK4GzT5SiKGRVPwV3aJlZpwx8DODOr7FrDdwCc24E1LuFfh7FRdMGKS+bJH2JyjyymIrT/oKrZNciR1/ZawUQoGtbYv60mRObvZ9Ey0ts8sJLlBK+diY9VcV8G8K+gCgguY4jpaIEYDyCB6dCHyy9H4uDuy3Ge/vNAljKv4Np3I7Lkru8VohS2W8bfk7+U6rrjuGFPLD0TLvw8G1UyqNZzTplHt0JOkOm+OTGY+o2rKqisl7GepZWT2fMSRn4QQ61AgpXv50TTBecXURTcgR112uIb2xfBq401UI3CfmEysWLO0SxFixY76xt5Tq33idEg6DK0kfQbj3k/j1OudGgB+1YXb3E 7B7xJNB1 Rr6g5kL8AclwQ2V0fAwahbqyZE1O9BJfcrgZodK05GKwLs7Rwcw9/OAF8W4WvIMnoLNl+mICShOToJLAps+EbjNh25y6a4e3exJqJMJRC6A4HRQ9SpQNmo7c6Qg89S2Q9NEFE8QBHyOwxDFLDA6iNh5QY3PxL/2l3B41uN3SWuNOG4OmmZxbmiQCdzrIYaPafJEd/ELGCrhqz9sl5WBH2/FA4DyKciolfew1epQ+o0siOubMMecI2DgjtEF8V38guj0amNl3HwqWE3fJqNOC3/FwNcQsYDs9CMrk+3nPhB6dUfanEfCLSXtJ/my2PezygarPZAudoqdG0OB6l394YCsVz2oN88q9BfNeAcSdmmvS5gALuktqXBYztpvEqxNEOdsGesdc0y/Ngj8hVyK3mYtKn6BZxHbU95cgTsRpAk3Kj4qPgFkQWWbyDyRh6mhpxaeulFR1SqgJ3oKcF1FunxXKAoz1/hie2yjThuL/+Fvsa+v9Goc/ylvPQxQNWvecY/vAiPoyzKYVLw+ohmDc1vBEeCYIiIc3nVTze525HJp7DRoxVXCVlEQhwacN4OjfG9mH8KtLfZzXfSmpUKc2KF6DQOoPULNkvp/JcQD6G/LpN7YkktlPrAyAW0oQf6Do1iDIe X-Bogosity: Ham, tests=bogofilter, spamicity=0.000011, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Fri, Apr 26, 2024, Michael Roth wrote: > On Fri, Apr 26, 2024 at 12:57:08PM -0700, Sean Christopherson wrote: > > On Fri, Apr 26, 2024, Michael Roth wrote: > > What is "management"? I assume its some userspace daemon? > > It could be a daemon depending on cloud provider, but the main example > we have in mind is something more basic like virtee[1] being used to > interactively perform an update at the command-line. E.g. you point it > at the new VLEK, the new cert, and it will handle updating the certs at > some known location and issuing the SNP_LOAD_VLEK command. With this ^^^^^^^^^^^^^^^^^^^ > interface, it can take the additional step of PAUSE'ing attestations > before performing either update to keep the 2 actions in sync with the > guest view. ... > > without having to bounce through the kernel. It doesn't even require a push > > model, e.g. wrap/redirect the certs with a file that has a "pause" flag and a > > sequence counter. > > We could do something like flag the certificate file itself, it does > sounds less painful than the above. But what defines that spec? Whoever defines "some known location". And it doesn't need to be a file wrapper, e.g. put the cert in a directory along with a lock. Actually, IIUC, there doesn't even need to be a separate lock file. I know very little about userspace programming, but common sense and a quick search tells me that file locks are a solved problem. E.g. it took me ~5 minutes of Googling to come up with this, which AFAICT does exactly what you want. touch ~/vlek.cert ( flock -e 200 echo "Locked the cert, sleeping for 10 seconds" sleep 10 echo "Igor, it's alive!!!!!!" ) 200< vlek.cert touch ~/vlek.cert ( flock -s 201 echo "Got me a shared lock, no updates for you!" ) 201< vlek.cert