From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id AE97DC636D6 for ; Wed, 22 Feb 2023 16:50:24 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 1D7906B0078; Wed, 22 Feb 2023 11:50:24 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 187D56B007B; Wed, 22 Feb 2023 11:50:24 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id F1D4E6B007D; Wed, 22 Feb 2023 11:50:23 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id E03A26B0078 for ; Wed, 22 Feb 2023 11:50:23 -0500 (EST) Received: from smtpin09.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id AB0991404B6 for ; Wed, 22 Feb 2023 16:50:23 +0000 (UTC) X-FDA: 80495515926.09.8A8F834 Received: from NAM10-MW2-obe.outbound.protection.outlook.com (mail-mw2nam10on2060.outbound.protection.outlook.com [40.107.94.60]) by imf06.hostedemail.com (Postfix) with ESMTP id AF4E6180005 for ; Wed, 22 Feb 2023 16:50:19 +0000 (UTC) Authentication-Results: imf06.hostedemail.com; dkim=pass header.d=amd.com header.s=selector1 header.b=uxhPQOzk; spf=pass (imf06.hostedemail.com: domain of Thomas.Lendacky@amd.com designates 40.107.94.60 as permitted sender) smtp.mailfrom=Thomas.Lendacky@amd.com; arc=pass ("microsoft.com:s=arcselector9901:i=1"); dmarc=pass (policy=quarantine) header.from=amd.com ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1677084619; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=p3qLZ8+dTnHYIPOZElMlLeFVgTw6EBaJR3PBakS+yS8=; b=qi2jNATwVeU37iapu8Zg2WOliKKFkUl9nItxRddsO77hld05ahewp/Fyy91Lm8Oy7XB15K BCb74SFNcpQDacUlvv1fP8e07B5sXvyvmsgACCtjVbr+cJ6fRJA7Tk8HGuFt1EPb+7z0KW +RBshv64UrtZMwJr73/20p7L67d1iZ0= ARC-Authentication-Results: i=2; imf06.hostedemail.com; dkim=pass header.d=amd.com header.s=selector1 header.b=uxhPQOzk; spf=pass (imf06.hostedemail.com: domain of Thomas.Lendacky@amd.com designates 40.107.94.60 as permitted sender) smtp.mailfrom=Thomas.Lendacky@amd.com; arc=pass ("microsoft.com:s=arcselector9901:i=1"); dmarc=pass (policy=quarantine) header.from=amd.com ARC-Seal: i=2; s=arc-20220608; d=hostedemail.com; t=1677084619; a=rsa-sha256; cv=pass; b=WUMZmd0VPnJkKTfzkeRH95BFxMnIH+Aqh6qsuA2Hj2EzTa02988VqWaA/l2xr1zDKYwvUh U+Iazeie8zTuCpQwe5C35JQjhsMdA/QdY0ZOIUkPwgGv0b21/u74/iQ1tS8uKHXtI9anDt DOT3MZMV6zfCWqOmZmfiTYEGLdecGAE= ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=C30KFbkr2QYToYOnVtJ/mRcJzeLzWsGldwYr/Ch2RuFrfWFcMOvGoF95FXr9BiUneoLIBip+SSO1YvxqLStQaTHr+kUJyX62DJFOk6zXv5115NefDeDnqd8D+dWOo8oDjIgp8gn8e2zM8iKFEchi9IyZvlSJ8yij/eFBbp8Py0UP0o6/GkuLfjoQsHiaXTAV374t+7QpImaH5aNb3Xi9OiCZOvl2QZpPWY2adB/g3GBXiQyrojwVUVVRgLDJIN7fq7AvBaSqBTUxI6hH+atfJNMj9bCrKigLj9wcH/FOFYQ57Ekk1nF1Zqg0M8YY+oerERBpuIHDQfgKWBbSgvGk3w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=p3qLZ8+dTnHYIPOZElMlLeFVgTw6EBaJR3PBakS+yS8=; b=Q4gEPjHwcblV0MWHXqXen+/WROhrCqFzBmmne8SKTAMOtyb2Kc50sZ5yxf4k5V/Ml+Ab7AsETjDwAgTbVqTQ554QS6I2KJdJTUxZkKAdiEp5sJC5vAqz/EwIAaOoLH/GNzq8Z+R9aoJ6KHXWd+EaSK1JuBUOF2hw66sI+bqPiQw7RFvonIiXOQv/7yhWZDtrQ07kfnFtiztp1otxL5Z0llwtx5Wmq4YzwaiSQvryCQhSsEPxyVobf8CMFWoPgUZukenMNBCrlSWKJ6PE6DorOxV521JhObENMwh402SqqYN2MeM8fvFYiyOT/TPTVyKLpvRG9tm8h16XVx9jhDMj/Q== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=p3qLZ8+dTnHYIPOZElMlLeFVgTw6EBaJR3PBakS+yS8=; b=uxhPQOzkPR3R48SJjz1uQo24qbhUVMXQoqqf561qqZ+R5vdECkFUaGbhMoIfVN/bf5GLzZ4kYP6nQa8E9ShCTrtSlTs2JjWEJzFF1unfplsRQAWkNHj8QxOm8ey+qyZmLqy9z6VYqvma9DLhV4dtBW3Wts8iyqfMenUBRtH1crE= Received: from DM4PR12MB5229.namprd12.prod.outlook.com (2603:10b6:5:398::12) by DM8PR12MB5400.namprd12.prod.outlook.com (2603:10b6:8:3b::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6111.20; Wed, 22 Feb 2023 16:50:16 +0000 Received: from DM4PR12MB5229.namprd12.prod.outlook.com ([fe80::6cc0:9c7a:bd00:441c]) by DM4PR12MB5229.namprd12.prod.outlook.com ([fe80::6cc0:9c7a:bd00:441c%5]) with mapi id 15.20.6134.019; Wed, 22 Feb 2023 16:50:16 +0000 Message-ID: Date: Wed, 22 Feb 2023 10:50:12 -0600 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.7.1 Subject: Re: [PATCH RFC v8 27/56] crypto: ccp: Add the SNP_{SET,GET}_EXT_CONFIG command Content-Language: en-US To: Zhi Wang , Michael Roth Cc: kvm@vger.kernel.org, linux-coco@lists.linux.dev, linux-mm@kvack.org, linux-crypto@vger.kernel.org, x86@kernel.org, linux-kernel@vger.kernel.org, tglx@linutronix.de, mingo@redhat.com, jroedel@suse.de, hpa@zytor.com, ardb@kernel.org, pbonzini@redhat.com, seanjc@google.com, vkuznets@redhat.com, jmattson@google.com, luto@kernel.org, dave.hansen@linux.intel.com, slp@redhat.com, pgonda@google.com, peterz@infradead.org, srinivas.pandruvada@linux.intel.com, rientjes@google.com, dovmurik@linux.ibm.com, tobin@ibm.com, bp@alien8.de, vbabka@suse.cz, kirill@shutemov.name, ak@linux.intel.com, tony.luck@intel.com, marcorr@google.com, sathyanarayanan.kuppuswamy@linux.intel.com, alpergun@google.com, dgilbert@redhat.com, jarkko@kernel.org, ashish.kalra@amd.com, nikunj.dadhania@amd.com, Brijesh Singh References: <20230220183847.59159-1-michael.roth@amd.com> <20230220183847.59159-28-michael.roth@amd.com> <20230222143205.00007635@gmail.com> From: Tom Lendacky In-Reply-To: <20230222143205.00007635@gmail.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-ClientProxiedBy: CH0PR03CA0013.namprd03.prod.outlook.com (2603:10b6:610:b0::18) To DM4PR12MB5229.namprd12.prod.outlook.com (2603:10b6:5:398::12) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DM4PR12MB5229:EE_|DM8PR12MB5400:EE_ X-MS-Office365-Filtering-Correlation-Id: 68ea34e7-8d7c-4468-99cb-08db14f4df90 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: BoAiOkWvQmBShsQmqe1+cmG9YUOCA//rGf10nykX1JwJpxKEgI0EQh/ZJ7tWCCKR5W3/P7BoWwdkGy/+3aCa8zwSxQThtQrHgT0gDOSMAlhxOjdhjI9fe1UHXHIJOdJ8PqRXdRCdhH2zRKg5ku+vD/F7Ddacj0lPiMs5lYvUCUzjGLQU8UHh8eIXwlpx5j4YS3kEttFjzpSuAxe6S+I0rMWHayKI8RkYSUDPSSi//UA2cy+9s2Fh8IJpibw0Th7hgsDegmijjfJOK8tk95bOYxPL+WEUJCF/vkgkgewwApbYkub2I3EzFIaaZte4j0LzAYDERRrK8aMY3VuUSoqiNcBeU9YyVIHJUiG7k+M4be2InKrKs7zUNLF2Ky3uO5kHGEoYlDOmupIkiKEdiZrTuzZNXEVZvNg/PtpzBOvGe3tWtOnzoUkLvLXeDCK/cEqfpPU7DPslSVKHn3UjwWbaMZMWNsEDxWBqTVcucWGCqx5Iogb/ZrhxBWNItbE4DhJlU93u7UKPObWb1OhA5i9h+CS5icbRYWYFYTGpIj76bw23Zm3AjpvZ+kU/yxIQOEbCWMqvYj4EBzTVKdylXCVIcVX2O+ZFmdTy/1XQlkVXqqpmZzFbOVBh572M9DZmsKumPFd56+TMCh3/ijAJdBbo2oHXYzmlYYaU0G7YeKBuWMqf9LPXBiv3aVVHzMfjfjxBjmhZlD4VfC3rTaz8+me/f3A4QR9nUvWVt/Tz6NEv6ZY= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM4PR12MB5229.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230025)(4636009)(396003)(376002)(39860400002)(136003)(366004)(346002)(451199018)(36756003)(5660300002)(31696002)(2906002)(7416002)(7406005)(86362001)(6636002)(83380400001)(8676002)(66556008)(66946007)(66476007)(316002)(110136005)(38100700002)(6666004)(26005)(6512007)(6486002)(186003)(31686004)(478600001)(2616005)(53546011)(6506007)(41300700001)(4326008)(8936002)(43740500002)(45980500001);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?Qm1Da0lHclFQMWFUUUZ3QUQ3N2VTNXhPVWRHVEZjdFJKOEFaanRNV2VDSzZu?= =?utf-8?B?VDlHWjdXZitDS0ZlUDVLMTBXNTk5S3g5bHVzSWliNm5sOTlETmJPZVVHYzFa?= =?utf-8?B?SWRkd1NPT0Q2UStsOThpZUFPZHhmdnU5Y2FPRDdKS0JCM3c5MEEwbER4UGhD?= =?utf-8?B?Z3VMRCszUHJ0UGZWditzRk9CaTRBVVUvaXFObmduSlczTmxaYWNWcEdOY1dT?= =?utf-8?B?NFF2SUNqZjhtNFlWQW1USzJIbVUzZGp5aTYzd0xHVUR1VlFYblE5VW1TOFdv?= =?utf-8?B?MXNkYk1tMWxzQU1qOFM5cjVwbFd6QjZmNmUvWnk0UHBNdE5VU0lMK1ZjaW9P?= =?utf-8?B?eFpWZ1JUUURaaVB5eVFuMHhYWkh2Y0I5MDUxQm9PME9VV2RrOVBwT1RIT2NI?= =?utf-8?B?VTA1NmJFRG1vaU8rdGlyVzI2dlprQ3pCQlZQSmhYYjY0UUJ2dkZ1VFpMTnJV?= =?utf-8?B?amJabjVmUDBiWC9FSzVFdEVtUDJaUzROM205WEJMUXNMTXd3NVZCejZsVVZW?= =?utf-8?B?dWI5cC95QlpIREV5eVVTekcrZ2E0eFUwblc2YWZoNU5OOHZXQ0ZjMncvUnhR?= =?utf-8?B?blN3QXVUT3RoMDNMZG9aL0IvaGFnWEpSbW5aMENvVGR4RnJiU2lscElWb080?= =?utf-8?B?NFdMbEMyOTJpQ1F1T2g0RklhOHBxQzNxVGt3N1UrL0JCdXVIRDFLMm1uVjRi?= =?utf-8?B?Q2I2ZDlyU01tMlJsVzJUbG54SzFER29hWC91QklyU3N1bGtJV0J4VjFra1JO?= =?utf-8?B?M0JERnZtRFhwU2ZkN09aY0FtbEFHVXRZRHlpMDJQc2ZsaW5FckVFWGExWUZk?= =?utf-8?B?bWY0cW1NME0xZ09kQjcvYnZkR2VaUVQrc1BLbThjangzY2xyMjlMc3B1eDMy?= =?utf-8?B?eDUwdTRzQ1RFd2dXcnIrRDVFWUxjckkxTHVxSjhiaHlpeW1GQ2dEc01CbWJY?= =?utf-8?B?eFFoRXNKdkcvaGtSc1NCU2lNcnl6V1NLYzlvdlVkV1FBdlVHSzREVHJQYXJy?= =?utf-8?B?amdpZDJ5UXZVK1ZHKzdYSVRtWnB4Ni9IWG5uU1pLVklXZ0F3WGVJcmhHWUdz?= =?utf-8?B?VHdwTmxveGtmMTZ2dkpITUQvRG5CVEFjd1dJcmZTNEYrYU9LTDZjL2taMVlL?= =?utf-8?B?UkU1eHJJbzkxOUdyY3IvQXcxTDR5K1FYS1llVUlBanVJdG00dEdVZEhObXdm?= =?utf-8?B?K25Cdmx6ZGI4ZzNxTFN0ZkVqNmNUcjdXUXhGT05ibHNHTkdwSjBUQkYrRG1Y?= =?utf-8?B?Rldzd1ZwMzJlRWVYdmJGaFlKT3hYWElyS3V6ZWszOVNjeTlLUFVkbHI5NDRv?= =?utf-8?B?aEExcUd2Yzhrd3NpVjRqVDJaRXpLaCtCZ1h2N2JpY3dqUytjdlh0QXhjV2l5?= =?utf-8?B?QjN1Mkd3ckQ4VWhSdVFKMEdROVVyR1Rwa3JlcXV2K1ZBT3pJRCtSN29IY1pM?= =?utf-8?B?NS9zQVdnc3Z6MGNqMEkyRmx2bmRmejlXMTVmZEk5ZG1Wc0V4WVUrTTlSN1ZW?= =?utf-8?B?ck80TWk2RUtPYkQ2NnFTU0J4OVlmWUlCcU1ISE8xZ2VwVyt5TElKcHQ2bmVY?= =?utf-8?B?TFRabEtSTHg2KzNUNmNaUW9PanpaNHdvKzlVN0FrQmRZM3RDTDdoWFVra1k5?= =?utf-8?B?K045NWFnZ1BPMTZROU55bHhCU0YzTTA0UGZvdXZHaEs3MXpMTkprK3AxV09i?= =?utf-8?B?di9vRW9weDk3UjRQUkNwalhKMUNLTVVYU2haUkd0ZzFBdkRpc2R3czBxeTY3?= =?utf-8?B?eFdmNzZOTDFlc014alpHYmZLSldDZ3J6ak5jTnBLYjBkUjd5bTdhNCtRYmRL?= =?utf-8?B?OEhmWG5JZFJYOU1YUno0WDE2MGdTbkdicVVEMTd2R0RuT0MxM3NqUTRMV1M0?= =?utf-8?B?MDNEbXRENy9zWjB5K0JFc0dLSCtGNkdzUHFoSWRnRHpTSmdsRHdIK2RMNWk2?= =?utf-8?B?dnUwM3NQOU1QUG9JYUYvSmFoS0VsOFdPTnhsVVdyWGhlVVp4R1VqaXBiQlF3?= =?utf-8?B?bmhtRXRFcm5RZEV3d2FLTStlRjRWU0pFcUJaaXNrbU5xeGt4R1JRK2RXdjkx?= =?utf-8?B?TWFCWmRXcXRpOXRaMXgwbWZRdldPQmp0Rk9qUlJzbkVSWGV3OFFNd3A4bWYv?= =?utf-8?Q?t9zv5AkavW4GInqLhIU0GI2nh?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 68ea34e7-8d7c-4468-99cb-08db14f4df90 X-MS-Exchange-CrossTenant-AuthSource: DM4PR12MB5229.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 22 Feb 2023 16:50:16.1396 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: uU/wfA0fHutL2F7/e5TYNXDFzG+7ISyjQdFSX20AsP8L51ip2ozFMffiR2ByJ90one0Raj326sLD6X1sGMR2/w== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM8PR12MB5400 X-Stat-Signature: pso61db7batg6chx6o9f58k7ke39416d X-Rspam-User: X-Rspamd-Queue-Id: AF4E6180005 X-Rspamd-Server: rspam06 X-HE-Tag: 1677084619-691547 X-HE-Meta: U2FsdGVkX1+1lLlC9zBmp62OdXV1cEpPYXWMXUUNBXdnuRf7ve6Jak/7BahVADvu8wfiH3yYM4Rfp6pmlk9oQv77IY9L0ikY8KmZxMDWrClQSw4uetIH38+Ybo+1xqsunQQvvDJG0h6yY1bhMgKfiWUrQiD3yQR2kOfOTy9CN6mJ1JWNm9GD07OMxqtqKwCX+GmrXTb2z+0SIarFGetD+vzvJ730hDD1E1XFvzALSfola/D0guYNgRYNsdtyM+Lpk/WO94VGJAFrFU1YeL+//aU03ApnPJaODl5Sd9GJDUfHKA+qnTwkbQyfzPvb8dkMEEFzeVMV5L+FM4XobFmMVWvhmDpjeHJEyn4Xi6l2ETS6Ll6lpdGyBV6KJFkpUCJDrSbzxwyq5Lqn1O0SULOP/Sh2fx0GJR8/Bk0Q3jUiaIr1S7rDPLXfKygVNORoXZg5VjMTi8K4jwh/YAMy5BFZ9wid6VipwYSZrly8HcTQjDI23i5sLMv79tJ279tAfS7cdVn2bbO/QAO3azzQM70RHA17SVyKTVfB5nteLel72miHsjaHhUqtFIjz5sCdO6maHO254hmNuF7bb42j62/gBgHV7gxNl898opMcUS3GhvE7UE6scVDC3cnyA2qbL4a0jRP7ObK8wJdjgDVZ26z63H4+KO0zh7iHD5V9J+sZHUlshh4n3v1pKFN9LedSY/WFClSUmgjwVz37Z2j/wkX1QQ7WWqgVxwmYcTkEu9Clv72klwgyx3emDCnRGjh4a/bODzeyWzwgTQA7FC4bGzWQhx4l90Z/0IbXHsv5MBUxGlJSmYyH9eC5cJ7JOR/mCnCUkjMFAXK23StNRXo8pihnxW2tyIoJU0fVL7xhugMMMnI1AE+mqx4qAqNUuMrRSypF7pcfr7LLM32OCOAXDDgDw+a0PoiiNDNfAUcLZQ4rGZECbMa/crVq6Dac5djvbPHfFoklxkMbnxXJAGvooBa OOKfFzxe hZ1d3MZ1tiQ2Eru6JvFsVZLSbXOLFUrU3DBa05ijJ1ndQKq3D+K8vhBmBbbPwyFF9zDboMNEafxZMYuHubdLbpS5dF8p+/Ah5nbM3TJoEfdlXGwjrbRLKMA2wNpBm4a5cHYMxDmr3r6LDAgzuXWGbdNksJ8NrryYgDOEjeR/lofEdQSUv9546A82LnfnUmZQIz+7RDOD6AorPnBhaMERIlpjDEp2xOv4XG6g34BRPAmfghUcOComFB4ZI+85cAg7xa7oE+TNnNF5W/Ca3fRRRJJ3P1kv3aMlkAWPYqAQXj+/SU9zCfuwyPDtTQI5vw2jL5boeCFNuPaAsgDcFvTke2w7YZg2cjqCTr/g2gzRsvQAWHCE4Q8aRQEvm/DSauoqDnbbUnyS/dQetU2p4Q5ogZP2Onw== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On 2/22/23 06:32, Zhi Wang wrote: > On Mon, 20 Feb 2023 12:38:18 -0600 > Michael Roth wrote: > >> From: Brijesh Singh >> >> The SEV-SNP firmware provides the SNP_CONFIG command used to set the >> system-wide configuration value for SNP guests. The information includes >> the TCB version string to be reported in guest attestation reports. >> >> Version 2 of the GHCB specification adds an NAE (SNP extended guest >> request) that a guest can use to query the reports that include additional >> certificates. >> >> In both cases, userspace provided additional data is included in the >> attestation reports. The userspace will use the SNP_SET_EXT_CONFIG >> command to give the certificate blob and the reported TCB version string >> at once. Note that the specification defines certificate blob with a >> specific GUID format; the userspace is responsible for building the >> proper certificate blob. The ioctl treats it an opaque blob. >> >> While it is not defined in the spec, but let's add SNP_GET_EXT_CONFIG >> command that can be used to obtain the data programmed through the >> SNP_SET_EXT_CONFIG. >> >> Signed-off-by: Brijesh Singh >> Signed-off-by: Ashish Kalra >> Signed-off-by: Michael Roth >> --- >> Documentation/virt/coco/sev-guest.rst | 27 ++++++ >> drivers/crypto/ccp/sev-dev.c | 123 ++++++++++++++++++++++++++ >> drivers/crypto/ccp/sev-dev.h | 4 + >> include/uapi/linux/psp-sev.h | 17 ++++ >> 4 files changed, 171 insertions(+) >> >> diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c >> index 65e13a562f3b..b56b00ca2cd4 100644 >> --- a/drivers/crypto/ccp/sev-dev.c >> +++ b/drivers/crypto/ccp/sev-dev.c >> @@ -1481,6 +1481,10 @@ static int __sev_snp_shutdown_locked(int *error) >> data.length = sizeof(data); >> data.iommu_snp_shutdown = 1; >> >> + /* Free the memory used for caching the certificate data */ >> + kfree(sev->snp_certs_data); >> + sev->snp_certs_data = NULL; >> + >> wbinvd_on_all_cpus(); >> >> retry: >> @@ -1793,6 +1797,118 @@ static int sev_ioctl_snp_platform_status(struct sev_issue_cmd *argp) >> return ret; >> } >> >> +static int sev_ioctl_snp_get_config(struct sev_issue_cmd *argp) >> +{ >> + struct sev_device *sev = psp_master->sev_data; >> + struct sev_user_data_ext_snp_config input; >> + int ret; >> + >> + if (!sev->snp_initialized || !argp->data) >> + return -EINVAL; >> + >> + memset(&input, 0, sizeof(input)); >> + >> + if (copy_from_user(&input, (void __user *)argp->data, sizeof(input))) >> + return -EFAULT; >> + >> + /* Copy the TCB version programmed through the SET_CONFIG to userspace */ >> + if (input.config_address) { >> + if (copy_to_user((void * __user)input.config_address, >> + &sev->snp_config, sizeof(struct sev_user_data_snp_config))) >> + return -EFAULT; >> + } >> + >> + /* Copy the extended certs programmed through the SNP_SET_CONFIG */ >> + if (input.certs_address && sev->snp_certs_data) { >> + if (input.certs_len < sev->snp_certs_len) { >> + /* Return the certs length to userspace */ >> + input.certs_len = sev->snp_certs_len; >> + >> + ret = -ENOSR; We should be consistent with the other SEV ioctls that return required lengths and return -EIO here instead -ENOSR. Thanks, Tom >> + goto e_done; >> + } >> + > > What about if input.certs_len > sev->snp_certs_len? Is it possbile for the > userspace to know the length of data in the buffer? (I guess it might be able > to know the certs len through the blob data, but a comment here would be nice) > >> + if (copy_to_user((void * __user)input.certs_address, >> + sev->snp_certs_data, sev->snp_certs_len)) >> + return -EFAULT; >> + } >> + >> + ret = 0; >> + >> +e_done: >> + if (copy_to_user((void __user *)argp->data, &input, sizeof(input))) >> + ret = -EFAULT; >> + >> + return ret; >> +}