Received: by 2002:a05:6a10:1a4d:0:0:0:0 with SMTP id nk13csp1566402pxb; Tue, 8 Feb 2022 22:32:16 -0800 (PST) X-Google-Smtp-Source: ABdhPJwBfGVxecJ1BbjJThqxLN+nDF6pYu3Zf6bYB/K8Ox0vKWLw5vRzrG+yhCkF3ZX4b3nMPxvI X-Received: by 2002:a17:90a:e7d1:: with SMTP id kb17mr944279pjb.1.1644388335919; Tue, 08 Feb 2022 22:32:15 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1644388335; cv=none; d=google.com; s=arc-20160816; b=tS57OZ9sggjvMdTBp9aJc2aFl7aX7Qq2zL7OHIfUlntIRxQqzBm142a6v+vDCADSzS Hf08xqBNOuUPvy1830X0zfTcetPKAIOkdgtTgrj9wxoSMHbg5m6uVtuPd1cmOgC9TnkG p4AB+XRggh9e+LU5f0u4Bl3+Gr1Lk8w2/Hm52N+6kzkKmn0NT+3jKRqV3HMPNA1G2z9H xq0jZyIUsTrXEGdu2P6+NYuqoqKZ5jZ1wXD7fyPb23PRVJexFYZ9ZRRgk6RP1zAnB/wk aQRu9MUtxH98EbvZY7KVMAzZETl8ZnYorA4+hl8Mve7BUVtLrplknzOb57sPK7IiL3f4 zraw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=9kw2JUuU4tOJy7Y1YqOoL272nzWKEY2AY+xtiIohMEI=; b=LiY9+AOvlCEWb/f970ZhKGOY9Ys4uBiJ0njl7c63HPQ1p7Dp0M/Ecx7ICpKoOHkkqP OCmzlrLMEVY4BFJbED7QibTQROB0CgqNgR7twSk6+EX5KGK6VQPmCPrY3gzLyrm3QcUX 08FRpH8uF9bgLdLHKilNZ6ZuL/+NoM4BWsJa99gupNu795voQrVsxak4EVrH/7BDHCFg Aw8MMLB3GiisRF3cA+uoUaMNI0c0YbqwrVoZE++o9qt6Nipd0K3gO6z0PrMm9NMYuWSY TWVYsnOeOFR7Y1PEU7x/eD9Wwvfp+8HrlWiRl1jYeKHTLejbTNtePJp9w9A/tHJXxWng HHQA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@alien8.de header.s=dkim header.b=Z1hjKr7Z; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=alien8.de Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [2620:137:e000::1:18]) by mx.google.com with ESMTPS id z9si11769269ple.488.2022.02.08.22.32.15 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 08 Feb 2022 22:32:15 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) client-ip=2620:137:e000::1:18; Authentication-Results: mx.google.com; dkim=pass header.i=@alien8.de header.s=dkim header.b=Z1hjKr7Z; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=alien8.de Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id A3440E00E161; Tue, 8 Feb 2022 22:10:46 -0800 (PST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S243944AbiBGPaI (ORCPT + 99 others); Mon, 7 Feb 2022 10:30:08 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43904 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S240408AbiBGPWj (ORCPT ); Mon, 7 Feb 2022 10:22:39 -0500 Received: from mail.skyhub.de (mail.skyhub.de [IPv6:2a01:4f8:190:11c2::b:1457]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 15ADEC0401C8; Mon, 7 Feb 2022 07:22:35 -0800 (PST) Received: from zn.tnic (dslb-088-067-221-104.088.067.pools.vodafone-ip.de [88.67.221.104]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.skyhub.de (SuperMail on ZX Spectrum 128k) with ESMTPSA id C41E81EC0295; Mon, 7 Feb 2022 16:22:29 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alien8.de; s=dkim; t=1644247349; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:in-reply-to:in-reply-to: references:references; bh=9kw2JUuU4tOJy7Y1YqOoL272nzWKEY2AY+xtiIohMEI=; b=Z1hjKr7ZsdoSLPXWGCo9U0lVd0+sc+AZB3agyDxd+AJOlxIF2dL7NSX6pyRpok68cKRHwO B2rQcdhqtLso+qJmn0PKiL3rW65d++y+9w83Aq7drNfxUiS92t/BWB1y0F1Qxjh30SkmUz UE52d9BAbutNd15WBJMFn32ugNvJzVw= Date: Mon, 7 Feb 2022 16:22:24 +0100 From: Borislav Petkov To: Brijesh Singh Cc: x86@kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, linux-efi@vger.kernel.org, platform-driver-x86@vger.kernel.org, linux-coco@lists.linux.dev, linux-mm@kvack.org, Thomas Gleixner , Ingo Molnar , Joerg Roedel , Tom Lendacky , "H. Peter Anvin" , Ard Biesheuvel , Paolo Bonzini , Sean Christopherson , Vitaly Kuznetsov , Jim Mattson , Andy Lutomirski , Dave Hansen , Sergio Lopez , Peter Gonda , Peter Zijlstra , Srinivas Pandruvada , David Rientjes , Dov Murik , Tobin Feldman-Fitzthum , Michael Roth , Vlastimil Babka , "Kirill A . Shutemov" , Andi Kleen , "Dr . David Alan Gilbert" , brijesh.ksingh@gmail.com, tony.luck@intel.com, marcorr@google.com, sathyanarayanan.kuppuswamy@linux.intel.com Subject: Re: [PATCH v9 41/43] virt: Add SEV-SNP guest driver Message-ID: References: <20220128171804.569796-1-brijesh.singh@amd.com> <20220128171804.569796-42-brijesh.singh@amd.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: X-Spam-Status: No, score=-7.8 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI,SPF_HELO_PASS,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Feb 07, 2022 at 08:41:47AM -0600, Brijesh Singh wrote: > Randy asked me similar question on v7, and here is my response to it. > > https://lore.kernel.org/linux-mm/e6b412e4-f38e-d212-f52a-e7bdc9a26eff@infradead.org/ > > Let me know if you still think that we should make it 'n'. I am not dead > against it but I have feeling that once distro's starts building SNP aware > guest kernel, then we may get asked to enable it by default so that > attestation report can be obtained by the initial ramdisk. Well, let's see: $ make oldconfig ... # # No change to .config # $ So it didn't even ask me. Because # CONFIG_VIRT_DRIVERS is not set so what's the point of this "default y"? If the distros are your worry, then you probably will have to ask them to do so explicitly anyway because at least we edit our configs ourselves and decide what to enable or what not. > After this condition is met, a guest will no longer get the attestation > report. It's up to the userspace to reboot the guest or continue without > attestation. > > The only thing that will reset the counter is re-launching the guest to go > through the entire PSP initialization sequence once again. Well, but you need to explain that somewhere to the guest owners. I guess either here in that error message or in some higher-level glue which will do the attestation. Just saying that some counter has overflown is not very user-friendly, I'd say. > Yep, it need to protect more stuff. > > We allocate a shared buffers (request, response, cert-chain) that gets > populated before issuing the command, and then we copy the result from > reponse shared to callers buffer after the command completes. So, we also > want to ensure that the shared buffer is not touched before the previous > ioctl is finished. So you need to rename that mutex and slap a comment above it what it protects. Thx. -- Regards/Gruss, Boris. https://people.kernel.org/tglx/notes-about-netiquette