Received: by 2002:a05:6602:18e:0:0:0:0 with SMTP id m14csp1716477ioo; Mon, 23 May 2022 01:19:09 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwF0+P1FmyGRbQ8bXNgMxCMR4sbhQBHo3YOtnxXSnvzU4D/N2TZjEIv5bdJhLxTLu4Dv7/s X-Received: by 2002:a17:90b:48d1:b0:1df:4fc8:c2d7 with SMTP id li17-20020a17090b48d100b001df4fc8c2d7mr24832447pjb.45.1653293949372; Mon, 23 May 2022 01:19:09 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1653293949; cv=none; d=google.com; s=arc-20160816; b=voHIWEeYofnJYzLBF8maL1cs7dS8IufIe09AcF0/RO/kzXbfM/zC9skqNl/qQJ1sT8 6yquY7tEN4SoTkL1JgtLEugGDY5xX5vc83TPKYKVTXAI2yAe+4LmTU7KlYntjtLOo2tH MR/aXXgXPkQ09nVf6bMxDhK2LiLr+YPwALvC7k4fS8dLy9Z40JcSpB1A0m04v9QxY6Ob 4iY6PX41QwdVbyEoXf22Upxd5564kqZJ6nwLMjO5yNtqHzJ+1vH1tPhipUUkygVl4zGV 1Lo1CcYBDNVfxOtdhqaJoupJOuH4rHgChsItHk5IK/ao46XUaeMN6W4nMlXWm8H+k0AJ MqkQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:date:cc:to:from:subject :message-id:dkim-signature; bh=EYQ2Yjkksgzn8p4qc+3cDvblZevYFp3ATK7oq8s22lY=; b=qaa6LefHtB2BbxWnHcK3Oq/NVdgpi/mYQi6eDnnrfAQCkQ7N2zElgGOVNOk2V5+nWg ZaXWTf1fHwPlzo3MozDBZ7rfvHAqGA6k9bi0kETEl1hDPq9MYYTV2wDpJizkyEyZdEIA tgiw3n7zXF0CRVJVbQsfnNNpxxcZ0BNGOR/Ntv8u60IY3kGbffpGLR4X2tTZZ7RkPu/6 u08Gqs19wOBVh23lnq2LpJCh45XXesVmufC3B3smiQOQfesj6GbtAFV/f/1AFTeCpOBG fZlsSXSuQLor80WbB5FHolNc6ssXeCMvlApuIkKuSto2FoSsVDNNxUDP1qNDCo+ZwPsc IcYg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=GPaWgFyG; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [2620:137:e000::1:18]) by mx.google.com with ESMTPS id nn5-20020a17090b38c500b001ded57320absi12540590pjb.24.2022.05.23.01.19.06 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 23 May 2022 01:19:09 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) client-ip=2620:137:e000::1:18; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=GPaWgFyG; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 612E6BC8C; Mon, 23 May 2022 00:22:48 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1353243AbiEWCxD (ORCPT + 99 others); Sun, 22 May 2022 22:53:03 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41894 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S240967AbiEWCxB (ORCPT ); Sun, 22 May 2022 22:53:01 -0400 Received: from mga06.intel.com (mga06b.intel.com [134.134.136.31]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9414137A3E for ; Sun, 22 May 2022 19:53:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1653274380; x=1684810380; h=message-id:subject:from:to:cc:date:in-reply-to: references:mime-version:content-transfer-encoding; bh=F71fg+0c4rtIQ1B5kg3uKaHKYbi2n82vhHHmVyMFuq8=; b=GPaWgFyGa8HnDqThJI+DzzTWhoYcA4KpSObZN0R8oI4sn+bjByX87Wh5 uSNKjyORyuqm/6WHI0AZXp2lv6+OWIcqD1ZW5WeUKEu10rVvhlY63CCDv gCzZGgAIRaKLQ6dTsLdQrkALRXwvgiFUiq9u23it1vm9AaqNu/gzSSA2P 8nKvt/PMWX5JWai1GImBV7jMUN3W8GL73q+7eMxIeinlD7D7qPx4Pzxtm 269NnpqPt5CXw8hEOv2LLzzKrts1BkXqQNEjagxT8UnAFDJLYGWH7eWdy jL5tFsdczeONO4DLYMLE88dao5QkEJHAwt393fJ2eAWq5mmCVSBhTYmwU A==; X-IronPort-AV: E=McAfee;i="6400,9594,10355"; a="333726691" X-IronPort-AV: E=Sophos;i="5.91,245,1647327600"; d="scan'208";a="333726691" Received: from orsmga006.jf.intel.com ([10.7.209.51]) by orsmga104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 22 May 2022 19:53:00 -0700 X-IronPort-AV: E=Sophos;i="5.91,245,1647327600"; d="scan'208";a="547687326" Received: from avkale-mobl1.amr.corp.intel.com (HELO khuang2-desk.gar.corp.intel.com) ([10.254.2.202]) by orsmga006-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 22 May 2022 19:52:56 -0700 Message-ID: Subject: Re: [PATCH v6 1/5] x86/tdx: Add TDX Guest attestation interface driver From: Kai Huang To: Sathyanarayanan Kuppuswamy , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org Cc: "H . Peter Anvin" , "Kirill A . Shutemov" , Tony Luck , Andi Kleen , Wander Lairson Costa , Isaku Yamahata , marcelo.cerri@canonical.com, tim.gardner@canonical.com, khalid.elmously@canonical.com, philip.cox@canonical.com, linux-kernel@vger.kernel.org Date: Mon, 23 May 2022 14:52:54 +1200 In-Reply-To: References: <20220512221952.3647598-1-sathyanarayanan.kuppuswamy@linux.intel.com> <20220512221952.3647598-2-sathyanarayanan.kuppuswamy@linux.intel.com> <1292fe3206bef08304dc1bfe3185a9e6cec690fd.camel@intel.com> Content-Type: text/plain; charset="UTF-8" User-Agent: Evolution 3.42.4 (3.42.4-2.fc35) MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RDNS_NONE,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, 2022-05-17 at 07:54 -0700, Sathyanarayanan Kuppuswamy wrote: > > > +struct tdx_report_req { > > > + union { > > > + __u8 reportdata[TDX_REPORTDATA_LEN]; > > > + __u8 tdreport[TDX_REPORT_LEN]; > > > + }; > > > +}; > > > > As a userspace ABI, one concern is this doesn't provide any space for future > > extension.  But probably it's OK since I don't see any possible additional > > input > > for now.  And although TDREPORT may have additional information in future > > generation of TDX but the spec says the size is 1024 so perhaps this won't > > change even in the future. > > > > Anyway will leave to others. > > IMO, if the spec changes in future we can revisit it. I don't think the problem is how to revisit _this_ ABI. The problem is, once it is introduced, you cannot break the ABI for the compatibility of supporting the userspace software written for old platforms. So basically you cannot just increase the TDX_REPORT_LEN to a larger value. This means if we have a larger than 1024B TDREPORT in future, the old userspace TD attestation software which uses this ABI will not work anymore on the new platforms. If we need to make sure this ABI work for _ANY_ TDX platforms, I think we either need to make sure TDREPORT will always be 1024B for _ANY_ TDX platforms, or we need to have a flexible ABI which doesn't assume TDREPORT size. For instance, we might need another IOCTL (or other interfaces such as /sysfs) to query the TDREPORT size, and make this IOCTL like below: struct tdx_report_req { __u8 reportdata[TDX_REPORTDATA_LEN]; __u8 reserved[...]; __u8 tdreport[0]; }; The actual TDREPORT buffer size is allocated by userspace after it queries the TDREPORT size. -- Thanks, -Kai