Received: by 2002:ac0:da4c:0:0:0:0:0 with SMTP id a12csp867142imi; Thu, 21 Jul 2022 12:33:02 -0700 (PDT) X-Google-Smtp-Source: AGRyM1v5MpTnXBhsuJ75lk/+q2oIbOff+EvXrk2vc8NDR6HdDvH9KPX5er8iWQ/If0VEz1ZyhCbz X-Received: by 2002:a05:6870:581:b0:10c:903f:3fa9 with SMTP id m1-20020a056870058100b0010c903f3fa9mr6241979oap.77.1658431981659; Thu, 21 Jul 2022 12:33:01 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1658431981; cv=none; d=google.com; s=arc-20160816; b=1IZn2sThkwnmBlZ1r25yEfPJ45r45xOT0rCgoS2vLAdHnNJSiUZsT0n8x9jWayTZq+ JLbdN101E5u0r+TXyRvpR+u1EcKG6WRTTyeeakS6gKCEkAKDUGv9D+5zyPeW8KlyusmI /3ZphK9SLM5injU8f4DxAQVKZ6/aPlVDJ6jhRYj5wYvkNeyuhTGvn8GRjUN1d4Y+DiRH U9VKQB5o3qPTxZZluGds8Q62YT9uH4CD2BYnBJLEngiqmQAOJ+zV46q3GHWpkem32yJ4 Bp77pmskjp8bIhRa/kGRqlmSRxueuocjawqd0he6og6cmlFF5c3hQCiwfq/+Ne9mg00e 6U2g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :references:cc:to:content-language:subject:user-agent:mime-version :date:message-id:dkim-signature; bh=zqjiAJQ1gOrfpyQHl4UKxPxvJTP3BTYw7SpQlGg/P1s=; b=TBxyeGYOEWJ1FAW+bUQ3PmKdrgy3SoI/5h5xhJlx9rnGZIXUFdU82Tx+4j8r9jAJtr 5PrH5w6geQzhKc3x38KsxBGaBT+Nw/l0rUoA79wzRvrrjHFWCrdHu6c8rTu/d2tD6Acj Q0hkiALSlEgv2eFaIF4AcUMbPphp8y+DlnEn6lDBWDOJ+rwOEsCuqS+PnxNecUuXz2aO 1wcZd0C2yz0sto5SSHWG+ddF2a4EImGloV7CCgr5KHWJvbmiYJRI3HKQptQWuAB7W8oN skGKcYdPVwvY1eFVIf+Ap4ZpVMLfqpwAtRJ7vSzBgPNSXRTJgjoUFNQ6XAPO39YgLpf5 esrQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b="ObHv58j/"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id j11-20020a54480b000000b0033a8f4c0462si2334375oij.89.2022.07.21.12.32.47; Thu, 21 Jul 2022 12:33:01 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b="ObHv58j/"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231651AbiGUTXG (ORCPT + 99 others); Thu, 21 Jul 2022 15:23:06 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39424 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229719AbiGUTXF (ORCPT ); Thu, 21 Jul 2022 15:23:05 -0400 Received: from mga06.intel.com (mga06b.intel.com [134.134.136.31]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id DCD7288E11 for ; Thu, 21 Jul 2022 12:23:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1658431384; x=1689967384; h=message-id:date:mime-version:subject:to:cc:references: from:in-reply-to:content-transfer-encoding; bh=u3Up2dozZlzzD/rPJelkCl8XNBwiL6BGYGzTfhZPNcw=; b=ObHv58j/XykZeTPUuZNXtOL8d4tbK2UO4nxiSpig8rx5lPufn+ZM5J9F osRqZGFgIa+YnASOyx0G0C+shOhxNHMZnkobSVKyjtIbeWT4Qu2YegOhN 7wl1xkQtIpz6lSF6+RNz9YKMFhGrSCfC6bEjLKe5CEjW+Vi09Ani+tUq1 VaHAdqQwfi5wYG/7I8+NWmnGfU4ZI+cB/5CxqtCbemD3ppKN/VgpvxJNL F3tSo683B3p/3FLoB8OxDEwRBFl1MtFgowC2OHPnhLWIeAgNbSMEBSXVx HIoWbX04JgVDbfGhDecpCeC5KoUk9ExaAFxHyWCbAvfbfipYJD1XZhWi9 Q==; X-IronPort-AV: E=McAfee;i="6400,9594,10415"; a="348853956" X-IronPort-AV: E=Sophos;i="5.93,183,1654585200"; d="scan'208";a="348853956" Received: from orsmga006.jf.intel.com ([10.7.209.51]) by orsmga104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Jul 2022 12:23:04 -0700 X-IronPort-AV: E=Sophos;i="5.93,183,1654585200"; d="scan'208";a="573876760" Received: from vasantgx-mobl.amr.corp.intel.com (HELO [10.212.244.191]) ([10.212.244.191]) by orsmga006-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Jul 2022 12:23:03 -0700 Message-ID: <71f3326d-319b-c78a-345b-499001e766ff@intel.com> Date: Thu, 21 Jul 2022 12:23:03 -0700 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.9.1 Subject: Re: [PATCH v8 5/5] x86/tdx: Add Quote generation support Content-Language: en-US To: Sathyanarayanan Kuppuswamy , Isaku Yamahata Cc: Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H . Peter Anvin" , "Kirill A . Shutemov" , Tony Luck , Andi Kleen , Kai Huang , Wander Lairson Costa , marcelo.cerri@canonical.com, tim.gardner@canonical.com, khalid.elmously@canonical.com, philip.cox@canonical.com, linux-kernel@vger.kernel.org References: <20220609025220.2615197-1-sathyanarayanan.kuppuswamy@linux.intel.com> <20220609025220.2615197-6-sathyanarayanan.kuppuswamy@linux.intel.com> <214e24f0-5236-be8d-024a-da48737d854a@intel.com> <20220721184221.GA3288872@ls.amr.corp.intel.com> <1fdecc17-8f4f-fceb-8da0-4a21ca0d58be@intel.com> From: Dave Hansen In-Reply-To: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-5.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,NICE_REPLY_A, RCVD_IN_DNSWL_MED,SPF_HELO_NONE,SPF_NONE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 7/21/22 11:57, Sathyanarayanan Kuppuswamy wrote: >> How does the VMM know how much to read/write? I have a theory: the spec >> says that R12 is: >> >> "Shared 4KB GPA as input – the memory contains a >> TDREPORT_STRUCT." >> >> That's *A* 4KB GPA. The maximum is one 4KB page. That's the only thing >> that makes sense because there's no length in the ABI anywhere. >> >> What am I missing? > I think you are looking into the old spec. Please check the version > "FEBRUARY 2022" > > Following are the ABI details: > > R11 - TDG.VP.VMCALL< GetQuote > sub-function per Table 2-3 > R12 - Shared GPA as input – the memory contains a TDREPORT_STRUCT. The > same buffer is used as output – the memory contains a TD Quote. > R13 - Size of shared GPA. The size must be 4KB-aligned. Yeah, silly me. I assumed the ABI was stable and wouldn't be, you know, adding and removing parameters. I still don't know how this all works. You just said: > Current ABI allows attestation service and agent to decide the quote size. So > we can't make assumptions on what that size will be. But, the guest *HAS* to make assumptions, right? It's allocating the buffer and handing a pointer and size over to the host. It's also guest *userspace*. In fact, this implementation *ABSOLUTELY* makes assumptions about the buffer size. If host userspace some day decides it needs 5MB of space, then all the guests will just stop working. This implementation is limited by the max page allocator size. This all just seems to work by chance.