Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Message-ID: <c79eeb20-98c1-824c-9572-1474aa12a0f8@amd.com>
Date:   Fri, 4 Nov 2022 12:39:07 -0500
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101
 Thunderbird/102.2.2
Subject: Re: [PATCH V4] virt: sev: Prevent IV reuse in SNP guest driver
Content-Language: en-US
To:     Peter Gonda <pgonda@google.com>
Cc:     Dionna Glaze <dionnaglaze@google.com>,
        Borislav Petkov <bp@suse.de>,
        Michael Roth <michael.roth@amd.com>,
        Haowen Bai <baihaowen@meizu.com>,
        Yang Yingliang <yangyingliang@huawei.com>,
        Marc Orr <marcorr@google.com>,
        David Rientjes <rientjes@google.com>,
        Ashish Kalra <Ashish.Kalra@amd.com>,
        linux-kernel@vger.kernel.org, kvm@vger.kernel.org
References: <20221103152318.88354-1-pgonda@google.com>
From:   Tom Lendacky <thomas.lendacky@amd.com>
In-Reply-To: <20221103152318.88354-1-pgonda@google.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
MIME-Version: 1.0
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?WVYvWURjemZtNVIySVlIUTlmdHkxM1h2VnpqTEYyOG9QWklpMS9ieW1GcERN?=
 =?utf-8?B?YTJibmVFNTluUXc0Qm9sNWxXa3ViMENlV2hNMUY1ZnFqNTNmUE1BbEM1M01l?=
 =?utf-8?B?ejRrUE9sNWRIR3Y0anU4dkdaeEE2WXAybXVjRHZZa2hzVUoyRExldjZmVkVJ?=
 =?utf-8?B?RHl4azV4cTJUbmVwUGYzUTBGbzhoU2lrOTdubk5oRHlBZnE4NzU1U2FRNE4r?=
 =?utf-8?B?OGlsR2hwVmlMbzllTUw5NG9YcnlycFBFVWEvdGFMZ2hXcWxRditHa0trb3Jv?=
 =?utf-8?B?Q0xtdldOd2hEWHdobEVjUmw0SnZCRTVhWU0vOGNRK0MzKzNIOUFYTjQrM1pD?=
 =?utf-8?B?Zy9WeUxnQnRqSjB2NjJ3My9GNU5pOXAxTENrMWszU2JZZ3BzeU1sQndJcW84?=
 =?utf-8?B?aXZMdkc4SGtIZjZCSjI4dkQ3L2pjdC92c1Q3MDlqbE5ORWs4ZGo2Mk9LU3Ev?=
 =?utf-8?B?eGdMcFg1NTZYVzNKTTNKcVZZSVRBMWM4ZjRXQVc4c3AwUGdqcFhaakdpYmdj?=
 =?utf-8?B?Y051VDE2MytVMWxhK0RQVnhERUYrbDNHUTB0ZnlkNUx4TTJFdVJ4UUlPNGM1?=
 =?utf-8?B?ZVNoay94VnZsQ05hYXdJK1F6K1lMVHpzcXJBSjhCTFoyTENWL1dtOE9mS0J6?=
 =?utf-8?B?clRjWnJKaENFMXVFTmdXWGhBcitaZ0RKM2czSlpFWlMrbEtKZ1FRa3RnQTJJ?=
 =?utf-8?B?UzdMWjJ3anlvLzljV2FrQUFvckk2RHROcFJCdjJvcE1YWDYrTEJqbm45ZzVN?=
 =?utf-8?B?SElqVHNEWjYyN3ZpYkg3c3NDU1YzYk1jd0xxUEcrRGJmei9OZkJwMU9VeVow?=
 =?utf-8?B?MjA1dXJVSmdNOWxZTWkrZVN1N1hXQ2IrRUNWd2RSaS9Ub1ZENTJOVSsrWEFE?=
 =?utf-8?B?L21mUC82bTZhNzJ1QjBUM2JFV0JqRHptWnJKbTl3OUdvaHV0UEVkazZNSU9C?=
 =?utf-8?B?aEh2UGJ5VUNzcHhnVTBIWU95Zlh5NjVvTVNzcUw0akdyc3gwZm51RDRVR1o3?=
 =?utf-8?B?dUF0SzR4bk1lZldRcENJZ2FQZmpQN3A2THVBTjhHU2QzTVEyWGs1Z2ZhQVNH?=
 =?utf-8?B?anJBa1c5Q2oyT2UwZ1RQd2tUalRJS0hVZVgxYllvdUJ0VHJObnE4ZG8wWXNL?=
 =?utf-8?B?dnBjL2doZG9IcUd0T0pQd0RnVTJPZHI5WXhsM2JrOVFwK2hqeFlWbDU4U1I4?=
 =?utf-8?B?dEtkaWQ1WjBOTHdEc04xUlY2L1ROQkZsZUFzQnRRbS9RUHFCQzFBdG1VMzNO?=
 =?utf-8?B?VzA4VVVaWmxuVWpjcEZmeVNIbjBZdERlaU5xSkswbHJrYkZzaDh3WFIvSTVU?=
 =?utf-8?B?dG0vWWVrMmlxeXNRMXFPeDRhRmRpNG05NktlV0ZOZTZRR2NlYW1oS1h0T1FT?=
 =?utf-8?B?UEN5YzdnVXpDcWRTOWdPdmdLV2FSVG1vdm10NjNRQ3lzM2tqMHhSWDJwWGxl?=
 =?utf-8?B?dXhrN3lhQjhTSFl2Y203alVnY1NoMjFkWWF6MHEyRmpXeHRUZ1ZJQWJ5eEVn?=
 =?utf-8?B?NDM1blY2RFU1dVlqdGttaFJQYzh4N2ZvUVgrVDUxUFlMeHNubXBwa3lCd2J2?=
 =?utf-8?B?Vy8vMW0vekdJL2FFcWEyTkpMUHB0U2NySTRtSHZnOGlzeXNQOHdwQURyd3Ux?=
 =?utf-8?B?NUgrVFQxcmJOVmNEQkt6c0I2N1BZQVpXSjhNUnA5NVVKYVZ0OWxZMDRpTktD?=
 =?utf-8?B?dXFINmEwYXBxQlUxY2k2Uml6VXVGcG5MVWtZc3lqNEluTHF2bnpvWnhJV3JI?=
 =?utf-8?B?TENTNWQ4R05KdXg3eVZQbVU4OU0wRlZHUWdlNXVlZlhXSTJSS3QzT1M5ZXNO?=
 =?utf-8?B?QnpoNjZqYTlOcEZudEV5Mm5iWmNJR0pKWmFPYklJaUpRa0pJelRTY3daK2wx?=
 =?utf-8?B?b09zWTArTjlMMU1rN0QxekpLazBCUWVyU2tJT3E0UCszODBuT2JkK0tsNzdy?=
 =?utf-8?B?R3RiVlE1ek5lU1NuUWxoTG5mY0pKNmhXRXdZd0JJZzlUOUQwU2JucmVCeVhv?=
 =?utf-8?B?WUFjbVFKRnFSSzgrdmFBMFZ0Mk5pRGZPU05QOWp6bkdtUjZpamtzSzZrZjUv?=
 =?utf-8?B?Z3Q1K0tqZ3M0NFFUWVFiZVNsL3NJR0ZjemsxYWhzSWRCNDREZlZuc0JUYUhS?=
 =?utf-8?Q?2EZXBaOWTOGd3zNUnSCWgKWMO?=
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 32da53d3-b91d-47e5-4092-08dabe8b7a93
X-MS-Exchange-CrossTenant-AuthSource: DM4PR12MB5229.namprd12.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 04 Nov 2022 17:39:09.6298
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: K9N+5ojVwJ4IZKuEleAyD/KooE4FgkO8QOH2Ql78AbbYoX+rr6Avi1G+dnpXNX8wPPmI3Feg3sS23fqnDId8Pg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ1PR12MB6217
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
        DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,NICE_REPLY_A,RCVD_IN_DNSWL_NONE,
        RCVD_IN_MSPIKE_H2,SPF_HELO_PASS,SPF_PASS autolearn=ham
        autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On 11/3/22 10:23, Peter Gonda wrote:
> The ASP and an SNP guest use a series of AES-GCM keys called VMPCKs to
> communicate securely with each other. The IV to this scheme is a
> sequence number that both the ASP and the guest track. Currently this
> sequence number in a guest request must exactly match the sequence
> number tracked by the ASP. This means that if the guest sees an error
> from the host during a request it can only retry that exact request or
> disable the VMPCK to prevent an IV reuse. AES-GCM cannot tolerate IV
> reuse see:
> https://csrc.nist.gov/csrc/media/projects/block-cipher-techniques/documents/bcm/comments/800-38-series-drafts/gcm/joux_comments.pdf
> 
> To handle userspace querying the cert_data length handle_guest_request()
> now: saves the number of pages required by the host, retries the request
> without requesting the extended data, then returns the number of pages
> required.
> 
> Fixes: fce96cf044308 ("virt: Add SEV-SNP guest driver")
> Signed-off-by: Peter Gonda <pgonda@google.com>
> Reported-by: Peter Gonda <pgonda@google.com>
> Cc: Dionna Glaze <dionnaglaze@google.com>
> Cc: Borislav Petkov <bp@suse.de>
> Cc: Tom Lendacky <thomas.lendacky@amd.com>
> Cc: Michael Roth <michael.roth@amd.com>
> Cc: Haowen Bai <baihaowen@meizu.com>
> Cc: Yang Yingliang <yangyingliang@huawei.com>
> Cc: Marc Orr <marcorr@google.com>
> Cc: David Rientjes <rientjes@google.com>
> Cc: Ashish Kalra <Ashish.Kalra@amd.com>
> Cc: linux-kernel@vger.kernel.org
> Cc: kvm@vger.kernel.org

Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com>

> ---
> Tested by placing each of the guest requests: attestation quote,
> extended attestation quote, and get key. Then tested the extended
> attestation quote certificate length querying.
> 
> V4
>   * As suggested by Dionna moved the extended request retry logic into
>     the driver.
>   * Due to big change in patch dropped any reviewed-by tags.
> 
> ---