Received: by 2002:a05:7412:e794:b0:fa:551:50a7 with SMTP id o20csp960292rdd; Wed, 10 Jan 2024 04:55:07 -0800 (PST) X-Google-Smtp-Source: AGHT+IFb7OA+Cfsg6iaUuSauk/84gw2/My7I/9d98OtQHAT6PoC4mKWcYsY4TFkvpLSJLF6MJhcE X-Received: by 2002:ac8:7d81:0:b0:429:bcb8:eb89 with SMTP id c1-20020ac87d81000000b00429bcb8eb89mr157892qtd.103.1704891306996; Wed, 10 Jan 2024 04:55:06 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1704891306; cv=none; d=google.com; s=arc-20160816; b=kzs6TE0glmT4nGe7WiVqBEFLTmG46DaYIfU3j2ItEs4EhPDUTMcysP0Cg24fBA++zx dFPsleAPWovbcQcJ8jDD0iVi02Z18jXmi/xOJ+sTrXUZcfIlfL/XA8K649+wv1hyv3Ud IkWvgXdEUmUmAbwBECLomcfl0nKuJ0xh+PtAIMulCuT2v+5oKQdk4Z1+iD5xxy7i9S2r VGdvrVgnfKHGzfUcLXnbLbkCHZx0zUd+v6efqvGydRbUaGgpiqxdA7nEeZ07GN4MWfBz bqy2kZVxZ7xrPDZPmOroLqoacGHvaKonCOEBFKw5DsEck9HFyVC/o002W/PuSpGss0zn lUOg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-disposition:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:message-id:subject:cc :to:from:date:dkim-signature; bh=d2gPhFWQrSVTRGmXm9+VauRY7wRW7YxPGphiwfHkUqY=; fh=03K1RUCHqcBusTrS3s106TL1i37iVEWPw55pl2tIqBw=; b=DZrSeLcoB9pEbDlwE8WkMhn7BcQGg9/HjmnPW3AVA+vnQk/mIDbecWSq3MJhCP8zjl xzJ0ecGgrZ5tJDLa9gj0w/zmPaR9DILGv9nFRV3QkxesA2hmyOYktUnCeX6qQBfWA/Fe 95ZDV90NmZjn/7BO58I2fr5Gu6ij/Z2RPHzFygQpzXsuT722VVVO0TaHK9VMtOPnFEaB iJfY1Wd1wOYm9ihfZyzzuJSKHyGWAkEsqKK+/d+8tvNIKTFRQhLQEtEQsySGsVwH+FDV KWzLbbf4PVurXm8nRCPY8pTs0io4ulwg+f6uwfRrjT3jQCF+AhVc8zykSn2iQDsfKunB +uog== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b="Mw0Opq/z"; spf=pass (google.com: domain of linux-kernel+bounces-22196-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-22196-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [147.75.199.223]) by mx.google.com with ESMTPS id b16-20020a05622a021000b004298fac1f7csi4200354qtx.507.2024.01.10.04.55.06 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 10 Jan 2024 04:55:06 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-22196-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) client-ip=147.75.199.223; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b="Mw0Opq/z"; spf=pass (google.com: domain of linux-kernel+bounces-22196-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-22196-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id B94F61C2214F for ; Wed, 10 Jan 2024 12:55:06 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id BCA5848787; Wed, 10 Jan 2024 12:54:58 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="Mw0Opq/z" Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id AA02138DE0 for ; Wed, 10 Jan 2024 12:54:56 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=linux.intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1704891297; x=1736427297; h=date:from:to:cc:subject:message-id:references: mime-version:in-reply-to; bh=Xm2YU4WaqEHvWHszTGe+00QdRB6H2V0BZ+19qV1T0og=; b=Mw0Opq/zlvG+t6a20i3J/DFSbNxX4jytHjtlfQChtj7/f41+gRbDx47+ R9sK5gKk1k5UzWDYL2pkb7G9oUlo5PVJK1J82RNB5zzSBEfw4IXN5URsa vn+kBcZzpAlYeTWdEGdnKt0B6Y6ghEK9cG1TTV9dtiaCnUp1cKPK45WaP glz7/2Kmd+a5ZpFE/NlSmUnP3tCoXCOnRtTV9cld76Ct1HlwnPS831/UW rPJYs8fZ4iPu3Z2DiXmpc+LexhRHIRl8CEsyond/FdzzHN0wYY/3bxg8G oclysBur3BpqhqloJxcp9cYhsrsLcWlkcbeNWIgWnRpK/1jnH6TbV/JU2 A==; X-IronPort-AV: E=McAfee;i="6600,9927,10948"; a="5257498" X-IronPort-AV: E=Sophos;i="6.04,184,1695711600"; d="scan'208";a="5257498" Received: from fmsmga007.fm.intel.com ([10.253.24.52]) by fmvoesa105.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 10 Jan 2024 04:54:56 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10948"; a="785592166" X-IronPort-AV: E=Sophos;i="6.04,184,1695711600"; d="scan'208";a="785592166" Received: from jganji-mobl1.gar.corp.intel.com (HELO box.shutemov.name) ([10.249.37.201]) by fmsmga007-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 10 Jan 2024 04:54:54 -0800 Received: by box.shutemov.name (Postfix, from userid 1000) id 6CB6B109589; Wed, 10 Jan 2024 15:54:51 +0300 (+03) Date: Wed, 10 Jan 2024 15:54:51 +0300 From: "Kirill A . Shutemov" To: Kuppuswamy Sathyanarayanan Cc: x86@kernel.org, Dave Hansen , Dan Williams , Xiaoyao Li , linux-kernel@vger.kernel.org, linux-coco@lists.linux.dev Subject: Re: [PATCH v1] virt: tdx-guest: Handle GetQuote request error code Message-ID: <20240110125451.whabimhece7dw5jn@box> References: <20240109054604.2562620-1-sathyanarayanan.kuppuswamy@linux.intel.com> <20240109131740.nk54gdmri6gpwkta@box.shutemov.name> <6805ad1f-2c91-4a8d-98c9-5da337dd13f6@linux.intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <6805ad1f-2c91-4a8d-98c9-5da337dd13f6@linux.intel.com> On Tue, Jan 09, 2024 at 07:56:56PM -0800, Kuppuswamy Sathyanarayanan wrote: > > > On 1/9/2024 5:17 AM, Kirill A . Shutemov wrote: > > On Tue, Jan 09, 2024 at 05:46:04AM +0000, Kuppuswamy Sathyanarayanan wrote: > >> Currently when a user requests for the Quote generation, the Quote > >> generation handler (tdx_report_new()) only checks whether the VMM > >> successfully processes the Quote generation request (status != > >> GET_QUOTE_IN_FLIGHT) and returns the output to the user without > >> validating the status of the output data. Since VMM can return error > >> even after processing the Quote request, returning success just after > >> successful processing will create confusion to the user. Although for > >> the failed request, output buffer length will be zero and can also be > >> used by the user to identify the failure case, it will be more clear to > >> return error for all failed cases. So validate the Quote output status > >> and return error code for all failed cases. > > > > Could you split commit message into several paragraphs? It would be easier > > to get along. > > > > It can be helpful to follow structure like: > > > > > > > > > > > > > > > > How about the following version? > > During the TDX guest attestation process, TSM ConfigFS ABI is used by > the user attestation agent to get the signed VM measurement data (a.k.a > Quote), which can be used by a remote verifier to validate the > trustworthiness of the guest. When a user requests for the Quote data > via the ConfigFS ABI, the TDX Quote generation handler > (tdx_report_new()) forwards the request to VMM (or QE) via a hypercall, > and then shares the output with the user. > > Currently, when handling the Quote generation request, tdx_report_new() > handler only checks whether the VMM successfully processed the request > and if it is true it returns success and shares the output to the user > without actually validating the output data. Since the VMM can return > error even after processing the Quote request, always returning success > for the processed requests is incorrect and will create confusion to > the user. Although for the failed request, output buffer length will > be zero and can also be used by the user to identify the failure case, > it will be more clear to return error for all failed cases. > > So when handling the Quote generation request, validate the Quote data > output status and return error code for all failed cases. I would drop the start of the sentence upto ',' here, but otherwise looks good to me. -- Kiryl Shutsemau / Kirill A. Shutemov