Received: by 2002:a05:7412:798b:b0:fc:a2b0:25d7 with SMTP id fb11csp780132rdb; Thu, 22 Feb 2024 22:18:25 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCWxmX/tGJqW4veIMVuSex9ABL8kajHAlvLFQyRsOiI7hlkFWBJ1U+bzbPjx1+PqThHNPKyt7LIv2c3LAu3Oq9hjwSCKRWUbSDccBngSRg== X-Google-Smtp-Source: AGHT+IEWiezEabmDGmYkEBbv7rOQnf04IadHJmZMFooBkJT7BKA8dKcgstv9lhggOCGp3zK9dtjB X-Received: by 2002:a17:906:3588:b0:a3d:ed30:11c8 with SMTP id o8-20020a170906358800b00a3ded3011c8mr570745ejb.15.1708669105300; Thu, 22 Feb 2024 22:18:25 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1708669105; cv=pass; d=google.com; s=arc-20160816; b=rekX4PA5vCtfueY83wcLQ0QhCGU60EL/jk0oLJ3HlrDo9Fy7F5nsopqiAM4dBxigCn 0/5qbFOFPaMhrt3QGnmCeS/cE6Xjmmxu01X6GICld1/FW43wHwKumH+6hVFEHQ8ghlp8 g1oFY1E0yNtQhzV97pm+fT+EkLaR3GwaF6wTEAbR6nWhtEWls1ahTAMLMAZgcNSLSs7a cv60XDZx+EgC+dJuS01hzqZ5VQKzbRMnInNvcv9+SpiCQ+RI7kFS99U3IQkJd+A5wT5K Nlqf5c9vPWgFmypuSqb0bh8y5U3yFQXQYNQr6CutkDIsRb9J/FN6U5LxrOlH8ewUGeC6 NvGA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:in-reply-to:from:references:cc:to :content-language:subject:user-agent:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:date:message-id:dkim-signature; bh=zb3GiJ+dBmX2FDSClBK1rTlU3p9j5oIZIfCPhGaQOtQ=; fh=1bntD5QKXob4HPOHrHmIjycfazdbdZ0XzcbyCALu7/o=; b=u5JFp5dKD/CeOE6a7rAoXA+GBDrwbF/3JAHDi8xaD4Z5z1GJUYfBE20oTWU3VgyziH WBBG4/FOBRGvlvs210Iut/lHj/k29cx3jDIUBmtRXpmyrTWMFqwkay1RUisy5id46FCW JUR6sjFnTmdwXbd0E1C2ntZhauvFsLyuHfArxLeY2U74i0vs0sSDLkxtIaT0ruJD/Zcb YUEbbCO+mTKd2EGy34iOaXmVVHZqIWcGQF+rUKID8++SGtL0MkqICWRiYTPTvkvOqYhZ f1qKnuYbDJ/OCc6SD0cf12H5+M76wdgOW7n7/vymGT8WzAwWGQOBe4p0zES+RuCcn271 5laA==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=UDsMzDui; arc=pass (i=1 dkim=pass dkdomain=intel.com dmarc=pass fromdomain=linux.intel.com); spf=pass (google.com: domain of linux-kernel+bounces-77826-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-77826-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [147.75.80.249]) by mx.google.com with ESMTPS id q11-20020a170906a08b00b00a3e0b7e7222si6280695ejy.438.2024.02.22.22.18.25 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 22 Feb 2024 22:18:25 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-77826-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) client-ip=147.75.80.249; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=UDsMzDui; arc=pass (i=1 dkim=pass dkdomain=intel.com dmarc=pass fromdomain=linux.intel.com); spf=pass (google.com: domain of linux-kernel+bounces-77826-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-77826-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id D83291F243E4 for ; Fri, 23 Feb 2024 06:18:24 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 85D47125D9; Fri, 23 Feb 2024 06:18:18 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="UDsMzDui" Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2FFF0125B0 for ; Fri, 23 Feb 2024 06:18:15 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.198.163.19 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708669097; cv=none; b=K+NIhJrifQIKmpbuGMfX3Y27McYt0PAvMRuxq5sr5Bdeu55I132C5GxOLCPuV7gQCjowetbLNgbzaS+nwQdSUw7wC3rms7//nQKEkwy2pug1M8ixq0fR/TdN2Y07wJqt3xUYomzqacm3nhyLT1BRTeXXIkHsyxTODKmFOhkmZ0g= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708669097; c=relaxed/simple; bh=rcRL6AOPBimFSOc2Z5A6BnhXyMYPvmWbtsmG0omtUnE=; h=Message-ID:Date:MIME-Version:Subject:To:Cc:References:From: In-Reply-To:Content-Type; b=lz2XrFeKGK+kCLMYaW0GOmkZTf8KmIK0130lma3F/3V5lGu4+R8WM4FufZQKBifnDSfVdP3foS6qtP63H3f3qOUb/otL5FQo3W/tcRAQqSwH2HzyOkDiqpvSQl5GHsGHcHvWTnGXzcsZ/VWh+PBK58E3KuAjjGPfQJ7qeAsJ5JA= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com; spf=none smtp.mailfrom=linux.intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=UDsMzDui; arc=none smtp.client-ip=192.198.163.19 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=linux.intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1708669095; x=1740205095; h=message-id:date:mime-version:subject:to:cc:references: from:in-reply-to:content-transfer-encoding; bh=rcRL6AOPBimFSOc2Z5A6BnhXyMYPvmWbtsmG0omtUnE=; b=UDsMzDuiIifmvcpYNTjzKUlSLeiOnEGxPYXY/ie9PM2lXI3riMPam3Jl FdUr1MYnbk5DgqiB7J0PgCe8BhTz8qONm6L7FRknyor70JFP1dAcwBi+u ECdWkloEywDl4ZAl2F9U07tgua6g4FHPYV9uXTqcqrYFrS71iHIxZhyw2 KmJb5ORy6awGhnBaOLWirqihnjGBi5Nnu1fNqLaKwEAiR/RqXscV14QEs 1QZvQS/G9LCBks91sJISdnW/l6djfEGOjFeDHfliLREObr5B1vVc29yWt tnK+ttXeRjNpMq/x7yI829VDI3pckyN9dzV1TnwSxZwAF8rWgKP19c5YZ w==; X-IronPort-AV: E=McAfee;i="6600,9927,10992"; a="2839995" X-IronPort-AV: E=Sophos;i="6.06,179,1705392000"; d="scan'208";a="2839995" Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by fmvoesa113.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 22 Feb 2024 22:18:14 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10992"; a="913729166" X-IronPort-AV: E=Sophos;i="6.06,179,1705392000"; d="scan'208";a="913729166" Received: from rdegger-desk1.amr.corp.intel.com (HELO [10.209.74.18]) ([10.209.74.18]) by fmsmga002-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 22 Feb 2024 22:18:13 -0800 Message-ID: <58da7bcd-ed88-42a4-be28-f3ae0723c5f7@linux.intel.com> Date: Thu, 22 Feb 2024 22:18:13 -0800 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH v2] virt: tdx-guest: Handle GetQuote request error code Content-Language: en-US To: Dan Williams , "Kirill A . Shutemov" , x86@kernel.org Cc: Dave Hansen , Xiaoyao Li , linux-kernel@vger.kernel.org, linux-coco@lists.linux.dev References: <20240111033245.2632484-1-sathyanarayanan.kuppuswamy@linux.intel.com> <65d831adaf58c_2509b2943@dwillia2-mobl3.amr.corp.intel.com.notmuch> From: Kuppuswamy Sathyanarayanan In-Reply-To: <65d831adaf58c_2509b2943@dwillia2-mobl3.amr.corp.intel.com.notmuch> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit On 2/22/24 9:48 PM, Dan Williams wrote: > Kuppuswamy Sathyanarayanan wrote: >> During the TDX guest attestation process, TSM ConfigFS ABI is used by >> the user attestation agent to get the signed VM measurement data (a.k.a >> Quote), which can be used by a remote verifier to validate the >> trustworthiness of the guest. When a user requests for the Quote data >> via the ConfigFS ABI, the TDX Quote generation handler >> (tdx_report_new()) forwards the request to VMM (or QE) via a hypercall, >> and then shares the output with the user. >> >> Currently, when handling the Quote generation request, tdx_report_new() >> handler only checks whether the VMM successfully processed the request >> and if it is true it returns success and shares the output to the user >> without actually validating the output data. Since the VMM can return >> error even after processing the Quote request, always returning success >> for the processed requests is incorrect and will create confusion to >> the user. Although for the failed request, output buffer length will >> be zero and can also be used by the user to identify the failure case, >> it will be more clear to return error for all failed cases. > This is a lot of text. More is not necessarily better. > > --- > The tdx-guest driver marshals requests via hypercall to have a quoting > enclave sign attestation evidence about the current state of the TD. > There are 2 possible failures, a transport failure (failure to > communicate with the quoting agent) and payload failure (a failed > quote). The driver only checks the former, update it to consider the > latter payload errors as well. > --- Looks better. I will use it in next version. > > >> Validate the Quote data output status and return error code for all >> failed cases. >> >> Fixes: f4738f56d1dc ("virt: tdx-guest: Add Quote generation support using TSM_REPORTS") >> Reported-by: Xiaoyao Li >> Closes: https://lore.kernel.org/linux-coco/6bdf569c-684a-4459-af7c-4430691804eb@linux.intel.com/T/#u >> Signed-off-by: Kuppuswamy Sathyanarayanan >> --- >> >> Changes since v1: >> * Updated the commit log (Kirill) >> >> drivers/virt/coco/tdx-guest/tdx-guest.c | 6 ++++++ >> 1 file changed, 6 insertions(+) >> >> diff --git a/drivers/virt/coco/tdx-guest/tdx-guest.c b/drivers/virt/coco/tdx-guest/tdx-guest.c >> index 1253bf76b570..61368318fa39 100644 >> --- a/drivers/virt/coco/tdx-guest/tdx-guest.c >> +++ b/drivers/virt/coco/tdx-guest/tdx-guest.c >> @@ -228,6 +228,12 @@ static int tdx_report_new(struct tsm_report *report, void *data) >> goto done; >> } >> >> + if (quote_buf->status != GET_QUOTE_SUCCESS) { >> + pr_err("GetQuote request failed, ret %llx\n", quote_buf->status); > Do you really want to spam the log on every error? I would expect > pr_err() for events that are fatal to driver operation that might > indicate conditions where maybe the TD should give up on the host. > > Yes, there are other pr_err() in this function and I am kicking myself > for not scrutinizing those more closely. It is likely enough to > distinguish transport errors vs payload / quote errors with ENXIO and > EIO. > > Otherwise if there is an exceedingly good reason to keep this driver > chirping into the kernel log then these likely also want to be > rate-limited. If they are "just in case" debug messages, then move them > to pr_debug(). Ok. Makes sense. I will convert it into a pr_debug. I will submit a separate patch to fix other pr_err usage in this driver. Expect Quote timeout, the rest of the failure does not affect the usage of the driver. -- Sathyanarayanan Kuppuswamy Linux Kernel Developer