Received: by 2002:ab2:60d1:0:b0:1f7:5705:b850 with SMTP id i17csp1888475lqm; Fri, 3 May 2024 09:11:07 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCVSJZg8+Blup+EBAC33zBLQ8keP27pitMzJq9vNlI/MwBwYDVXodHP5yKZFNs1Vdb8Ny4HoKQtpaXpqENwN+FHUdXwLJ05GKfvGyxlt8A== X-Google-Smtp-Source: AGHT+IF3crFbEQa9Qi4308sOKNbKM14DUeV17xmaho5oS0HrXf1A1XkqTiIkYriyKNAXJuNB5ooj X-Received: by 2002:ad4:5cc7:0:b0:6a0:a4db:b146 with SMTP id iu7-20020ad45cc7000000b006a0a4dbb146mr3101086qvb.60.1714752667560; Fri, 03 May 2024 09:11:07 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1714752667; cv=pass; d=google.com; s=arc-20160816; b=sgmc9vMgh7BJzHESI8FGN19GNi0wcjUdxgcrbfSiaf8DZ04nRpyVZxIMxnNhBHOX8j dSChFu/M7z/HOTH32RqAbS7ypqOLjyfuVZNfoP3QlnmBfs9IhhYGraYGIXsEk0/rkeh6 BJpt5GuTVOQNc4VRU4NcJg7WSgRvicE4SZ3KjTzU4+13B8/nw2Q2cN6qX+jtq2jbGnPr Psb4XKUqURs2Tz+dssRglMwjQDY5d5jwahK3JFRyPLgHENBMsXL4+PVQZa25QpO8Vgla Cn7o7rAVtl1FkXthmbcRAQ6FDoYIRUTzlWTc8KP8hs1dJIZY9JiyL9iWD9qIclWqFKle ZH4g== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:in-reply-to:from:content-language :references:cc:to:subject:user-agent:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:date:message-id:dkim-signature; bh=14CeCadEfuLyZQEfwuGMidooQcXWCKaPepN+q1eQhi8=; fh=tJ8RpvpExlnVSUIRsQxnyEXYoIKTvasDq5Gqmy1RGL8=; b=U3tqWme15oH+PNl3rFpR+qF3PIrkCrtJ3cv1fsFVINd1W7aL9GinlgUiCxL3/SO1zo PCqhemsTsIIAZFC3FbeFpkAfJ6dl8Bw0ZINqXh4HOTc6ZeoJ3nQKN+9UhZtkXX/RL5Yh xAhzXTztdAJfHb3HOFrWNxsaiIW6EEz3vCpc739gwt8QFgBuUNVFTikxiUjfzWxIsop1 8zEg24OZiOmtZNY7TaDpH+Xf62s5SKdh13ZUnuD+AM+dlPl6ZhRsfJYUEtA5Gr53+1PC cXpO74Dp3XV2xzQp1RwK3bqYEWMIRBxeOMsO4J0seXbMTPCoBZkG9flVNpgQGB2VNdo7 34og==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=fjUicAQh; arc=pass (i=1 dkim=pass dkdomain=intel.com dmarc=pass fromdomain=linux.intel.com); spf=pass (google.com: domain of linux-kernel+bounces-167874-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-167874-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [147.75.199.223]) by mx.google.com with ESMTPS id if13-20020a0562141c4d00b006a0d6b23580si3710409qvb.96.2024.05.03.09.11.07 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 03 May 2024 09:11:07 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-167874-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) client-ip=147.75.199.223; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=fjUicAQh; arc=pass (i=1 dkim=pass dkdomain=intel.com dmarc=pass fromdomain=linux.intel.com); spf=pass (google.com: domain of linux-kernel+bounces-167874-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-167874-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id 3B2501C2104F for ; Fri, 3 May 2024 16:11:07 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 86A4C155340; Fri, 3 May 2024 16:11:01 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="fjUicAQh" Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.14]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 451B1155310 for ; Fri, 3 May 2024 16:10:57 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.14 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714752660; cv=none; b=LPyLdIY1Yh5e2Imyb9HHfdr9SsgQ3RmYj3yAOq2m1Jsm1qLScp5KCM6Khjc8XKnIQB/R8xcWQQwAICKxKNjhAxEiqwEAA5kTN4fYrnPRZg9XrJx8XtLhqqU+OnYQPZAVZ1zz3cZt0UoC5pvZ8/I0Xs2EudV7q7n37USxSA/PSNg= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714752660; c=relaxed/simple; bh=Z5b0CqouN93JJsmB9TzKqVvmhGRgsFIWRgcvB8hrs3A=; h=Message-ID:Date:MIME-Version:Subject:To:Cc:References:From: In-Reply-To:Content-Type; b=SS1oQqoSVQfRzdQXzZn5nCMsSjKkcpc2oL1+PFPc+uQC0F6D7aoe6Yrc1MoMijG7W1yYcYuwkWgTyeIa8RRuc7rbMe3hJjSAB1tnTAyIBbKTN9aAiaahhecGxskrcFeSJV4iLfiuOhO2QnweGNdDXIH8qvC18YiS2kDxoHNMotU= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com; spf=none smtp.mailfrom=linux.intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=fjUicAQh; arc=none smtp.client-ip=198.175.65.14 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=linux.intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1714752658; x=1746288658; h=message-id:date:mime-version:subject:to:cc:references: from:in-reply-to:content-transfer-encoding; bh=Z5b0CqouN93JJsmB9TzKqVvmhGRgsFIWRgcvB8hrs3A=; b=fjUicAQhQhqU9EPYzc4sW2im111Cvq03LaWhnJigz9dgTlnSsmkpps// FY9dqcyzCs501a+fP2xDTQVb3CLm3aI00yzXpO2Fr3x8Z7EQW2+R0QrSa j2Mo0X2ApL5AWgVib8G95yHLTs/2aJvPMwgc6D6CVjhGyMjTJrjxneFNT PbycrEDrk50cwBPujcaj7vsSPOOBWhMdtr/xu2Wh694NkotBiVoOAiN3O T301Hsz+k4cMbdUMi8YsbtLSDTwxUtEsbNQPqrvc/Sk9Lso+JN6oiKbd2 bcnxbmJXMGOYmadwUQIVL0vMmCZbQDqiPn6CEmCqx1GAjbeqMKArdfFkj A==; X-CSE-ConnectionGUID: xYeJiTKlQWWOE+HJ7ZKIKw== X-CSE-MsgGUID: HfLCb7Q0Qw6q2Jw/OpVFtA== X-IronPort-AV: E=McAfee;i="6600,9927,11063"; a="14383701" X-IronPort-AV: E=Sophos;i="6.07,251,1708416000"; d="scan'208";a="14383701" Received: from fmviesa007.fm.intel.com ([10.60.135.147]) by orvoesa106.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 03 May 2024 09:10:57 -0700 X-CSE-ConnectionGUID: Z48Gzqo8Re2XNqqnJ3hTUg== X-CSE-MsgGUID: B7hFfWUnTGyD/a5oWFEKtw== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.07,251,1708416000"; d="scan'208";a="27517165" Received: from unknown (HELO [10.125.109.193]) ([10.125.109.193]) by fmviesa007-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 03 May 2024 09:10:56 -0700 Message-ID: Date: Fri, 3 May 2024 09:10:55 -0700 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH v4 13/15] x86/sev: Take advantage of configfs visibility support in TSM To: Tom Lendacky , linux-kernel@vger.kernel.org, x86@kernel.org, linux-coco@lists.linux.dev, svsm-devel@coconut-svsm.dev Cc: Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , "H. Peter Anvin" , Andy Lutomirski , Peter Zijlstra , Dan Williams , Michael Roth , Ashish Kalra References: Content-Language: en-US From: Kuppuswamy Sathyanarayanan In-Reply-To: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit On 4/24/24 8:58 AM, Tom Lendacky wrote: > The TSM attestation report support provides multiple configfs attribute > types (both for standard and binary attributes) to allow for additional > attributes to be displayed for SNP as compared to TDX. With the ability > to hide attributes via configfs, consoldate the multiple attribute groups > into a single standard attribute group and a single binary attribute > group. Modify the TDX support to hide the attributes that were previously > "hidden" as a result of registering the selective attribute groups. > > Co-developed-by: Dan Williams > Signed-off-by: Dan Williams > Signed-off-by: Tom Lendacky > --- Reviewed-by: Kuppuswamy Sathyanarayanan > drivers/virt/coco/sev-guest/sev-guest.c | 3 +- > drivers/virt/coco/tdx-guest/tdx-guest.c | 29 ++++++++- > drivers/virt/coco/tsm.c | 82 ++++++++++++------------- > include/linux/tsm.h | 41 ++++++++++--- > 4 files changed, 102 insertions(+), 53 deletions(-) > > diff --git a/drivers/virt/coco/sev-guest/sev-guest.c b/drivers/virt/coco/sev-guest/sev-guest.c > index 2abb51bd034f..ec3d894cfe31 100644 > --- a/drivers/virt/coco/sev-guest/sev-guest.c > +++ b/drivers/virt/coco/sev-guest/sev-guest.c > @@ -23,6 +23,7 @@ > #include > #include > #include > +#include > #include > #include > > @@ -975,7 +976,7 @@ static int __init sev_guest_probe(struct platform_device *pdev) > /* Set the privlevel_floor attribute based on the vmpck_id */ > sev_tsm_ops.privlevel_floor = vmpck_id; > > - ret = tsm_register(&sev_tsm_ops, snp_dev, &tsm_report_extra_type); > + ret = tsm_register(&sev_tsm_ops, snp_dev); > if (ret) > goto e_free_cert_data; > > diff --git a/drivers/virt/coco/tdx-guest/tdx-guest.c b/drivers/virt/coco/tdx-guest/tdx-guest.c > index 1253bf76b570..964af57f345c 100644 > --- a/drivers/virt/coco/tdx-guest/tdx-guest.c > +++ b/drivers/virt/coco/tdx-guest/tdx-guest.c > @@ -17,6 +17,7 @@ > #include > #include > #include > +#include > > #include > > @@ -249,6 +250,30 @@ static int tdx_report_new(struct tsm_report *report, void *data) > return ret; > } > > +static bool tdx_report_attr_visible(struct config_item *item, > + struct configfs_attribute *attr, int n) > +{ > + switch (n) { > + case TSM_REPORT_GENERATION: > + case TSM_REPORT_PROVIDER: > + return true; > + } > + > + return false; > +} > + > +static bool tdx_report_bin_attr_visible(struct config_item *item, > + struct configfs_bin_attribute *attr, int n) > +{ > + switch (n) { > + case TSM_REPORT_INBLOB: > + case TSM_REPORT_OUTBLOB: > + return true; > + } > + > + return false; > +} > + > static long tdx_guest_ioctl(struct file *file, unsigned int cmd, > unsigned long arg) > { > @@ -281,6 +306,8 @@ MODULE_DEVICE_TABLE(x86cpu, tdx_guest_ids); > static const struct tsm_ops tdx_tsm_ops = { > .name = KBUILD_MODNAME, > .report_new = tdx_report_new, > + .report_attr_visible = tdx_report_attr_visible, > + .report_bin_attr_visible = tdx_report_bin_attr_visible, > }; > > static int __init tdx_guest_init(void) > @@ -301,7 +328,7 @@ static int __init tdx_guest_init(void) > goto free_misc; > } > > - ret = tsm_register(&tdx_tsm_ops, NULL, NULL); > + ret = tsm_register(&tdx_tsm_ops, NULL); > if (ret) > goto free_quote; > > diff --git a/drivers/virt/coco/tsm.c b/drivers/virt/coco/tsm.c > index d1c2db83a8ca..dedb4f582630 100644 > --- a/drivers/virt/coco/tsm.c > +++ b/drivers/virt/coco/tsm.c > @@ -14,7 +14,6 @@ > > static struct tsm_provider { > const struct tsm_ops *ops; > - const struct config_item_type *type; > void *data; > } provider; > static DECLARE_RWSEM(tsm_rwsem); > @@ -252,34 +251,18 @@ static ssize_t tsm_report_auxblob_read(struct config_item *cfg, void *buf, > } > CONFIGFS_BIN_ATTR_RO(tsm_report_, auxblob, NULL, TSM_OUTBLOB_MAX); > > -#define TSM_DEFAULT_ATTRS() \ > - &tsm_report_attr_generation, \ > - &tsm_report_attr_provider > - > static struct configfs_attribute *tsm_report_attrs[] = { > - TSM_DEFAULT_ATTRS(), > + [TSM_REPORT_GENERATION] = &tsm_report_attr_generation, > + [TSM_REPORT_PROVIDER] = &tsm_report_attr_provider, > + [TSM_REPORT_PRIVLEVEL] = &tsm_report_attr_privlevel, > + [TSM_REPORT_PRIVLEVEL_FLOOR] = &tsm_report_attr_privlevel_floor, > NULL, > }; > > -static struct configfs_attribute *tsm_report_extra_attrs[] = { > - TSM_DEFAULT_ATTRS(), > - &tsm_report_attr_privlevel, > - &tsm_report_attr_privlevel_floor, > - NULL, > -}; > - > -#define TSM_DEFAULT_BIN_ATTRS() \ > - &tsm_report_attr_inblob, \ > - &tsm_report_attr_outblob > - > static struct configfs_bin_attribute *tsm_report_bin_attrs[] = { > - TSM_DEFAULT_BIN_ATTRS(), > - NULL, > -}; > - > -static struct configfs_bin_attribute *tsm_report_bin_extra_attrs[] = { > - TSM_DEFAULT_BIN_ATTRS(), > - &tsm_report_attr_auxblob, > + [TSM_REPORT_INBLOB] = &tsm_report_attr_inblob, > + [TSM_REPORT_OUTBLOB] = &tsm_report_attr_outblob, > + [TSM_REPORT_AUXBLOB] = &tsm_report_attr_auxblob, > NULL, > }; > > @@ -297,21 +280,12 @@ static struct configfs_item_operations tsm_report_item_ops = { > .release = tsm_report_item_release, > }; > > -const struct config_item_type tsm_report_default_type = { > +static const struct config_item_type tsm_report_type = { > .ct_owner = THIS_MODULE, > .ct_bin_attrs = tsm_report_bin_attrs, > .ct_attrs = tsm_report_attrs, > .ct_item_ops = &tsm_report_item_ops, > }; > -EXPORT_SYMBOL_GPL(tsm_report_default_type); > - > -const struct config_item_type tsm_report_extra_type = { > - .ct_owner = THIS_MODULE, > - .ct_bin_attrs = tsm_report_bin_extra_attrs, > - .ct_attrs = tsm_report_extra_attrs, > - .ct_item_ops = &tsm_report_item_ops, > -}; > -EXPORT_SYMBOL_GPL(tsm_report_extra_type); > > static struct config_item *tsm_report_make_item(struct config_group *group, > const char *name) > @@ -326,12 +300,40 @@ static struct config_item *tsm_report_make_item(struct config_group *group, > if (!state) > return ERR_PTR(-ENOMEM); > > - config_item_init_type_name(&state->cfg, name, provider.type); > + config_item_init_type_name(&state->cfg, name, &tsm_report_type); > return &state->cfg; > } > > +static bool tsm_report_is_visible(struct config_item *item, > + struct configfs_attribute *attr, int n) > +{ > + guard(rwsem_read)(&tsm_rwsem); > + if (!provider.ops) > + return false; > + > + if (!provider.ops->report_attr_visible) > + return true; > + > + return provider.ops->report_attr_visible(item, attr, n); > +} > + > +static bool tsm_report_is_bin_visible(struct config_item *item, > + struct configfs_bin_attribute *attr, int n) > +{ > + guard(rwsem_read)(&tsm_rwsem); > + if (!provider.ops) > + return false; > + > + if (!provider.ops->report_bin_attr_visible) > + return true; > + > + return provider.ops->report_bin_attr_visible(item, attr, n); > +} > + > static struct configfs_group_operations tsm_report_group_ops = { > .make_item = tsm_report_make_item, > + .is_visible = tsm_report_is_visible, > + .is_bin_visible = tsm_report_is_bin_visible, > }; > > static const struct config_item_type tsm_reports_type = { > @@ -353,16 +355,10 @@ static struct configfs_subsystem tsm_configfs = { > .su_mutex = __MUTEX_INITIALIZER(tsm_configfs.su_mutex), > }; > > -int tsm_register(const struct tsm_ops *ops, void *priv, > - const struct config_item_type *type) > +int tsm_register(const struct tsm_ops *ops, void *priv) > { > const struct tsm_ops *conflict; > > - if (!type) > - type = &tsm_report_default_type; > - if (!(type == &tsm_report_default_type || type == &tsm_report_extra_type)) > - return -EINVAL; > - > guard(rwsem_write)(&tsm_rwsem); > conflict = provider.ops; > if (conflict) { > @@ -372,7 +368,6 @@ int tsm_register(const struct tsm_ops *ops, void *priv, > > provider.ops = ops; > provider.data = priv; > - provider.type = type; > return 0; > } > EXPORT_SYMBOL_GPL(tsm_register); > @@ -384,7 +379,6 @@ int tsm_unregister(const struct tsm_ops *ops) > return -EBUSY; > provider.ops = NULL; > provider.data = NULL; > - provider.type = NULL; > return 0; > } > EXPORT_SYMBOL_GPL(tsm_unregister); > diff --git a/include/linux/tsm.h b/include/linux/tsm.h > index 50c5769657d8..fa19291a9854 100644 > --- a/include/linux/tsm.h > +++ b/include/linux/tsm.h > @@ -4,6 +4,7 @@ > > #include > #include > +#include > > #define TSM_INBLOB_MAX 64 > #define TSM_OUTBLOB_MAX SZ_32K > @@ -42,12 +43,40 @@ struct tsm_report { > u8 *auxblob; > }; > > +/** > + * enum tsm_attr_index - index used to reference report attributes > + * @TSM_REPORT_GENERATION: index of the report generation number attribute > + * @TSM_REPORT_PROVIDER: index of the provider name attribute > + * @TSM_REPORT_PRIVLEVEL: index of the desired privilege level attribute > + * @TSM_REPORT_PRIVLEVEL_FLOOR: index of the minimum allowed privileg level attribute > + */ > +enum tsm_attr_index { > + TSM_REPORT_GENERATION, > + TSM_REPORT_PROVIDER, > + TSM_REPORT_PRIVLEVEL, > + TSM_REPORT_PRIVLEVEL_FLOOR, > +}; > + > +/** > + * enum tsm_bin_attr_index - index used to reference binary report attributes > + * @TSM_REPORT_INBLOB: index of the binary report input attribute > + * @TSM_REPORT_OUTBLOB: index of the binary report output attribute > + * @TSM_REPORT_AUXBLOB: index of the binary auxiliary data attribute > + */ > +enum tsm_bin_attr_index { > + TSM_REPORT_INBLOB, > + TSM_REPORT_OUTBLOB, > + TSM_REPORT_AUXBLOB, > +}; > + > /** > * struct tsm_ops - attributes and operations for tsm instances > * @name: tsm id reflected in /sys/kernel/config/tsm/report/$report/provider > * @privlevel_floor: convey base privlevel for nested scenarios > * @report_new: Populate @report with the report blob and auxblob > * (optional), return 0 on successful population, or -errno otherwise > + * @report_attr_visible: show or hide a report attribute entry > + * @report_bin_attr_visible: show or hide a report binary attribute entry > * > * Implementation specific ops, only one is expected to be registered at > * a time i.e. only one of "sev-guest", "tdx-guest", etc. > @@ -56,14 +85,12 @@ struct tsm_ops { > const char *name; > unsigned int privlevel_floor; > int (*report_new)(struct tsm_report *report, void *data); > + bool (*report_attr_visible)(struct config_item *item, > + struct configfs_attribute *attr, int n); > + bool (*report_bin_attr_visible)(struct config_item *item, > + struct configfs_bin_attribute *attr, int n); > }; > > -extern const struct config_item_type tsm_report_default_type; > - > -/* publish @privlevel, @privlevel_floor, and @auxblob attributes */ > -extern const struct config_item_type tsm_report_extra_type; > - > -int tsm_register(const struct tsm_ops *ops, void *priv, > - const struct config_item_type *type); > +int tsm_register(const struct tsm_ops *ops, void *priv); > int tsm_unregister(const struct tsm_ops *ops); > #endif /* __TSM_H */ -- Sathyanarayanan Kuppuswamy Linux Kernel Developer