Received: by 2002:a89:d88:0:b0:1fa:5c73:8e2d with SMTP id eb8csp2063010lqb; Mon, 27 May 2024 06:51:38 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCUo5/vlpNuBR0ZgQJctgzMxNlhGh24IpUIBBvfVBTAa+oM4gB82cYfSIQGqEmMKco1CrjKhCHP0nbQ/oWXt6Qd9ZvQppkMY4EM3AmsCmw== X-Google-Smtp-Source: AGHT+IEnQ18QusfIvMJWg4g+kJKJ7AG+c8Opg1gHvrmF4oXR0TvdVSu3qjWylr4ilbIKEWMoDtzw X-Received: by 2002:a05:6102:2383:b0:48a:382d:3c1b with SMTP id ada2fe7eead31-48a3854761fmr6601369137.13.1716817897634; Mon, 27 May 2024 06:51:37 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1716817897; cv=pass; d=google.com; s=arc-20160816; b=Qpx6XHPXfQp+76DBn61Byne/KaqKPcnII7nKGrI7yCWPENIop8X05pCGDNazCdlybM 4BMlHtslKPXYelR5N4FRf0UojE2EFJNdcwjF9o5OHEY+Dz+htTACKsLwf/KZdGeQPgZN QuRiM2B3YnFIYPzmrtGIJ96axvkKUyLSPR5JH7PreJ7MIhe1cHlaYiujYevvTD+AXDsD Oc888Ovjd9T3Im2gloXeEthRH6ke0U9oUXtKx9wIRSp75VcYty9AeKjMqqu6vG6HLTCZ vfDQc3jbLh+Lq8YKr1QFJ887l+VuzaJ6rMB/9wY7GdUsY+aNvOnILzqEfOehvP8TaqgA fZYg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-disposition:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:message-id:subject:cc :to:from:date:dkim-signature; bh=+od7caDLEPXz4QA7OiR3Y4qE0Xp9CTT3BbEYpXhsbzY=; fh=yOXSm0E/8tOfmRnhk0JfE6MKLQieMwDr2DHng9Fw+Y4=; b=b0ispCNHN9jJmR/B2VGEFGdOimMscoPnbFURl3TA4UQ8rbmhIqjGWSFWwwI9TwBG0B scZW65fTSgyrMd2CmZmShPxmP/FGQboBCJTwsrtYdb7P/Op60PxTr4Q1ei1Ic+8N8San /3RMA0xQxgWYwR/p/tsxvM5jEPzhAR/4m4rw3z4SnL/NJT8XC+GGgeukXfcV6wdcA/ca +7cmXXRvG9x5YJY2WpdImZJEizVm0fc0TWbh/GIxM6qBZhkDiljP/DtdT9pq0muj12qA A6f5S490VYlUT2KNOPD8dN40jl8Ua2TdYHsC0+wyVgI/bLA9xdbR54n8IonHA0g7RhG9 PTtw==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@alien8.de header.s=alien8 header.b=PDOWOD46; arc=pass (i=1 spf=pass spfdomain=alien8.de dkim=pass dkdomain=alien8.de dmarc=pass fromdomain=alien8.de); spf=pass (google.com: domain of linux-kernel+bounces-190755-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-190755-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=alien8.de Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [2604:1380:45d1:ec00::1]) by mx.google.com with ESMTPS id ada2fe7eead31-48a3a20615esi1560029137.119.2024.05.27.06.51.37 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 27 May 2024 06:51:37 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-190755-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) client-ip=2604:1380:45d1:ec00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@alien8.de header.s=alien8 header.b=PDOWOD46; arc=pass (i=1 spf=pass spfdomain=alien8.de dkim=pass dkdomain=alien8.de dmarc=pass fromdomain=alien8.de); spf=pass (google.com: domain of linux-kernel+bounces-190755-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-190755-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=alien8.de Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id 5BC541C2192A for ; Mon, 27 May 2024 13:51:37 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 7D75C15EFA8; Mon, 27 May 2024 13:51:31 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (4096-bit key) header.d=alien8.de header.i=@alien8.de header.b="PDOWOD46" Received: from mail.alien8.de (mail.alien8.de [65.109.113.108]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1626215ECF8 for ; Mon, 27 May 2024 13:51:28 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=65.109.113.108 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1716817890; cv=none; b=aGS6ORipUfQEpvx41CsiEptUp1bgh0JDOlXBXAggLxkPtx40DnkNd/l7D9l4GjrvQ4LPZ9e1kCLS16QJkJfIAu2rSbAQThbPIh1CGf70k92/5i8RRnlipg99WVsl7vWp8Woj6yFDMI4/MzVBOMpVAICjkZxfXbwRzuMRNe/tHBo= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1716817890; c=relaxed/simple; bh=3SLmwhe1BG8k1dOTLMosKY+YaYjuv7dkAru+9Up3axM=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=k7oMACEiF7/2xfTxgLmHwvH8m9hSV7Jfgns8C8PYLe3/f/tIeuLMoqRlTTjn4UGAwaSe447MPJK8uOZVLUOTUT8dGd2m00wYoSg8Rg+XPWnhgSTN5TKj1VLmv+/uks2NluuuVv4ipMUqDqKTtdSl3K2pJGFlbm83Li5C0mRbFQw= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=alien8.de; spf=pass smtp.mailfrom=alien8.de; dkim=pass (4096-bit key) header.d=alien8.de header.i=@alien8.de header.b=PDOWOD46; arc=none smtp.client-ip=65.109.113.108 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=alien8.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=alien8.de Received: from localhost (localhost.localdomain [127.0.0.1]) by mail.alien8.de (SuperMail on ZX Spectrum 128k) with ESMTP id B4BC140E01E8; Mon, 27 May 2024 13:51:26 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at mail.alien8.de Authentication-Results: mail.alien8.de (amavisd-new); dkim=pass (4096-bit key) header.d=alien8.de Received: from mail.alien8.de ([127.0.0.1]) by localhost (mail.alien8.de [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id Oq2UhWKWQFUl; Mon, 27 May 2024 13:51:23 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alien8.de; s=alien8; t=1716817883; bh=+od7caDLEPXz4QA7OiR3Y4qE0Xp9CTT3BbEYpXhsbzY=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=PDOWOD46MaTked/eyXcWeCGd9lUl6+OwvmUj15L2UV3K//S2TEtmWvb+2f8hij7oe ARCtWuTYwKadOfNLq2eL0puJ/RhDQMC+8mk8kt0gLEF5dqE5SkV7QHiDGlbxQbsXHv r2rz0jj47TJ1gb7LunkbPQxVq0hytMTVAese3XvFH1S+AfSDf0GcVBW7fHpgHIi4Dt SWkmmoqKrih7i/F6xhY/2PNiHQPTYq30OO0or2O70YfXFlAk8uEakTPyCdOKD7BEDZ oNrFdjiXdtU39XSNDyJJAoHvTbvucvC0zzmYDfbvMphsDjbaYmusWHz2q3l1csbFFg ejKaZiqzCkfreZXP9A1GkSqUhAjcQGihZ4ak13S9jAy+xkiOsG9naawfM33L+UW8B5 seggOrBBpRQM4SDkVpgxmAfY8sZOIa4pr+/SF2OIkEoaSqN6l/ojbYWOrqfZw+QA9Q whhEHr3lpSwIHLj+NbR6f/SePqkBBOJgERWyfYsW7g3W4mTeUArHMMPN+NGhHnX0UU nYu9xPFO4+WIJJoMVRqDVyZHx4J7WWqCkN6vHbTJivy/7oX/sEY6i/0mjiExwsKuRw MS+mKGQZKk94ykDf0bV5Fiirz3gGxeWLjFot9m8u6wBjz/QQqn/PH9IT7c+8D/cW/3 /Nw85SErsxXvvEjQ8/pejOZ8= Received: from zn.tnic (p5de8ee85.dip0.t-ipconnect.de [93.232.238.133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail.alien8.de (SuperMail on ZX Spectrum 128k) with ESMTPSA id 5FC3440E0177; Mon, 27 May 2024 13:51:09 +0000 (UTC) Date: Mon, 27 May 2024 15:51:01 +0200 From: Borislav Petkov To: Tom Lendacky Cc: linux-kernel@vger.kernel.org, x86@kernel.org, linux-coco@lists.linux.dev, svsm-devel@coconut-svsm.dev, Thomas Gleixner , Ingo Molnar , Dave Hansen , "H. Peter Anvin" , Andy Lutomirski , Peter Zijlstra , Dan Williams , Michael Roth , Ashish Kalra Subject: Re: [PATCH v4 09/15] x86/sev: Provide guest VMPL level to userspace Message-ID: <20240527135101.GBZlSPxQ6iBSlMDefY@fat_crate.local> References: <435f78e07c76e25d2d857138724098bc2a729b0a.1713974291.git.thomas.lendacky@amd.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <435f78e07c76e25d2d857138724098bc2a729b0a.1713974291.git.thomas.lendacky@amd.com> On Wed, Apr 24, 2024 at 10:58:05AM -0500, Tom Lendacky wrote: > Requesting an attestation report from userspace involves providing the > VMPL level for the report. Currently any value from 0-3 is valid because > Linux enforces running at VMPL0. > > When an SVSM is present, though, Linux will not be running at VMPL0 and > only VMPL values starting at the VMPL level Linux is running at to 3 are > valid. In order to allow userspace to determine the minimum VMPL value > that can be supplied to an attestation report, create a sysfs entry that > can be used to retrieve the current VMPL level of Linux. So what is the use case here: you create the attestation report *on* the running guest and as part of that, the script which does that should do cat /sys/.../sev/vmpl ? But then sev-guest does some VMPL including into some report: struct snp_report_req { /* user data that should be included in the report */ __u8 user_data[SNP_REPORT_USER_DATA_SIZE]; /* The vmpl level to be included in the report */ __u32 vmpl; Why do you need this and can't use sev-guest? > +static int __init sev_sysfs_init(void) > +{ > + struct kobject *sev_kobj; > + int ret; > + > + if (!cc_platform_has(CC_ATTR_GUEST_SEV_SNP)) > + return -ENODEV; > + > + sev_kobj = kobject_create_and_add("sev", kernel_kobj); In the main hierarchy?! This is a x86 CPU thing, so if anything, it should be under /sys/devices/system/cpu/ -- Regards/Gruss, Boris. https://people.kernel.org/tglx/notes-about-netiquette