Re: [PATCH v6 40/42] virt: Add SEV-SNP guest driver

[PATCH v6 00/42] Add AMD Secure Nested Paging (SEV-SNP) Guest Support · Brijesh Singh <hidden> · 2021-10-08
[PATCH v6 01/42] x86/mm: Extend cc_attr to include AMD SEV-SNP · Brijesh Singh <hidden> · 2021-10-08
[PATCH v6 02/42] x86/sev: Shorten GHCB terminate macro names · Brijesh Singh <hidden> · 2021-10-08
Re: [PATCH v6 02/42] x86/sev: Shorten GHCB terminate macro names · Borislav Petkov <bp@alien8.de> · 2021-10-11
[PATCH v6 03/42] x86/sev: Get rid of excessive use of defines · Brijesh Singh <hidden> · 2021-10-08
Re: [PATCH v6 03/42] x86/sev: Get rid of excessive use of defines · Borislav Petkov <bp@alien8.de> · 2021-10-11
[PATCH v6 05/42] x86/sev: Define the Linux specific guest termination reasons · Brijesh Singh <hidden> · 2021-10-08
[PATCH v6 06/42] x86/sev: Save the negotiated GHCB version · Brijesh Singh <hidden> · 2021-10-08
[PATCH v6 04/42] x86/head64: Carve out the guest encryption postprocessing into a helper · Brijesh Singh <hidden> · 2021-10-08
[PATCH v6 08/42] x86/sev-es: initialize sev_status/features within #VC handler · Brijesh Singh <hidden> · 2021-10-08
Re: [PATCH v6 08/42] x86/sev-es: initialize sev_status/features within #VC handler · Borislav Petkov <bp@alien8.de> · 2021-10-18
Re: [PATCH v6 08/42] x86/sev-es: initialize sev_status/features within #VC handler · Michael Roth <hidden> · 2021-10-18
Re: [PATCH v6 08/42] x86/sev-es: initialize sev_status/features within #VC handler · Borislav Petkov <bp@alien8.de> · 2021-10-18
Re: [PATCH v6 08/42] x86/sev-es: initialize sev_status/features within #VC handler · Michael Roth <hidden> · 2021-10-20
Re: [PATCH v6 08/42] x86/sev-es: initialize sev_status/features within #VC handler · Borislav Petkov <bp@alien8.de> · 2021-10-20
Re: [PATCH v6 08/42] x86/sev-es: initialize sev_status/features within #VC handler · Michael Roth <hidden> · 2021-10-21
Re: [PATCH v6 08/42] x86/sev-es: initialize sev_status/features within #VC handler · Borislav Petkov <bp@alien8.de> · 2021-10-21
Re: [PATCH v6 08/42] x86/sev-es: initialize sev_status/features within #VC handler · Borislav Petkov <bp@alien8.de> · 2021-10-20
Re: [PATCH v6 08/42] x86/sev-es: initialize sev_status/features within #VC handler · Michael Roth <hidden> · 2021-10-21
Re: [PATCH v6 08/42] x86/sev-es: initialize sev_status/features within #VC handler · Borislav Petkov <bp@alien8.de> · 2021-10-21
Re: [PATCH v6 08/42] x86/sev-es: initialize sev_status/features within #VC handler · Michael Roth <hidden> · 2021-10-21
Re: [PATCH v6 08/42] x86/sev-es: initialize sev_status/features within #VC handler · Borislav Petkov <bp@alien8.de> · 2021-10-21
Re: [PATCH v6 08/42] x86/sev-es: initialize sev_status/features within #VC handler · Dr. David Alan Gilbert <hidden> · 2021-10-21
Re: [PATCH v6 08/42] x86/sev-es: initialize sev_status/features within #VC handler · Borislav Petkov <bp@alien8.de> · 2021-10-21
Re: [PATCH v6 08/42] x86/sev-es: initialize sev_status/features within #VC handler · Dr. David Alan Gilbert <hidden> · 2021-10-21
Re: [PATCH v6 08/42] x86/sev-es: initialize sev_status/features within #VC handler · Borislav Petkov <bp@alien8.de> · 2021-10-21
Re: [PATCH v6 08/42] x86/sev-es: initialize sev_status/features within #VC handler · Dr. David Alan Gilbert <hidden> · 2021-10-21
Re: [PATCH v6 08/42] x86/sev-es: initialize sev_status/features within #VC handler · Borislav Petkov <bp@alien8.de> · 2021-10-21
Re: [PATCH v6 08/42] x86/sev-es: initialize sev_status/features within #VC handler · Michael Roth <hidden> · 2021-10-21
Re: [PATCH v6 08/42] x86/sev-es: initialize sev_status/features within #VC handler · Borislav Petkov <bp@alien8.de> · 2021-10-21
Re: [PATCH v6 08/42] x86/sev-es: initialize sev_status/features within #VC handler · Michael Roth <hidden> · 2021-10-21
Re: [PATCH v6 08/42] x86/sev-es: initialize sev_status/features within #VC handler · Borislav Petkov <bp@alien8.de> · 2021-10-25
Re: [PATCH v6 08/42] x86/sev-es: initialize sev_status/features within #VC handler · Michael Roth <hidden> · 2021-10-25
Re: [PATCH v6 08/42] x86/sev-es: initialize sev_status/features within #VC handler · Borislav Petkov <bp@alien8.de> · 2021-10-27
Re: [PATCH v6 08/42] x86/sev-es: initialize sev_status/features within #VC handler · Michael Roth <hidden> · 2021-10-27
[PATCH v6 07/42] x86/sev: Add support for hypervisor feature VMGEXIT · Brijesh Singh <hidden> · 2021-10-08
Re: [PATCH v6 07/42] x86/sev: Add support for hypervisor feature VMGEXIT · Borislav Petkov <bp@alien8.de> · 2021-10-13
[PATCH v6 09/42] x86/sev: Check SEV-SNP features support · Brijesh Singh <hidden> · 2021-10-08
Re: [PATCH v6 09/42] x86/sev: Check SEV-SNP features support · Borislav Petkov <bp@alien8.de> · 2021-10-19
[PATCH v6 10/42] x86/sev: Add a helper for the PVALIDATE instruction · Brijesh Singh <hidden> · 2021-10-08
[PATCH v6 12/42] x86/compressed: Add helper for validating pages in the decompression stage · Brijesh Singh <hidden> · 2021-10-08
[PATCH v6 13/42] x86/compressed: Register GHCB memory when SEV-SNP is active · Brijesh Singh <hidden> · 2021-10-08
Re: [PATCH v6 13/42] x86/compressed: Register GHCB memory when SEV-SNP is active · Borislav Petkov <bp@alien8.de> · 2021-11-02
[PATCH v6 11/42] x86/sev: Check the vmpl level · Brijesh Singh <hidden> · 2021-10-08
Re: [PATCH v6 11/42] x86/sev: Check the vmpl level · Borislav Petkov <bp@alien8.de> · 2021-10-28
[PATCH v6 17/42] x86/kernel: Make the bss.decrypted section shared in RMP table · Brijesh Singh <hidden> · 2021-10-08
[PATCH v6 20/42] KVM: SVM: Define sev_features and vmpl field in the VMSA · Brijesh Singh <hidden> · 2021-10-08
[PATCH v6 18/42] x86/kernel: Validate rom memory before accessing when SEV-SNP is active · Brijesh Singh <hidden> · 2021-10-08
[PATCH v6 19/42] x86/mm: Add support to validate memory when changing C-bit · Brijesh Singh <hidden> · 2021-10-08
Re: [PATCH v6 19/42] x86/mm: Add support to validate memory when changing C-bit · Borislav Petkov <bp@alien8.de> · 2021-11-09
Re: [PATCH v6 19/42] x86/mm: Add support to validate memory when changing C-bit · Brijesh Singh <hidden> · 2021-11-10
Re: [PATCH v6 19/42] x86/mm: Add support to validate memory when changing C-bit · Borislav Petkov <bp@alien8.de> · 2021-11-10
Re: [PATCH v6 19/42] x86/mm: Add support to validate memory when changing C-bit · Tom Lendacky <thomas.lendacky@amd.com> · 2021-11-11
Re: [PATCH v6 19/42] x86/mm: Add support to validate memory when changing C-bit · Borislav Petkov <bp@alien8.de> · 2021-11-11
[PATCH v6 14/42] x86/sev: Register GHCB memory when SEV-SNP is active · Brijesh Singh <hidden> · 2021-10-08
Re: [PATCH v6 14/42] x86/sev: Register GHCB memory when SEV-SNP is active · Borislav Petkov <bp@alien8.de> · 2021-11-02
Re: [PATCH v6 14/42] x86/sev: Register GHCB memory when SEV-SNP is active · Brijesh Singh <hidden> · 2021-11-02
Re: [PATCH v6 14/42] x86/sev: Register GHCB memory when SEV-SNP is active · Borislav Petkov <bp@alien8.de> · 2021-11-02
Re: [PATCH v6 14/42] x86/sev: Register GHCB memory when SEV-SNP is active · Brijesh Singh <hidden> · 2021-11-03
Re: [PATCH v6 14/42] x86/sev: Register GHCB memory when SEV-SNP is active · Borislav Petkov <bp@alien8.de> · 2021-11-04
Re: [PATCH v6 14/42] x86/sev: Register GHCB memory when SEV-SNP is active · Brijesh Singh <hidden> · 2021-11-04
Re: [PATCH v6 14/42] x86/sev: Register GHCB memory when SEV-SNP is active · Boris Petkov <bp@alien8.de> · 2021-11-04
[PATCH v6 15/42] x86/sev: Remove do_early_exception() forward declarations · Brijesh Singh <hidden> · 2021-10-08
Re: [PATCH v6 15/42] x86/sev: Remove do_early_exception() forward declarations · Borislav Petkov <bp@alien8.de> · 2021-11-02
[PATCH v6 21/42] KVM: SVM: Create a separate mapping for the SEV-ES save area · Brijesh Singh <hidden> · 2021-10-08
[PATCH v6 22/42] KVM: SVM: Create a separate mapping for the GHCB save area · Brijesh Singh <hidden> · 2021-10-08
[PATCH v6 23/42] KVM: SVM: Update the SEV-ES save area mapping · Brijesh Singh <hidden> · 2021-10-08
[PATCH v6 24/42] x86/sev: Use SEV-SNP AP creation to start secondary CPUs · Brijesh Singh <hidden> · 2021-10-08
[PATCH v6 25/42] x86/head: re-enable stack protection for 32/64-bit builds · Brijesh Singh <hidden> · 2021-10-08
[PATCH v6 28/42] x86/compressed/acpi: move EFI system table lookup to helper · Brijesh Singh <hidden> · 2021-10-08
[PATCH v6 16/42] x86/sev: Add helper for validating pages in early enc attribute changes · Brijesh Singh <hidden> · 2021-10-08
[PATCH v6 26/42] x86/sev: move MSR-based VMGEXITs for CPUID to helper · Brijesh Singh <hidden> · 2021-10-08
[PATCH v6 27/42] KVM: x86: move lookup of indexed CPUID leafs to helper · Brijesh Singh <hidden> · 2021-10-08
[PATCH v6 30/42] x86/compressed/acpi: move EFI vendor table lookup to helper · Brijesh Singh <hidden> · 2021-10-08
[PATCH v6 29/42] x86/compressed/acpi: move EFI config table lookup to helper · Brijesh Singh <hidden> · 2021-10-08
[PATCH v6 31/42] x86/boot: Add Confidential Computing type to setup_data · Brijesh Singh <hidden> · 2021-10-08
[PATCH v6 41/42] virt: sevguest: Add support to derive key · Brijesh Singh <hidden> · 2021-10-08
[PATCH v6 39/42] x86/sev: Register SNP guest request platform device · Brijesh Singh <hidden> · 2021-10-08
[PATCH v6 38/42] x86/sev: Provide support for SNP guest request NAEs · Brijesh Singh <hidden> · 2021-10-08
[PATCH v6 40/42] virt: Add SEV-SNP guest driver · Brijesh Singh <hidden> · 2021-10-08
Re: [PATCH v6 40/42] virt: Add SEV-SNP guest driver · Dov Murik <hidden> · 2021-10-10
Re: [PATCH v6 40/42] virt: Add SEV-SNP guest driver · Brijesh Singh <hidden> · 2021-10-13
Re: [PATCH v6 40/42] virt: Add SEV-SNP guest driver · Peter Gonda <hidden> · 2021-10-20
Re: [PATCH v6 40/42] virt: Add SEV-SNP guest driver · Brijesh Singh <hidden> · 2021-10-27
Re: [PATCH v6 40/42] virt: Add SEV-SNP guest driver · Peter Gonda <hidden> · 2021-10-27
Re: [PATCH v6 40/42] virt: Add SEV-SNP guest driver · Brijesh Singh <hidden> · 2021-10-27
Re: [PATCH v6 40/42] virt: Add SEV-SNP guest driver · Peter Gonda <hidden> · 2021-10-27
Re: [PATCH v6 40/42] virt: Add SEV-SNP guest driver · Brijesh Singh <hidden> · 2021-10-27
Re: [PATCH v6 40/42] virt: Add SEV-SNP guest driver · Peter Gonda <hidden> · 2021-10-27
[PATCH v6 36/42] x86/compressed/64: add identity mapping for Confidential Computing blob · Brijesh Singh <hidden> · 2021-10-08
[PATCH v6 37/42] x86/sev: use firmware-validated CPUID for SEV-SNP guests · Brijesh Singh <hidden> · 2021-10-08
[PATCH v6 42/42] virt: sevguest: Add support to get extended report · Brijesh Singh <hidden> · 2021-10-08
[PATCH v6 35/42] x86/compressed/64: store Confidential Computing blob address in bootparams · Brijesh Singh <hidden> · 2021-10-08
[PATCH v6 32/42] x86/compressed/64: add support for SEV-SNP CPUID table in #VC handlers · Brijesh Singh <hidden> · 2021-10-08
[PATCH v6 33/42] boot/compressed/64: use firmware-validated CPUID for SEV-SNP guests · Brijesh Singh <hidden> · 2021-10-08
[PATCH v6 34/42] x86/boot: add a pointer to Confidential Computing blob in bootparams · Brijesh Singh <hidden> · 2021-10-08

From: Brijesh Singh <hidden>
Date: 2021-10-13 11:37:24
Also in: kvm, linux-efi, linux-mm, lkml, platform-driver-x86

Hi Dov,

On 10/10/21 10:51 AM, Dov Murik wrote:

Hi Brijesh,

On 08/10/2021 21:04, Brijesh Singh wrote:

quoted

SEV-SNP specification provides the guest a mechanisum to communicate with
the PSP without risk from a malicious hypervisor who wishes to read, alter,
drop or replay the messages sent. The driver uses snp_issue_guest_request()
to issue GHCB SNP_GUEST_REQUEST or SNP_EXT_GUEST_REQUEST NAE events to
submit the request to PSP.

The PSP requires that all communication should be encrypted using key
specified through the platform_data.

The userspace can use SNP_GET_REPORT ioctl() to query the guest
attestation report.

See SEV-SNP spec section Guest Messages for more details.

Signed-off-by: Brijesh Singh <redacted>
---
 Documentation/virt/coco/sevguest.rst  |  77 ++++
 drivers/virt/Kconfig                  |   3 +
 drivers/virt/Makefile                 |   1 +
 drivers/virt/coco/sevguest/Kconfig    |   9 +
 drivers/virt/coco/sevguest/Makefile   |   2 +
 drivers/virt/coco/sevguest/sevguest.c | 561 ++++++++++++++++++++++++++
 drivers/virt/coco/sevguest/sevguest.h |  98 +++++
 include/uapi/linux/sev-guest.h        |  44 ++
 8 files changed, 795 insertions(+)
 create mode 100644 Documentation/virt/coco/sevguest.rst
 create mode 100644 drivers/virt/coco/sevguest/Kconfig
 create mode 100644 drivers/virt/coco/sevguest/Makefile
 create mode 100644 drivers/virt/coco/sevguest/sevguest.c
 create mode 100644 drivers/virt/coco/sevguest/sevguest.h
 create mode 100644 include/uapi/linux/sev-guest.h

[...]

quoted

+
+static u8 *get_vmpck(int id, struct snp_secrets_page_layout *layout, u32 **seqno)
+{
+	u8 *key = NULL;
+
+	switch (id) {
+	case 0:
+		*seqno = &layout->os_area.msg_seqno_0;
+		key = layout->vmpck0;
+		break;
+	case 1:
+		*seqno = &layout->os_area.msg_seqno_1;
+		key = layout->vmpck1;
+		break;
+	case 2:
+		*seqno = &layout->os_area.msg_seqno_2;
+		key = layout->vmpck2;
+		break;
+	case 3:
+		*seqno = &layout->os_area.msg_seqno_3;
+		key = layout->vmpck3;
+		break;
+	default:
+		break;
+	}
+
+	return NULL;

This should be 'return key', right?


Yes, I did caught that during my testing and the hunk to fix it is in
42/42. I missed merging the hunk in this patch and will take care in
next rev. thanks

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help