| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <9c6e6892-7c0c-124c-b534-8b7c3c6dafb5@redhat.com>
Date: Tue, 5 Apr 2022 14:50:29 +0200
From: Paolo Bonzini <pbonzini@...hat.com>
To: isaku.yamahata@...el.com, kvm@...r.kernel.org,
linux-kernel@...r.kernel.org
Cc: isaku.yamahata@...il.com, Jim Mattson <jmattson@...gle.com>,
erdemaktas@...gle.com, Connor Kuehl <ckuehl@...hat.com>,
Sean Christopherson <seanjc@...gle.com>
Subject: Re: [RFC PATCH v5 025/104] KVM: TDX: Add place holder for TDX VM
specific mem_enc_op ioctl
On 3/4/22 20:48, isaku.yamahata@...el.com wrote:
> From: Isaku Yamahata <isaku.yamahata@...el.com>
>
> Add a place holder function for TDX specific VM-scoped ioctl as mem_enc_op.
> TDX specific sub-commands will be added to retrieve/pass TDX specific
> parameters.
>
> KVM_MEMORY_ENCRYPT_OP was introduced for VM-scoped operations specific for
> guest state-protected VM. It defined subcommands for technology-specific
> operations under KVM_MEMORY_ENCRYPT_OP. Despite its name, the subcommands
> are not limited to memory encryption, but various technology-specific
> operations are defined. It's natural to repurpose KVM_MEMORY_ENCRYPT_OP
> for TDX specific operations and define subcommands.
>
> TDX requires VM-scoped, and VCPU-scoped TDX-specific operations for device
> model, for example, qemu. Getting system-wide parameters, TDX-specific VM
> initialization, and TDX-specific vCPU initialization. Which requires KVM
> vCPU-scoped operations in addition to the existing VM-scoped operations.
>
> Signed-off-by: Isaku Yamahata <isaku.yamahata@...el.com>
> ---
> arch/x86/include/uapi/asm/kvm.h | 11 +++++++++++
> arch/x86/kvm/vmx/main.c | 10 ++++++++++
> arch/x86/kvm/vmx/tdx.c | 24 ++++++++++++++++++++++++
> arch/x86/kvm/vmx/x86_ops.h | 4 ++++
> tools/arch/x86/include/uapi/asm/kvm.h | 11 +++++++++++
> 5 files changed, 60 insertions(+)
>
> diff --git a/arch/x86/include/uapi/asm/kvm.h b/arch/x86/include/uapi/asm/kvm.h
> index 71a5851475e7..2ad61caf4e0b 100644
> --- a/arch/x86/include/uapi/asm/kvm.h
> +++ b/arch/x86/include/uapi/asm/kvm.h
> @@ -528,4 +528,15 @@ struct kvm_pmu_event_filter {
> #define KVM_X86_DEFAULT_VM 0
> #define KVM_X86_TDX_VM 1
>
> +/* Trust Domain eXtension sub-ioctl() commands. */
> +enum kvm_tdx_cmd_id {
> + KVM_TDX_CMD_NR_MAX,
> +};
> +
> +struct kvm_tdx_cmd {
> + __u32 id;
> + __u32 metadata;
> + __u64 data;
> +};
Please include some initial documentation here already, for example it
is not clear what "metadata" is.
Also please add
u32 error;
u32 unused;
for two reasons: 1) consistency with kvm_sev_cmd 2) error codes should
be returned to userspace and not just sent through pr_tdx_error.
Paolo
Powered by blists - more mailing lists