lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <5b6f1d00-8dcd-49d8-98bc-53638ec5b43e@amd.com>
Date:   Thu, 2 Nov 2023 10:43:45 +0530
From:   "Nikunj A. Dadhania" <nikunj@....com>
To:     Dionna Amalie Glaze <dionnaglaze@...gle.com>
Cc:     linux-kernel@...r.kernel.org, thomas.lendacky@....com,
        x86@...nel.org, kvm@...r.kernel.org, bp@...en8.de,
        mingo@...hat.com, tglx@...utronix.de, dave.hansen@...ux.intel.com,
        pgonda@...gle.com, seanjc@...gle.com, pbonzini@...hat.com
Subject: Re: [PATCH v5 09/14] x86/sev: Add Secure TSC support for SNP guests

On 10/30/2023 10:16 PM, Dionna Amalie Glaze wrote:
> On Sun, Oct 29, 2023 at 11:38 PM Nikunj A Dadhania <nikunj@....com> wrote:
>>

>> @@ -1393,6 +1397,78 @@ bool snp_assign_vmpck(struct snp_guest_dev *dev, unsigned int vmpck_id)
>>  }
>>  EXPORT_SYMBOL_GPL(snp_assign_vmpck);
>>
>> +static struct snp_guest_dev tsc_snp_dev __initdata;
>> +
>> +static int __init snp_get_tsc_info(void)
>> +{
>> +       static u8 buf[SNP_TSC_INFO_REQ_SZ + AUTHTAG_LEN];
>> +       struct snp_guest_request_ioctl rio;
>> +       struct snp_tsc_info_resp tsc_resp;
>> +       struct snp_tsc_info_req tsc_req;
>> +       struct snp_guest_req req;
>> +       int rc, resp_len;
>> +
>> +       /*
>> +        * The intermediate response buffer is used while decrypting the
>> +        * response payload. Make sure that it has enough space to cover the
>> +        * authtag.
>> +        */
>> +       resp_len = sizeof(tsc_resp) + AUTHTAG_LEN;
>> +       if (sizeof(buf) < resp_len)
>> +               return -EINVAL;
>> +
>> +       memset(&tsc_req, 0, sizeof(tsc_req));
>> +       memset(&req, 0, sizeof(req));
>> +       memset(&rio, 0, sizeof(rio));
>> +       memset(buf, 0, sizeof(buf));
>> +
>> +       if (!snp_assign_vmpck(&tsc_snp_dev, 0))
>> +               return -EINVAL;
>> +
> 
> I don't see a requirement for VMPL0 in the API docs. I just see "When
> a guest creates its own VMSA, it must query the PSP for information
> with the TSC_INFO message to determine the correct values to write
> into GUEST_TSC_SCALE and GUEST_TSC_OFFSET". 

The request should work irrespective of the VMPL level. 

> In that case, I don't see
> a particular use for this request in Linux. I would expect it either
> in the UEFI or in SVSM. Is this code path explicitly for direct boot
> to Linux? If so, did I miss that documentation in this patch series?

This works with UEFI boot. I havent tried this with SVSM yet.

Thanks
Nikunj

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ