| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 29 Apr 2024 09:28:22 -0500
From: Tom Lendacky <thomas.lendacky@....com>
To: Dan Williams <dan.j.williams@...el.com>, linux-kernel@...r.kernel.org,
x86@...nel.org, linux-coco@...ts.linux.dev, svsm-devel@...onut-svsm.dev
Cc: Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...hat.com>,
Borislav Petkov <bp@...en8.de>, Dave Hansen <dave.hansen@...ux.intel.com>,
"H. Peter Anvin" <hpa@...or.com>, Andy Lutomirski <luto@...nel.org>,
Peter Zijlstra <peterz@...radead.org>, Michael Roth <michael.roth@....com>,
Ashish Kalra <ashish.kalra@....com>
Subject: Re: [PATCH v4 13/15] x86/sev: Take advantage of configfs visibility
support in TSM
On 4/29/24 08:35, Tom Lendacky wrote:
> On 4/26/24 16:58, Dan Williams wrote:
>> Tom Lendacky wrote:
>>> The TSM attestation report support provides multiple configfs attribute
>>> types (both for standard and binary attributes) to allow for additional
>>> attributes to be displayed for SNP as compared to TDX. With the ability
>>> to hide attributes via configfs, consoldate the multiple attribute
>>> groups
>>> into a single standard attribute group and a single binary attribute
>>> group. Modify the TDX support to hide the attributes that were
>>> previously
>>> "hidden" as a result of registering the selective attribute groups.
>>>
>>> Co-developed-by: Dan Williams <dan.j.williams@...el.com>
>>> Signed-off-by: Dan Williams <dan.j.williams@...el.com>
>>> Signed-off-by: Tom Lendacky <thomas.lendacky@....com>
>>> ---
>>> drivers/virt/coco/sev-guest/sev-guest.c | 3 +-
>>> drivers/virt/coco/tdx-guest/tdx-guest.c | 29 ++++++++-
>>> drivers/virt/coco/tsm.c | 82 ++++++++++++-------------
>>> include/linux/tsm.h | 41 ++++++++++---
>>> 4 files changed, 102 insertions(+), 53 deletions(-)
>> [..]
>>> diff --git a/drivers/virt/coco/tdx-guest/tdx-guest.c
>>> b/drivers/virt/coco/tdx-guest/tdx-guest.c
>>> index 1253bf76b570..964af57f345c 100644
>>> --- a/drivers/virt/coco/tdx-guest/tdx-guest.c
>>> +++ b/drivers/virt/coco/tdx-guest/tdx-guest.c
>> [..]
>>> @@ -249,6 +250,30 @@ static int tdx_report_new(struct tsm_report
>>> *report, void *data)
>>> return ret;
>>> }
>>> +static bool tdx_report_attr_visible(struct config_item *item,
>>> + struct configfs_attribute *attr, int n)
>>> +{
>>> + switch (n) {
>>> + case TSM_REPORT_GENERATION:
>>> + case TSM_REPORT_PROVIDER:
>>> + return true;
>>> + }
>>> +
>>> + return false;
>>> +}
>>> +
>>> +static bool tdx_report_bin_attr_visible(struct config_item *item,
>>> + struct configfs_bin_attribute *attr, int n)
>>> +{
>>> + switch (n) {
>>> + case TSM_REPORT_INBLOB:
>>> + case TSM_REPORT_OUTBLOB:
>>> + return true;
>>> + }
>>> +
>>> + return false;
>>> +}
>>
>> Why do these callbacks need @item and @attr?
>
> It is a generic callback from configfs, so outside of TSM, an
> implementation may find it useful to have these. But, with the code
> change to require the callback at the attribute level, now, these can be
> eliminated.
>
>>
>> [..]
>>> +static bool tsm_report_is_visible(struct config_item *item,
>>> + struct configfs_attribute *attr, int n)
>>
>> Per the comment on where to find the is_visible() callbacks for a given
>> item type, I expect the need to pass @item here goes away when this can
>> assume that there is only one way to have is_visible() invoked for
>> @attr, right?
>
> Yes.
But as I look closer, there is only a single ops callback pair
(is_visible() and is_bin_visible()), so as long there is never another
group / subdir defined under the TSM report, this works. But if another
group is added, then the item parameter would likely be needed or the
ops callback would have to be updated to differentiate for the vendor
(SNP/TDX).
Thanks,
Tom
>
> Thanks,
> Tom
>
>>
>> Other than that, this conversion looks good to me.
Powered by blists - more mailing lists