lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <48b4ec49-76f2-4b82-8551-02dd876d1da0@linux.intel.com>
Date: Wed, 3 Dec 2025 10:04:56 -0800
From: Sathyanarayanan Kuppuswamy <sathyanarayanan.kuppuswamy@...ux.intel.com>
To: Dave Hansen <dave.hansen@...el.com>, "Kirill A . Shutemov"
 <kas@...nel.org>
Cc: Rick Edgecombe <rick.p.edgecombe@...el.com>,
 Dave Hansen <dave.hansen@...ux.intel.com>,
 Dan Williams <dan.j.williams@...el.com>, x86@...nel.org,
 linux-kernel@...r.kernel.org, linux-coco@...ts.linux.dev
Subject: Re: [PATCH v5] virt: tdx-guest: Handle GetQuote request error code

Hi Dave,

On 12/2/25 4:03 PM, Dave Hansen wrote:
> On 12/2/25 16:00, Kuppuswamy Sathyanarayanan wrote:
>> The reason the kernel must parse the status field is that the failure
>> code is only available in the header portion of the shared GPA buffer
>> populated by the VMM. Userspace currently does not have access to this
>> header since we only expose the Quote payload itself. Because userspace
>> cannot directly interpret the VMM status codes, the kernel needs to parse
>> them and return appropriate generic error codes.
> That's kinda the key to this.

Agreed. I have reworked the commit message to make this the primary
motivation.

>
> Users are poking at sysfs and expect (near) universal explicit errors.
> Are they even doing this from shell scripts most of the time?

Yes, many users validate the GetQuote flow using simple shell scripts or other
minimal tooling. Since there is no common userspace library for this interface,
each vendor or user typically has their own implementation.

>
> Also, please don't just keep tacking gunk onto the changelog. Start
> cutting out the cruft, please.

Got it. How about the following version?

virt: tdx-guest: Return explicit errors for GetQuote failures

TD users often retrieve the Quote through simple libraries or shell
scripts over the configfs interface. In such cases, direct error
returns from the kernel for Quote failures are preferred and simplify
failure detection. Prior to this patch, certain VMM reported GetQuote
failures, such as Quote service unavailability or VMM processing
errors, were silently reported as success with a zero length Quote
buffer. This behavior is ambiguous and makes failure detection
complex.

The VMM reports these failures through the status Code in the header
portion of the shared GPA buffer (refer to GHCI specification v1.5
March 2023, sec titled TDG.VP.VMCALL<GetQuote>, Table 3-10 and Table
3-11 for GPA format and status code details). Userspace does not have
access to this header because only the Quote payload is exposed
through configfs. Therefore, the kernel must parse the status and
translate VMM failures into proper error codes.

Update the TDX guest driver to return explicit kernel errors for all
VMM reported GetQuote failure cases. This preserves existing ABI
behavior because userspace already treats a zero length Quote as a
failure indication. The only change is that such failures now return
explicit error codes instead of silently succeeding.

>
-- 
Sathyanarayanan Kuppuswamy
Linux Kernel Developer

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ