diff mbox series

[08/11] x86/sev: Provide guest VMPL level to userspace

Message ID	61316ac5a8217f0397da87c78c2db08580ad75a5.1706307364.git.thomas.lendacky@amd.com
State	New
Headers	Received-SPF: pass (google.com: domain of linux-kernel+bounces-40746-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) client-ip=2604:1380:4601:e00::3; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C From: Tom Lendacky <thomas.lendacky@amd.com> To: <linux-kernel@vger.kernel.org>, <x86@kernel.org> CC: Thomas Gleixner <tglx@linutronix.de>, Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>, Dave Hansen <dave.hansen@linux.intel.com>, "H. Peter Anvin" <hpa@zytor.com>, Andy Lutomirski <luto@kernel.org>, "Peter Zijlstra" <peterz@infradead.org>, Dan Williams <dan.j.williams@intel.com>, Michael Roth <michael.roth@amd.com>, Ashish Kalra <ashish.kalra@amd.com> Subject: [PATCH 08/11] x86/sev: Provide guest VMPL level to userspace Date: Fri, 26 Jan 2024 16:16:01 -0600 Message-ID: <61316ac5a8217f0397da87c78c2db08580ad75a5.1706307364.git.thomas.lendacky@amd.com> In-Reply-To: <cover.1706307364.git.thomas.lendacky@amd.com> References: <cover.1706307364.git.thomas.lendacky@amd.com> Precedence: bulk MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain
Series	Provide SEV-SNP support for running under an SVSM \| [00/11] Provide SEV-SNP support for running under an SVSM [01/11] x86/sev: Rename snp_init() in the boot/compressed/sev.c file [02/11] x86/sev: Make the VMPL0 checking function more generic [03/11] x86/sev: Check for the presence of an SVSM in the SNP Secrets page [04/11] x86/sev: Use kernel provided SVSM Calling Areas [05/11] x86/sev: Perform PVALIDATE using the SVSM when not at VMPL0 [06/11] x86/sev: Use the SVSM to create a vCPU when not in VMPL0 [07/11] x86/sev: Provide SVSM discovery support [08/11] x86/sev: Provide guest VMPL level to userspace [09/11] virt: sev-guest: Choose the VMPCK key based on executing VMPL [10/11] x86/sev: Extend the config-fs attestation support for an SVSM [11/11] x86/sev: Allow non-VMPL0 execution when an SVSM is present

Commit Message

Tom Lendacky Jan. 26, 2024, 10:16 p.m. UTC

  Requesting an attestation report from userspace involves providing the
VMPL level for the report. Currently any value from 0-3 is valid because
Linux enforces running at VMPL0.

When an SVSM is present, though, Linux will not be running at VMPL0 and
only VMPL values starting at the VMPL level Linux is running at to 3 are
valid. In order to allow userspace to determine the minimum VMPL value
that can be supplied to an attestation report, create a sysfs entry that
can be used to retrieve the current VMPL level of Linux.

Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
---
 arch/x86/kernel/sev.c | 37 +++++++++++++++++++++++++++++++++++++
 1 file changed, 37 insertions(+)

Comments

Dionna Amalie Glaze Jan. 27, 2024, 1:06 a.m. UTC | #1

On Fri, Jan 26, 2024 at 2:19 PM Tom Lendacky <thomas.lendacky@amd.com> wrote:
>
> Requesting an attestation report from userspace involves providing the
> VMPL level for the report. Currently any value from 0-3 is valid because
> Linux enforces running at VMPL0.
>
> When an SVSM is present, though, Linux will not be running at VMPL0 and
> only VMPL values starting at the VMPL level Linux is running at to 3 are
> valid. In order to allow userspace to determine the minimum VMPL value
> that can be supplied to an attestation report, create a sysfs entry that
> can be used to retrieve the current VMPL level of Linux.

Is this not the intended meaning of privlevel_floor in
/sys/kernel/config/tsm/report/$report0/privlevel_floor?

>
> Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
> ---
>  arch/x86/kernel/sev.c | 37 +++++++++++++++++++++++++++++++++++++
>  1 file changed, 37 insertions(+)
>
> diff --git a/arch/x86/kernel/sev.c b/arch/x86/kernel/sev.c
> index 121a9bad86c9..9844c772099c 100644
> --- a/arch/x86/kernel/sev.c
> +++ b/arch/x86/kernel/sev.c
> @@ -2479,3 +2479,40 @@ void __init snp_remap_svsm_ca(void)
>         /* Update the CAA to a proper kernel address */
>         boot_svsm_caa = &boot_svsm_ca_page;
>  }
> +
> +static ssize_t vmpl_show(struct kobject *kobj,
> +                        struct kobj_attribute *attr, char *buf)
> +{
> +       return sysfs_emit(buf, "%d\n", vmpl);
> +}
> +
> +static struct kobj_attribute vmpl_attr = __ATTR_RO(vmpl);
> +
> +static struct attribute *vmpl_attrs[] = {
> +       &vmpl_attr.attr,
> +       NULL
> +};
> +
> +static struct attribute_group sev_attr_group = {
> +       .attrs = vmpl_attrs,
> +};
> +
> +static int __init sev_sysfs_init(void)
> +{
> +       struct kobject *sev_kobj;
> +       int ret;
> +
> +       if (!cc_platform_has(CC_ATTR_GUEST_SEV_SNP))
> +               return -ENODEV;
> +
> +       sev_kobj = kobject_create_and_add("sev", kernel_kobj);
> +       if (!sev_kobj)
> +               return -ENOMEM;
> +
> +       ret = sysfs_create_group(sev_kobj, &sev_attr_group);
> +       if (ret)
> +               kobject_put(sev_kobj);
> +
> +       return ret;
> +}
> +arch_initcall(sev_sysfs_init);
> --
> 2.42.0
>
>

Tom Lendacky Jan. 27, 2024, 3:43 p.m. UTC | #2

On 1/26/24 19:06, Dionna Amalie Glaze wrote:
> On Fri, Jan 26, 2024 at 2:19 PM Tom Lendacky <thomas.lendacky@amd.com> wrote:
>>
>> Requesting an attestation report from userspace involves providing the
>> VMPL level for the report. Currently any value from 0-3 is valid because
>> Linux enforces running at VMPL0.
>>
>> When an SVSM is present, though, Linux will not be running at VMPL0 and
>> only VMPL values starting at the VMPL level Linux is running at to 3 are
>> valid. In order to allow userspace to determine the minimum VMPL value
>> that can be supplied to an attestation report, create a sysfs entry that
>> can be used to retrieve the current VMPL level of Linux.
> 
> Is this not the intended meaning of privlevel_floor in
> /sys/kernel/config/tsm/report/$report0/privlevel_floor?

Hmmm... possibly. But that would make someone using the ioctl() (which is 
still available) have to use the config-tsm support to get the value. If 
the overall consensus is not to have a sysfs entry, I'll remove it, but it 
could be useful beyond just attestation.

Your comment does make me realize that I did miss changing privlevel_floor 
for the TSM support. I need to set privlevel_floor to the current VMPL level.

Thanks,
Tom

>

diff mbox series

Patch

diff --git a/arch/x86/kernel/sev.c b/arch/x86/kernel/sev.c
index 121a9bad86c9..9844c772099c 100644
--- a/arch/x86/kernel/sev.c
+++ b/arch/x86/kernel/sev.c
@@ -2479,3 +2479,40 @@  void __init snp_remap_svsm_ca(void)
 	/* Update the CAA to a proper kernel address */
 	boot_svsm_caa = &boot_svsm_ca_page;
 }
+
+static ssize_t vmpl_show(struct kobject *kobj,
+			 struct kobj_attribute *attr, char *buf)
+{
+	return sysfs_emit(buf, "%d\n", vmpl);
+}
+
+static struct kobj_attribute vmpl_attr = __ATTR_RO(vmpl);
+
+static struct attribute *vmpl_attrs[] = {
+	&vmpl_attr.attr,
+	NULL
+};
+
+static struct attribute_group sev_attr_group = {
+	.attrs = vmpl_attrs,
+};
+
+static int __init sev_sysfs_init(void)
+{
+	struct kobject *sev_kobj;
+	int ret;
+
+	if (!cc_platform_has(CC_ATTR_GUEST_SEV_SNP))
+		return -ENODEV;
+
+	sev_kobj = kobject_create_and_add("sev", kernel_kobj);
+	if (!sev_kobj)
+		return -ENOMEM;
+
+	ret = sysfs_create_group(sev_kobj, &sev_attr_group);
+	if (ret)
+		kobject_put(sev_kobj);
+
+	return ret;
+}
+arch_initcall(sev_sysfs_init);