Re: [PATCH v3 10/14] configfs-tsm: Allow the privlevel_floor attribute to be updated
From: Dan Williams
Date: Tue Apr 16 2024 - 12:01:44 EST
Tom Lendacky wrote:
> On 4/15/24 23:55, Dan Williams wrote:
> > Tom Lendacky wrote:
> >> With the introduction of an SVSM, Linux will be running at a non-zero
> >> VMPL. Any request for an attestation report at a higher priviledge VMPL
> >> than what Linux is currently running will result in an error. Allow for
> >> the privlevel_floor attribute to be updated dynamically so that the
> >> attribute may be set dynamically.
> >>
> >> Signed-off-by: Tom Lendacky <thomas.lendacky@xxxxxxx>
> >> ---
> >> drivers/virt/coco/sev-guest/sev-guest.c | 5 ++++-
> >> include/linux/tsm.h | 2 +-
> >> 2 files changed, 5 insertions(+), 2 deletions(-)
> >>
> >> diff --git a/drivers/virt/coco/sev-guest/sev-guest.c b/drivers/virt/coco/sev-guest/sev-guest.c
> >> index 1ff897913bf4..bba6531cb606 100644
> >> --- a/drivers/virt/coco/sev-guest/sev-guest.c
> >> +++ b/drivers/virt/coco/sev-guest/sev-guest.c
> >> @@ -885,7 +885,7 @@ static int sev_report_new(struct tsm_report *report, void *data)
> >> return 0;
> >> }
> >>
> >> -static const struct tsm_ops sev_tsm_ops = {
> >> +static struct tsm_ops sev_tsm_ops = {
> >> .name = KBUILD_MODNAME,
> >> .report_new = sev_report_new,
> >> };
> >> @@ -972,6 +972,9 @@ static int __init sev_guest_probe(struct platform_device *pdev)
> >> snp_dev->input.resp_gpa = __pa(snp_dev->response);
> >> snp_dev->input.data_gpa = __pa(snp_dev->certs_data);
> >>
> >> + /* Set the privlevel_floor attribute based on the current VMPL */
> >> + sev_tsm_ops.privlevel_floor = snp_get_vmpl();
> >
> > Why is this not vmpck_id?
>
> Good catch, this probably should be pulled out separately and submitted
> as a Fixes: against the current support. If you think it's important
> enough, I can do that and put this at the beginning of the series. Or I
> can just modify this to use the vmpck_id value. Any preference?
I dunno, you tell me. What breaks if privlevel_floor is mismatched vs
vmpl and/or vmpck_id? If it warrants a "Fixes:" it should probably be
broken out.
However, I *guess* it is just adding some sanity checking precision to
userspace requests and makes some input validation not catch errors when
userspace tries to generate reports from the wrong level, right? I.e.
privlevel_floor may be lower than expected, but userspace should not be
depending on that since the report generation will fail.