SEV-SNP: Add KVM support for attestation and KVM_EXIT_COCO

[PATCH v1 2/5] x86/sev: Move sev_guest.h into common SEV header

Posted by Michael Roth 1 year, 2 months ago

sev_guest.h currently contains various definitions relating to the
format of SNP_GUEST_REQUEST commands to SNP firmware. Currently only the
sev-guest driver makes use of them, but when the KVM side of this is
implemented there's a need to parse the SNP_GUEST_REQUEST header to
determine whether additional information needs to be provided to the
guest. Prepare for this by moving those definitions to a common header
that's shared by host/guest code so that KVM can also make use of them.

Signed-off-by: Michael Roth <michael.roth@amd.com>
---
 arch/x86/include/asm/sev.h              | 48 +++++++++++++++++++
 drivers/virt/coco/sev-guest/sev-guest.c |  2 -
 drivers/virt/coco/sev-guest/sev-guest.h | 63 -------------------------
 3 files changed, 48 insertions(+), 65 deletions(-)
 delete mode 100644 drivers/virt/coco/sev-guest/sev-guest.h

diff --git a/arch/x86/include/asm/sev.h b/arch/x86/include/asm/sev.h
index 1936f37e3371..72f9ba3a2fee 100644
--- a/arch/x86/include/asm/sev.h
+++ b/arch/x86/include/asm/sev.h
@@ -119,6 +119,54 @@ struct snp_req_data {
 	unsigned int data_npages;
 };
 
+#define MAX_AUTHTAG_LEN		32
+
+/* See SNP spec SNP_GUEST_REQUEST section for the structure */
+enum msg_type {
+	SNP_MSG_TYPE_INVALID = 0,
+	SNP_MSG_CPUID_REQ,
+	SNP_MSG_CPUID_RSP,
+	SNP_MSG_KEY_REQ,
+	SNP_MSG_KEY_RSP,
+	SNP_MSG_REPORT_REQ,
+	SNP_MSG_REPORT_RSP,
+	SNP_MSG_EXPORT_REQ,
+	SNP_MSG_EXPORT_RSP,
+	SNP_MSG_IMPORT_REQ,
+	SNP_MSG_IMPORT_RSP,
+	SNP_MSG_ABSORB_REQ,
+	SNP_MSG_ABSORB_RSP,
+	SNP_MSG_VMRK_REQ,
+	SNP_MSG_VMRK_RSP,
+
+	SNP_MSG_TYPE_MAX
+};
+
+enum aead_algo {
+	SNP_AEAD_INVALID,
+	SNP_AEAD_AES_256_GCM,
+};
+
+struct snp_guest_msg_hdr {
+	u8 authtag[MAX_AUTHTAG_LEN];
+	u64 msg_seqno;
+	u8 rsvd1[8];
+	u8 algo;
+	u8 hdr_version;
+	u16 hdr_sz;
+	u8 msg_type;
+	u8 msg_version;
+	u16 msg_sz;
+	u32 rsvd2;
+	u8 msg_vmpck;
+	u8 rsvd3[35];
+} __packed;
+
+struct snp_guest_msg {
+	struct snp_guest_msg_hdr hdr;
+	u8 payload[4000];
+} __packed;
+
 struct sev_guest_platform_data {
 	u64 secrets_gpa;
 };
diff --git a/drivers/virt/coco/sev-guest/sev-guest.c b/drivers/virt/coco/sev-guest/sev-guest.c
index 654290a8e1ba..f0ea26f18cbf 100644
--- a/drivers/virt/coco/sev-guest/sev-guest.c
+++ b/drivers/virt/coco/sev-guest/sev-guest.c
@@ -29,8 +29,6 @@
 #include <asm/svm.h>
 #include <asm/sev.h>
 
-#include "sev-guest.h"
-
 #define DEVICE_NAME	"sev-guest"
 #define AAD_LEN		48
 #define MSG_HDR_VER	1
diff --git a/drivers/virt/coco/sev-guest/sev-guest.h b/drivers/virt/coco/sev-guest/sev-guest.h
deleted file mode 100644
index 21bda26fdb95..000000000000
--- a/drivers/virt/coco/sev-guest/sev-guest.h
+++ /dev/null
@@ -1,63 +0,0 @@
-/* SPDX-License-Identifier: GPL-2.0-only */
-/*
- * Copyright (C) 2021 Advanced Micro Devices, Inc.
- *
- * Author: Brijesh Singh <brijesh.singh@amd.com>
- *
- * SEV-SNP API spec is available at https://developer.amd.com/sev
- */
-
-#ifndef __VIRT_SEVGUEST_H__
-#define __VIRT_SEVGUEST_H__
-
-#include <linux/types.h>
-
-#define MAX_AUTHTAG_LEN		32
-
-/* See SNP spec SNP_GUEST_REQUEST section for the structure */
-enum msg_type {
-	SNP_MSG_TYPE_INVALID = 0,
-	SNP_MSG_CPUID_REQ,
-	SNP_MSG_CPUID_RSP,
-	SNP_MSG_KEY_REQ,
-	SNP_MSG_KEY_RSP,
-	SNP_MSG_REPORT_REQ,
-	SNP_MSG_REPORT_RSP,
-	SNP_MSG_EXPORT_REQ,
-	SNP_MSG_EXPORT_RSP,
-	SNP_MSG_IMPORT_REQ,
-	SNP_MSG_IMPORT_RSP,
-	SNP_MSG_ABSORB_REQ,
-	SNP_MSG_ABSORB_RSP,
-	SNP_MSG_VMRK_REQ,
-	SNP_MSG_VMRK_RSP,
-
-	SNP_MSG_TYPE_MAX
-};
-
-enum aead_algo {
-	SNP_AEAD_INVALID,
-	SNP_AEAD_AES_256_GCM,
-};
-
-struct snp_guest_msg_hdr {
-	u8 authtag[MAX_AUTHTAG_LEN];
-	u64 msg_seqno;
-	u8 rsvd1[8];
-	u8 algo;
-	u8 hdr_version;
-	u16 hdr_sz;
-	u8 msg_type;
-	u8 msg_version;
-	u16 msg_sz;
-	u32 rsvd2;
-	u8 msg_vmpck;
-	u8 rsvd3[35];
-} __packed;
-
-struct snp_guest_msg {
-	struct snp_guest_msg_hdr hdr;
-	u8 payload[4000];
-} __packed;
-
-#endif /* __VIRT_SEVGUEST_H__ */
-- 
2.25.1

Re: [PATCH v1 2/5] x86/sev: Move sev_guest.h into common SEV header

Posted by Tom Lendacky 1 year, 2 months ago


On 6/21/24 08:40, Michael Roth wrote:
> sev_guest.h currently contains various definitions relating to the
> format of SNP_GUEST_REQUEST commands to SNP firmware. Currently only the
> sev-guest driver makes use of them, but when the KVM side of this is
> implemented there's a need to parse the SNP_GUEST_REQUEST header to
> determine whether additional information needs to be provided to the
> guest. Prepare for this by moving those definitions to a common header
> that's shared by host/guest code so that KVM can also make use of them.
> 
> Signed-off-by: Michael Roth <michael.roth@amd.com>

Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com>

Nikunj does something similar in his Secure TSC patches. So depending on
which series goes in first...

Thanks,
Tom

> ---
>  arch/x86/include/asm/sev.h              | 48 +++++++++++++++++++
>  drivers/virt/coco/sev-guest/sev-guest.c |  2 -
>  drivers/virt/coco/sev-guest/sev-guest.h | 63 -------------------------
>  3 files changed, 48 insertions(+), 65 deletions(-)
>  delete mode 100644 drivers/virt/coco/sev-guest/sev-guest.h
> 
> diff --git a/arch/x86/include/asm/sev.h b/arch/x86/include/asm/sev.h
> index 1936f37e3371..72f9ba3a2fee 100644
> --- a/arch/x86/include/asm/sev.h
> +++ b/arch/x86/include/asm/sev.h
> @@ -119,6 +119,54 @@ struct snp_req_data {
>  	unsigned int data_npages;
>  };
>  
> +#define MAX_AUTHTAG_LEN		32
> +
> +/* See SNP spec SNP_GUEST_REQUEST section for the structure */
> +enum msg_type {
> +	SNP_MSG_TYPE_INVALID = 0,
> +	SNP_MSG_CPUID_REQ,
> +	SNP_MSG_CPUID_RSP,
> +	SNP_MSG_KEY_REQ,
> +	SNP_MSG_KEY_RSP,
> +	SNP_MSG_REPORT_REQ,
> +	SNP_MSG_REPORT_RSP,
> +	SNP_MSG_EXPORT_REQ,
> +	SNP_MSG_EXPORT_RSP,
> +	SNP_MSG_IMPORT_REQ,
> +	SNP_MSG_IMPORT_RSP,
> +	SNP_MSG_ABSORB_REQ,
> +	SNP_MSG_ABSORB_RSP,
> +	SNP_MSG_VMRK_REQ,
> +	SNP_MSG_VMRK_RSP,
> +
> +	SNP_MSG_TYPE_MAX
> +};
> +
> +enum aead_algo {
> +	SNP_AEAD_INVALID,
> +	SNP_AEAD_AES_256_GCM,
> +};
> +
> +struct snp_guest_msg_hdr {
> +	u8 authtag[MAX_AUTHTAG_LEN];
> +	u64 msg_seqno;
> +	u8 rsvd1[8];
> +	u8 algo;
> +	u8 hdr_version;
> +	u16 hdr_sz;
> +	u8 msg_type;
> +	u8 msg_version;
> +	u16 msg_sz;
> +	u32 rsvd2;
> +	u8 msg_vmpck;
> +	u8 rsvd3[35];
> +} __packed;
> +
> +struct snp_guest_msg {
> +	struct snp_guest_msg_hdr hdr;
> +	u8 payload[4000];
> +} __packed;
> +
>  struct sev_guest_platform_data {
>  	u64 secrets_gpa;
>  };
> diff --git a/drivers/virt/coco/sev-guest/sev-guest.c b/drivers/virt/coco/sev-guest/sev-guest.c
> index 654290a8e1ba..f0ea26f18cbf 100644
> --- a/drivers/virt/coco/sev-guest/sev-guest.c
> +++ b/drivers/virt/coco/sev-guest/sev-guest.c
> @@ -29,8 +29,6 @@
>  #include <asm/svm.h>
>  #include <asm/sev.h>
>  
> -#include "sev-guest.h"
> -
>  #define DEVICE_NAME	"sev-guest"
>  #define AAD_LEN		48
>  #define MSG_HDR_VER	1
> diff --git a/drivers/virt/coco/sev-guest/sev-guest.h b/drivers/virt/coco/sev-guest/sev-guest.h
> deleted file mode 100644
> index 21bda26fdb95..000000000000
> --- a/drivers/virt/coco/sev-guest/sev-guest.h
> +++ /dev/null
> @@ -1,63 +0,0 @@
> -/* SPDX-License-Identifier: GPL-2.0-only */
> -/*
> - * Copyright (C) 2021 Advanced Micro Devices, Inc.
> - *
> - * Author: Brijesh Singh <brijesh.singh@amd.com>
> - *
> - * SEV-SNP API spec is available at https://developer.amd.com/sev
> - */
> -
> -#ifndef __VIRT_SEVGUEST_H__
> -#define __VIRT_SEVGUEST_H__
> -
> -#include <linux/types.h>
> -
> -#define MAX_AUTHTAG_LEN		32
> -
> -/* See SNP spec SNP_GUEST_REQUEST section for the structure */
> -enum msg_type {
> -	SNP_MSG_TYPE_INVALID = 0,
> -	SNP_MSG_CPUID_REQ,
> -	SNP_MSG_CPUID_RSP,
> -	SNP_MSG_KEY_REQ,
> -	SNP_MSG_KEY_RSP,
> -	SNP_MSG_REPORT_REQ,
> -	SNP_MSG_REPORT_RSP,
> -	SNP_MSG_EXPORT_REQ,
> -	SNP_MSG_EXPORT_RSP,
> -	SNP_MSG_IMPORT_REQ,
> -	SNP_MSG_IMPORT_RSP,
> -	SNP_MSG_ABSORB_REQ,
> -	SNP_MSG_ABSORB_RSP,
> -	SNP_MSG_VMRK_REQ,
> -	SNP_MSG_VMRK_RSP,
> -
> -	SNP_MSG_TYPE_MAX
> -};
> -
> -enum aead_algo {
> -	SNP_AEAD_INVALID,
> -	SNP_AEAD_AES_256_GCM,
> -};
> -
> -struct snp_guest_msg_hdr {
> -	u8 authtag[MAX_AUTHTAG_LEN];
> -	u64 msg_seqno;
> -	u8 rsvd1[8];
> -	u8 algo;
> -	u8 hdr_version;
> -	u16 hdr_sz;
> -	u8 msg_type;
> -	u8 msg_version;
> -	u16 msg_sz;
> -	u32 rsvd2;
> -	u8 msg_vmpck;
> -	u8 rsvd3[35];
> -} __packed;
> -
> -struct snp_guest_msg {
> -	struct snp_guest_msg_hdr hdr;
> -	u8 payload[4000];
> -} __packed;
> -
> -#endif /* __VIRT_SEVGUEST_H__ */

Re: [PATCH v1 2/5] x86/sev: Move sev_guest.h into common SEV header

Posted by Liam Merwick 1 year, 2 months ago

On 21/06/2024 14:40, Michael Roth wrote:
> sev_guest.h currently contains various definitions relating to the
> format of SNP_GUEST_REQUEST commands to SNP firmware. Currently only the
> sev-guest driver makes use of them, but when the KVM side of this is
> implemented there's a need to parse the SNP_GUEST_REQUEST header to
> determine whether additional information needs to be provided to the
> guest. Prepare for this by moving those definitions to a common header
> that's shared by host/guest code so that KVM can also make use of them.
> 
> Signed-off-by: Michael Roth <michael.roth@amd.com>

Reviewed-by: Liam Merwick <liam.merwick@oracle.com>


> ---
>   arch/x86/include/asm/sev.h              | 48 +++++++++++++++++++
>   drivers/virt/coco/sev-guest/sev-guest.c |  2 -
>   drivers/virt/coco/sev-guest/sev-guest.h | 63 -------------------------
>   3 files changed, 48 insertions(+), 65 deletions(-)
>   delete mode 100644 drivers/virt/coco/sev-guest/sev-guest.h
>

[PATCH v1 1/5] KVM: SEV: Provide support for SNP_GUEST_REQUEST NAE event
[PATCH v1 2/5] x86/sev: Move sev_guest.h into common SEV header
[PATCH v1 3/5] KVM: SEV: Provide support for SNP_EXTENDED_GUEST_REQUEST NAE event
[PATCH v1 4/5] KVM: Introduce KVM_EXIT_COCO exit type
[PATCH v1 5/5] KVM: SEV: Add certificate support for SNP_EXTENDED_GUEST_REQUEST events