[0/3] clean up interface between KVM and psp

Message ID	20210816202441.4098523-1-mizhang@google.com
Headers	show Return-Path: <linux-crypto-owner@kernel.org> Reply-To: Mingwei Zhang <mizhang@google.com> Date: Mon, 16 Aug 2021 20:24:38 +0000 Message-Id: <20210816202441.4098523-1-mizhang@google.com> Mime-Version: 1.0 Subject: [PATCH 0/3] clean up interface between KVM and psp From: Mingwei Zhang <mizhang@google.com> To: Paolo Bonzini <pbonzini@redhat.com>, Brijesh Singh <brijesh.singh@amd.com>, Tom Lendacky <thomas.lendacky@amd.com>, John Allen <john.allen@amd.com> Cc: Sean Christopherson <seanjc@google.com>, Vitaly Kuznetsov <vkuznets@redhat.com>, Wanpeng Li <wanpengli@tencent.com>, Jim Mattson <jmattson@google.com>, Joerg Roedel <joro@8bytes.org>, kvm@vger.kernel.org, linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org, Alper Gun <alpergun@google.com>, Borislav Petkov <bp@alien8.de>, David Rienjes <rientjes@google.com>, Marc Orr <marcorr@google.com>, Peter Gonda <pgonda@google.com>, Vipin Sharma <vipinsh@google.com>, Mingwei Zhang <mizhang@google.com> Content-Type: text/plain; charset="UTF-8" Precedence: bulk
Series	clean up interface between KVM and psp \| expand [0/3] clean up interface between KVM and psp [1/3] KVM: SVM: move sev_decommission to psp driver [2/3] KVM: SVM: move sev_bind_asid to psp [3/3] KVM: SVM: move sev_unbind_asid and DF_FLUSH logic into psp

Message ID

20210816202441.4098523-1-mizhang@google.com

Headers

Reply-To: Mingwei Zhang <mizhang@google.com>
Date: Mon, 16 Aug 2021 20:24:38 +0000
Message-Id: <20210816202441.4098523-1-mizhang@google.com>
Mime-Version: 1.0
Subject: [PATCH 0/3] clean up interface between KVM and psp
From: Mingwei Zhang <mizhang@google.com>
To: Paolo Bonzini <pbonzini@redhat.com>,
	Brijesh Singh <brijesh.singh@amd.com>,
	Tom Lendacky <thomas.lendacky@amd.com>, John Allen <john.allen@amd.com>
Cc: Sean Christopherson <seanjc@google.com>,
	Vitaly Kuznetsov <vkuznets@redhat.com>,
	Wanpeng Li <wanpengli@tencent.com>, Jim Mattson <jmattson@google.com>,
	Joerg Roedel <joro@8bytes.org>, kvm@vger.kernel.org,
	linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org,
	Alper Gun <alpergun@google.com>, Borislav Petkov <bp@alien8.de>,
	David Rienjes <rientjes@google.com>,
	Marc Orr <marcorr@google.com>, Peter Gonda <pgonda@google.com>,
	Vipin Sharma <vipinsh@google.com>, Mingwei Zhang <mizhang@google.com>
Content-Type: text/plain; charset="UTF-8"
Precedence: bulk

Series

clean up interface between KVM and psp | expand

Message

Mingwei Zhang Aug. 16, 2021, 8:24 p.m. UTC

This patch set is trying to help make the interface between KVM and psp
cleaner and simpler. In particular, the patches do the following
improvements:
 - avoid the requirement of psp data structures for some psp APIs.
 - hide error handling within psp API, eg., using sev_decommission.
 - hide the serialization requirement between DF_FLUSH and DEACTIVATE.

Mingwei Zhang (3):
  KVM: SVM: move sev_decommission to psp driver
  KVM: SVM: move sev_bind_asid to psp
  KVM: SVM: move sev_unbind_asid and DF_FLUSH logic into psp

 arch/x86/kvm/svm/sev.c       | 69 ++++--------------------------------
 drivers/crypto/ccp/sev-dev.c | 57 +++++++++++++++++++++++++++--
 include/linux/psp-sev.h      | 44 ++++++++++++++++++++---
 3 files changed, 102 insertions(+), 68 deletions(-)

--
2.33.0.rc1.237.g0d66db33f3-goog

Comments

Paolo Bonzini Aug. 17, 2021, 8:54 a.m. UTC | #1

On 16/08/21 22:24, Mingwei Zhang wrote:
> This patch set is trying to help make the interface between KVM and psp

> cleaner and simpler. In particular, the patches do the following

> improvements:

>   - avoid the requirement of psp data structures for some psp APIs.

>   - hide error handling within psp API, eg., using sev_decommission.

>   - hide the serialization requirement between DF_FLUSH and DEACTIVATE.

> 

> Mingwei Zhang (3):

>    KVM: SVM: move sev_decommission to psp driver

>    KVM: SVM: move sev_bind_asid to psp

>    KVM: SVM: move sev_unbind_asid and DF_FLUSH logic into psp


No objections apart from the build failure on patch 1.  However, it's up 
to Tom whether they prefer this logic in KVM or the PSP driver.

Paolo

Mingwei Zhang Aug. 17, 2021, 6:08 p.m. UTC | #2

Hi Paolo,

Thanks for the prompt reply. I will update the code and will be
waiting for Tom and other AMD folks' feedback.

Thanks. Regards
-Mingwei

On Tue, Aug 17, 2021 at 1:54 AM Paolo Bonzini <pbonzini@redhat.com> wrote:
>

> On 16/08/21 22:24, Mingwei Zhang wrote:

> > This patch set is trying to help make the interface between KVM and psp

> > cleaner and simpler. In particular, the patches do the following

> > improvements:

> >   - avoid the requirement of psp data structures for some psp APIs.

> >   - hide error handling within psp API, eg., using sev_decommission.

> >   - hide the serialization requirement between DF_FLUSH and DEACTIVATE.

> >

> > Mingwei Zhang (3):

> >    KVM: SVM: move sev_decommission to psp driver

> >    KVM: SVM: move sev_bind_asid to psp

> >    KVM: SVM: move sev_unbind_asid and DF_FLUSH logic into psp

>

> No objections apart from the build failure on patch 1.  However, it's up

> to Tom whether they prefer this logic in KVM or the PSP driver.

>

> Paolo

>

Brijesh Singh Aug. 17, 2021, 7:54 p.m. UTC | #3

On 8/17/21 1:08 PM, Mingwei Zhang wrote:
> Hi Paolo,

> 

> Thanks for the prompt reply. I will update the code and will be

> waiting for Tom and other AMD folks' feedback.

> 

> Thanks. Regards

> -Mingwei

> 

> On Tue, Aug 17, 2021 at 1:54 AM Paolo Bonzini <pbonzini@redhat.com> wrote:

>>

>> On 16/08/21 22:24, Mingwei Zhang wrote:

>>> This patch set is trying to help make the interface between KVM and psp

>>> cleaner and simpler. In particular, the patches do the following

>>> improvements:

>>>    - avoid the requirement of psp data structures for some psp APIs.

>>>    - hide error handling within psp API, eg., using sev_decommission.

>>>    - hide the serialization requirement between DF_FLUSH and DEACTIVATE.

>>>

>>> Mingwei Zhang (3):

>>>     KVM: SVM: move sev_decommission to psp driver

>>>     KVM: SVM: move sev_bind_asid to psp

>>>     KVM: SVM: move sev_unbind_asid and DF_FLUSH logic into psp

>>

>> No objections apart from the build failure on patch 1.  However, it's up

>> to Tom whether they prefer this logic in KVM or the PSP driver.

>>

I have no objection to move those functions in SEV drv.

With build fix

Acked-by: Brijesh Singh <brijesh.singh@amd.com>

Just for the context, SEV API commands are divided in two sets:

1. commands to provision the host (such as PDH_GEN, CSR, CERT_EXPORT, 
CERT_IMPORT ...)
2. commands to manage the guest (such as LAUNCH_START, LAUNCH_UPDATE ...)

I was trying to keep all the guest management commands functions within 
KVM because no other driver needs it. Having said that, we made 
exception for the decommission and activate so we can cleanup the 
firmware resource in non-process context.

thanks

Mingwei Zhang Aug. 18, 2021, 5:34 a.m. UTC | #4

>

> I have no objection to move those functions in SEV drv.

>

> With build fix

>

> Acked-by: Brijesh Singh <brijesh.singh@amd.com>

>

Thanks for the ack. Will fix all build issues in the next version.

> I was trying to keep all the guest management commands functions within

> KVM because no other driver needs it. Having said that, we made

> exception for the decommission and activate so we can cleanup the

> firmware resource in non-process context.

>

Yes, ACTIVATE  / DECOMMISSION is one case that illustrates the need to
care about their internal relationship. And there is another case,
which is the serialization requirement between DF_FLUSH and
DEACTIVATE. This requires KVM to maintain an extra RWSEM. So I feel
that it would be good to hide these details away from KVM even if KVM
is the only user.

Thanks.
-Mingwei