Re: [PATCH v3 4/4] platform/x86: intel_tdx_attest: Add TDX Guest attestation interface driver

From: Kai Huang <kai.huang@intel.com>
To: Isaku Yamahata <isaku.yamahata@gmail.com>,
	Sathyanarayanan Kuppuswamy 
	<sathyanarayanan.kuppuswamy@linux.intel.com>
Cc: Thomas Gleixner <tglx@linutronix.de>,
	Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
	Dave Hansen <dave.hansen@linux.intel.com>,
	x86@kernel.org, Hans de Goede <hdegoede@redhat.com>,
	Mark Gross <mgross@linux.intel.com>,
	"H . Peter Anvin" <hpa@zytor.com>,
	"Kirill A . Shutemov" <kirill.shutemov@linux.intel.com>,
	Tony Luck <tony.luck@intel.com>, Andi Kleen <ak@linux.intel.com>,
	linux-kernel@vger.kernel.org,
	platform-driver-x86@vger.kernel.org
Subject: Re: [PATCH v3 4/4] platform/x86: intel_tdx_attest: Add TDX Guest attestation interface driver
Date: Thu, 21 Apr 2022 22:33:09 +1200	[thread overview]
Message-ID: <48356d733067781b527fc0294317be27098f502d.camel@intel.com> (raw)
In-Reply-To: <20220421065707.GA1423762@private.email.ne.jp>

On Wed, 2022-04-20 at 23:57 -0700, Isaku Yamahata wrote:
> On Wed, Apr 20, 2022 at 07:42:06PM -0700,
> Sathyanarayanan Kuppuswamy <sathyanarayanan.kuppuswamy@linux.intel.com> wrote:
> 
> > 
> > 
> > On 4/20/22 5:11 PM, Kai Huang wrote:
> > > On Wed, 2022-04-20 at 16:45 -0700, Sathyanarayanan Kuppuswamy wrote:
> > > > If we want to support multiple GetQuote requests in parallel, then we
> > > > need some way to uniquely identify the GetQuote requests. So that when
> > > > we get completion notification, we can understand which request is
> > > > completed. This part is not mentioned/discussed in ABI spec. So we want
> > > > to serialize the requests for now.
> > > > 
> > > 
> > > Yes it's unfortunate that this part (whether concurrent GetQuote requests are
> > > supported by TDX architecture) is not explicitly mentioned in GHCI spec.  I am
> > > fine with only supporting GetQuote requests one by one.  AFAICT there's no
> > > request to support concurrent GetQuote requests anyway.  What concerns me is
> > > exactly how explain this.
> > > 
> > > As I said, we have GET_QUOTE_IN_FLIGHT flag now.  Theoretically, you can queue
> > > multiple GetQuote requests, and when you receive the interrupt, you check which
> > > buffer has GET_QUOTE_IN_FLIGHT cleared.  That buffer is the one with Quote
> > > ready.  However I am not 100% sure whether above will always work.  Interrupt
> > > can get lost when there are multiple Quotes ready in multiple buffer in very
> > > short time period, etc?  Perhaps Isaku can provide more input here.
> > 
> > Either supported or not, it should be mentioned in the GHCI spec. Currently,
> > there are no details related to it. If it is supported, the specification
> > should include the protocol to use.
> > 
> > I will check with Isaku about it.
> 
> The spec says that TD can call multiple GetQuote requests in parallel.
> 
>   TDG.VP.VMCALL<GetQuote> API allows one TD to issue multiple requests. It's
>   implementation specific that how many concurrent requests are allowed. The TD
>   should be able to handle TDG.VP.VMCALL_RETRY if it chooses to issue multiple
>   requests simultaneously
> 
> As Kai said, there is no requirement for multiple GetQuote in parallel, it's
> okay to support only single request at the same time.
> 
> While the status is GET_QUOTE_IN_FLIGHT, VMM owns the shared GPA.  The
> attestation driver should wait for GET_QUOTE_IN_FLIGHT to be cleared before
> sending next request.

Sorry I missed this in the spec.  Then as I mentioned above, TD should check
which buffer has GET_QUOTE_IN_FLIGHT bit cleared to determine which GetQuote
request is done?  I guess this is the only way.

Anyway, supporting single request only is fine to me.  Just needs some
explanation in comments or commit message.

-- 
Thanks,
-Kai