From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 922F1C4332F for ; Thu, 3 Nov 2022 15:26:32 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231404AbiKCP0a (ORCPT ); Thu, 3 Nov 2022 11:26:30 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35076 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231685AbiKCP0U (ORCPT ); Thu, 3 Nov 2022 11:26:20 -0400 Received: from mail-lf1-x136.google.com (mail-lf1-x136.google.com [IPv6:2a00:1450:4864:20::136]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id EF0C922C for ; Thu, 3 Nov 2022 08:26:19 -0700 (PDT) Received: by mail-lf1-x136.google.com with SMTP id g12so3429517lfh.3 for ; Thu, 03 Nov 2022 08:26:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=4BY5DlnsfoABFbnnT81rilsRCXBmtf9PtWjig5RggbE=; b=M7nGiTqL926h/Ktu8OtWtVTXpJKPnauTw61CX04DN3Hk7Ss0Bp551cMO6RkDoo7rt+ 6TibphBd25K77+q3h9/8C4NaZqLoFDqXDeyE3XRSuETE7/4M/xYWAyH6/5Kd74v+612U n9c3idSlWQfLSY50tVaYomcS7oJBX7oKle0U9unBSu8CpameiDJ90mEwqJ39msySonyu TpO/id/OpTwSXVCsVG8ZJHrwDLY8PGvNMQEN85MIhxDkHfNJ72CkVzmJnNk/4KZgRmmq ooinN6rKLj4Bxf0naw8AqmDU0Bs3TwvfeqBr2ILPQApin5V2oTjjSYhHUiW3Co8fF7+v TQ8Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=4BY5DlnsfoABFbnnT81rilsRCXBmtf9PtWjig5RggbE=; b=S7COo2H9EYQ3u+4BwKvOxDx2S2P4rIuVckfO3Xlo4nz4KMwBP7iFl9iuHNPqvvIe+s mqnj1E+O2gAgLCEvvcCOS8v/JBe4Ls6zesz95qe1peam5/ZDfz7rKxULqKhRAaF52YTo GoTcjeVsqf8MnGjuN5Uvl5nMXROmkDDC0NGFzc+F3FPcTBJzjD2m+Q5puMBg1d0KHFRF JV84RYsTLTyJvRxci/8otjejKoQ4k++6Jf50H0kEHRPdBoAIA8DvNwfcLWDbBiJSU5k5 mKTBsnijKT9SXI60WqPMVPwooM+OtEp1tqnsBegFxi8ReIIzjGt8UK1YM8Tcw/e9rDOu t9zA== X-Gm-Message-State: ACrzQf0WQ6wL7IFmps6OK43Ul1ES5nd4CHtyAX71FlT3f2bfqLQGhhLy beZs7RO685ghPdn5ofOd3weztU1JpXnXN0BWRaY97Q== X-Google-Smtp-Source: AMsMyM5OO+W/JZcPKaiMpUFr3K8yO1nPpxMY9y/oXY5m224klhfDtpBTBRLZTnBBDjg+6zFjYOo/5Vz57ZC4ptlFeQg= X-Received: by 2002:a05:6512:138d:b0:4ae:5116:8ddb with SMTP id p13-20020a056512138d00b004ae51168ddbmr12581568lfa.558.1667489178099; Thu, 03 Nov 2022 08:26:18 -0700 (PDT) MIME-Version: 1.0 References: <20221102151836.1310509-1-dionnaglaze@google.com> In-Reply-To: <20221102151836.1310509-1-dionnaglaze@google.com> From: Peter Gonda Date: Thu, 3 Nov 2022 09:26:06 -0600 Message-ID: Subject: Re: [PATCH v5 0/4] Add throttling detection to sev-guest To: Dionna Glaze Cc: linux-kernel@vger.kernel.org, x86@kernel.org, Tom Lendacky , Paolo Bonzini , Joerg Roedel , Thomas Gleixner , Dave Hansen Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Nov 2, 2022 at 9:18 AM Dionna Glaze wrote: > > The guest request synchronous API from SEV-SNP VMs to the host's security > processor consumes a global resource. For this reason, AMD's docs > recommend that the host implements a throttling mechanism. In order for > the guest to know it's been throttled and should try its request again, > we need some good-faith communication from the host that the request > has been throttled. > > These patches work with the existing /dev/sev-guest ABI to detect a > throttling code. > > Changes from v4: > * Clarified comment on SEV_RET_NO_FW_CALL > * Changed ratelimit loop to use sleep_timeout_interruptible > Changes from v3: > * sev-guest ratelimits itself to one request twice a second. > * Fixed a type signature to use u64 instead of unsigned int > * Set *exitinfo2 unconditionally after the ghcb_hv_call. > Changes from v2: > * Codified the non-firmware-call firmware error code as (u32)-1. > * Changed sev_issue_guest_request unsigned long *fw_err argument to > u64 *exitinfo2 to more accurately and type-safely describe the > value that it outputs. > * Changed sev_issue_guest_request to always set its exitinfo2 > argument to either the non-firmware-call error code, the > EXIT_INFO_2 returned from the VMM if the request failed, or 0 on > success. This fixes a bug that returned uninitialized kernel stack > memory to the user when there is no error. > * Changed the throttle behavior to retry in the driver instead of > returning -EAGAIN, due to possible message sequence number reuse > on different message contents. > > Changes from v1: > * Changed throttle error code to 2 > > Cc: Tom Lendacky > Cc: Paolo Bonzini > Cc: Joerg Roedel > Cc: Peter Gonda > Cc: Thomas Gleixner > Cc: Dave Hansen > > Signed-off-by: Dionna Glaze Should this change be rebased on top of the 'virt: sev: Prevent IV reuse in SNP guest driver'? https://lore.kernel.org/lkml/20221103152318.88354-1-pgonda@google.com/ Since that change is a security fix?