Re: [PATCH iommufd 1/9] irq: Add msi_device_has_secure_msi()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 08 Dec 2022 20:26:28 +0000,
Jason Gunthorpe <jgg@xxxxxxxxxx> wrote:
> 
> This will replace irq_domain_check_msi_remap() in following patches.
> 
> The new API makes it more clear what "msi_remap" actually means from a
> functional perspective instead of identifying an implementation specific
> HW feature.
> 
> Secure MSI means that an irq_domain on the path from the initiating device

irq_domain is a SW construct, and you are trying to validate something
that is HW property.

"Secure" is also a terribly overloaded term that means very different
things in non-x86 circles. When I read this, I see an ARM system with
a device generating an MSI with the "secure" bit set as part of the
transaction and identifying the memory access as being part of the
"secure" domain.

But that's not what you mean at all.

> to the CPU will validate that the MSI message specifies an interrupt
> number that the initiating device is authorized to trigger. Secure MSI
> must block devices from triggering interrupts they are not authorized to
> trigger. Currently authorization means the MSI vector is one assigned to
> the device.

What you are describing here is a *device isolation* property, and I'd
rather we stay away from calling that "secure". If anything, I'd
rather call everything else "broken".

	M.

-- 
Without deviation from the norm, progress is not possible.



[Index of Archives]     [KVM ARM]     [KVM ia64]     [KVM ppc]     [Virtualization Tools]     [Spice Development]     [Libvirt]     [Libvirt Users]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite Questions]     [Linux Kernel]     [Linux SCSI]     [XFree86]

  Powered by Linux