RE: [PATCH v5 06/14] x86/ioremap: Support hypervisor specified range to map as encrypted

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Subject: RE: [PATCH v5 06/14] x86/ioremap: Support hypervisor specified range to map as encrypted
From: "Michael Kelley (LINUX)" <mikelley@xxxxxxxxxxxxx>
Date: Tue, 7 Feb 2023 19:48:06 +0000
Cc: "hpa@xxxxxxxxx" <hpa@xxxxxxxxx>, KY Srinivasan <kys@xxxxxxxxxxxxx>, Haiyang Zhang <haiyangz@xxxxxxxxxxxxx>, "wei.liu@xxxxxxxxxx" <wei.liu@xxxxxxxxxx>, Dexuan Cui <decui@xxxxxxxxxxxxx>, "luto@xxxxxxxxxx" <luto@xxxxxxxxxx>, "peterz@xxxxxxxxxxxxx" <peterz@xxxxxxxxxxxxx>, "davem@xxxxxxxxxxxxx" <davem@xxxxxxxxxxxxx>, "edumazet@xxxxxxxxxx" <edumazet@xxxxxxxxxx>, "kuba@xxxxxxxxxx" <kuba@xxxxxxxxxx>, "pabeni@xxxxxxxxxx" <pabeni@xxxxxxxxxx>, "lpieralisi@xxxxxxxxxx" <lpieralisi@xxxxxxxxxx>, "robh@xxxxxxxxxx" <robh@xxxxxxxxxx>, "kw@xxxxxxxxx" <kw@xxxxxxxxx>, "bhelgaas@xxxxxxxxxx" <bhelgaas@xxxxxxxxxx>, "arnd@xxxxxxxx" <arnd@xxxxxxxx>, "hch@xxxxxx" <hch@xxxxxx>, "m.szyprowski@xxxxxxxxxxx" <m.szyprowski@xxxxxxxxxxx>, "robin.murphy@xxxxxxx" <robin.murphy@xxxxxxx>, "thomas.lendacky@xxxxxxx" <thomas.lendacky@xxxxxxx>, "brijesh.singh@xxxxxxx" <brijesh.singh@xxxxxxx>, "tglx@xxxxxxxxxxxxx" <tglx@xxxxxxxxxxxxx>, "mingo@xxxxxxxxxx" <mingo@xxxxxxxxxx>, "dave.hansen@xxxxxxxxxxxxxxx" <dave.hansen@xxxxxxxxxxxxxxx>, Tianyu Lan <Tianyu.Lan@xxxxxxxxxxxxx>, "kirill.shutemov@xxxxxxxxxxxxxxx" <kirill.shutemov@xxxxxxxxxxxxxxx>, "sathyanarayanan.kuppuswamy@xxxxxxxxxxxxxxx" <sathyanarayanan.kuppuswamy@xxxxxxxxxxxxxxx>, "ak@xxxxxxxxxxxxxxx" <ak@xxxxxxxxxxxxxxx>, "isaku.yamahata@xxxxxxxxx" <isaku.yamahata@xxxxxxxxx>, "dan.j.williams@xxxxxxxxx" <dan.j.williams@xxxxxxxxx>, "jane.chu@xxxxxxxxxx" <jane.chu@xxxxxxxxxx>, "seanjc@xxxxxxxxxx" <seanjc@xxxxxxxxxx>, "tony.luck@xxxxxxxxx" <tony.luck@xxxxxxxxx>, "x86@xxxxxxxxxx" <x86@xxxxxxxxxx>, "linux-kernel@xxxxxxxxxxxxxxx" <linux-kernel@xxxxxxxxxxxxxxx>, "linux-hyperv@xxxxxxxxxxxxxxx" <linux-hyperv@xxxxxxxxxxxxxxx>, "netdev@xxxxxxxxxxxxxxx" <netdev@xxxxxxxxxxxxxxx>, "linux-pci@xxxxxxxxxxxxxxx" <linux-pci@xxxxxxxxxxxxxxx>, "linux-arch@xxxxxxxxxxxxxxx" <linux-arch@xxxxxxxxxxxxxxx>, "iommu@xxxxxxxxxxxxxxx" <iommu@xxxxxxxxxxxxxxx>
In-reply-to: <Y+KndbrS1/1i0IFd@zn.tnic>
Msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ActionId=28683558-a762-444d-ade7-bb3e7b108450;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ContentBits=0;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=true;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Method=Standard;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=Internal;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2023-02-07T19:41:48Z;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47;
References: <1673559753-94403-1-git-send-email-mikelley@microsoft.com> <1673559753-94403-7-git-send-email-mikelley@microsoft.com> <Y8r2TjW/R3jymmqT@zn.tnic> <BYAPR21MB168897DBA98E91B72B4087E1D7CA9@BYAPR21MB1688.namprd21.prod.outlook.com> <Y9FC7Dpzr5Uge/Mi@zn.tnic> <BYAPR21MB16883BB6178DDEEA10FD1F1CD7D69@BYAPR21MB1688.namprd21.prod.outlook.com> <Y+JG9+zdSwZlz6FU@zn.tnic> <BYAPR21MB1688A80B91CC4957D938191ED7DB9@BYAPR21MB1688.namprd21.prod.outlook.com> <Y+KndbrS1/1i0IFd@zn.tnic>

From: Borislav Petkov <bp@xxxxxxxxx> Sent: Tuesday, February 7, 2023 11:33 AM
> 
> On Tue, Feb 07, 2023 at 07:01:25PM +0000, Michael Kelley (LINUX) wrote:
> > Unless there are objections, I'll go with CC_ATTR_PARAVISOR_DEVICES,
> 
> What does "DEVICES" mean in this context?
> 
> You need to think about !virt people too who are already confused by the
> word "paravisor". :-)
> 

Maybe I misunderstood your previous comment about "Either 1".   We can
avoid "PARAVISOR" entirely by going with two attributes:

CC_ATTR_ACCESS_IOAPIC_ENCRYPTED
CC_ATTR_ACCESS_TPM_ENCRYPTED

These are much more specific, and relatively short, and having two allows
decoupling the handling of the IO-APIC and TPM.  Combining into the single

CC_ATTR_ACCESS_IOAPIC_AND_TPM_ENCRYPTED

also works but is longer.

Capturing the full meaning in the string names is probably impossible.
Referring to the comment for the definition will be required for a full
understanding.

Michael

Follow-Ups:
- Re: [PATCH v5 06/14] x86/ioremap: Support hypervisor specified range to map as encrypted
  - From: Borislav Petkov

References:
- [PATCH v5 00/14] Add PCI pass-thru support to Hyper-V Confidential VMs
  - From: Michael Kelley
- [PATCH v5 06/14] x86/ioremap: Support hypervisor specified range to map as encrypted
  - From: Michael Kelley
- Re: [PATCH v5 06/14] x86/ioremap: Support hypervisor specified range to map as encrypted
  - From: Borislav Petkov
- RE: [PATCH v5 06/14] x86/ioremap: Support hypervisor specified range to map as encrypted
  - From: Michael Kelley (LINUX)
- Re: [PATCH v5 06/14] x86/ioremap: Support hypervisor specified range to map as encrypted
  - From: Borislav Petkov
- RE: [PATCH v5 06/14] x86/ioremap: Support hypervisor specified range to map as encrypted
  - From: Michael Kelley (LINUX)
- Re: [PATCH v5 06/14] x86/ioremap: Support hypervisor specified range to map as encrypted
  - From: Borislav Petkov
- RE: [PATCH v5 06/14] x86/ioremap: Support hypervisor specified range to map as encrypted
  - From: Michael Kelley (LINUX)
- Re: [PATCH v5 06/14] x86/ioremap: Support hypervisor specified range to map as encrypted
  - From: Borislav Petkov

Prev by Date: PCIe RC\EP virtio rdma solution discussion.
Next by Date: Re: [PATCH v5 06/14] x86/ioremap: Support hypervisor specified range to map as encrypted
Previous by thread: Re: [PATCH v5 06/14] x86/ioremap: Support hypervisor specified range to map as encrypted
Next by thread: Re: [PATCH v5 06/14] x86/ioremap: Support hypervisor specified range to map as encrypted
Index(es):
- Date
- Thread

[Index of Archives] [DMA Engine] [Linux Coverity] [Linux USB] [Video for Linux] [Linux Audio Users] [Yosemite News] [Linux Kernel] [Linux SCSI] [Greybus]