Re: [PATCH v5 06/14] x86/ioremap: Support hypervisor specified range to map as encrypted

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Subject: Re: [PATCH v5 06/14] x86/ioremap: Support hypervisor specified range to map as encrypted
From: Borislav Petkov <bp@xxxxxxxxx>
Date: Fri, 10 Feb 2023 20:03:51 +0100
Cc: "Michael Kelley (LINUX)" <mikelley@xxxxxxxxxxxxx>, Dave Hansen <dave.hansen@xxxxxxxxx>, "hpa@xxxxxxxxx" <hpa@xxxxxxxxx>, KY Srinivasan <kys@xxxxxxxxxxxxx>, Haiyang Zhang <haiyangz@xxxxxxxxxxxxx>, "wei.liu@xxxxxxxxxx" <wei.liu@xxxxxxxxxx>, Dexuan Cui <decui@xxxxxxxxxxxxx>, "luto@xxxxxxxxxx" <luto@xxxxxxxxxx>, "peterz@xxxxxxxxxxxxx" <peterz@xxxxxxxxxxxxx>, "davem@xxxxxxxxxxxxx" <davem@xxxxxxxxxxxxx>, "edumazet@xxxxxxxxxx" <edumazet@xxxxxxxxxx>, "kuba@xxxxxxxxxx" <kuba@xxxxxxxxxx>, "pabeni@xxxxxxxxxx" <pabeni@xxxxxxxxxx>, "lpieralisi@xxxxxxxxxx" <lpieralisi@xxxxxxxxxx>, "robh@xxxxxxxxxx" <robh@xxxxxxxxxx>, "kw@xxxxxxxxx" <kw@xxxxxxxxx>, "bhelgaas@xxxxxxxxxx" <bhelgaas@xxxxxxxxxx>, "arnd@xxxxxxxx" <arnd@xxxxxxxx>, "hch@xxxxxx" <hch@xxxxxx>, "m.szyprowski@xxxxxxxxxxx" <m.szyprowski@xxxxxxxxxxx>, "robin.murphy@xxxxxxx" <robin.murphy@xxxxxxx>, "thomas.lendacky@xxxxxxx" <thomas.lendacky@xxxxxxx>, "brijesh.singh@xxxxxxx" <brijesh.singh@xxxxxxx>, "tglx@xxxxxxxxxxxxx" <tglx@xxxxxxxxxxxxx>, "mingo@xxxxxxxxxx" <mingo@xxxxxxxxxx>, "dave.hansen@xxxxxxxxxxxxxxx" <dave.hansen@xxxxxxxxxxxxxxx>, Tianyu Lan <Tianyu.Lan@xxxxxxxxxxxxx>, "kirill.shutemov@xxxxxxxxxxxxxxx" <kirill.shutemov@xxxxxxxxxxxxxxx>, "sathyanarayanan.kuppuswamy@xxxxxxxxxxxxxxx" <sathyanarayanan.kuppuswamy@xxxxxxxxxxxxxxx>, "ak@xxxxxxxxxxxxxxx" <ak@xxxxxxxxxxxxxxx>, "isaku.yamahata@xxxxxxxxx" <isaku.yamahata@xxxxxxxxx>, "dan.j.williams@xxxxxxxxx" <dan.j.williams@xxxxxxxxx>, "jane.chu@xxxxxxxxxx" <jane.chu@xxxxxxxxxx>, "tony.luck@xxxxxxxxx" <tony.luck@xxxxxxxxx>, "x86@xxxxxxxxxx" <x86@xxxxxxxxxx>, "linux-kernel@xxxxxxxxxxxxxxx" <linux-kernel@xxxxxxxxxxxxxxx>, "linux-hyperv@xxxxxxxxxxxxxxx" <linux-hyperv@xxxxxxxxxxxxxxx>, "netdev@xxxxxxxxxxxxxxx" <netdev@xxxxxxxxxxxxxxx>, "linux-pci@xxxxxxxxxxxxxxx" <linux-pci@xxxxxxxxxxxxxxx>, "linux-arch@xxxxxxxxxxxxxxx" <linux-arch@xxxxxxxxxxxxxxx>, "iommu@xxxxxxxxxxxxxxx" <iommu@xxxxxxxxxxxxxxx>
In-reply-to: <Y+aP8rHr6H3LIf/c@google.com>
References: <1673559753-94403-1-git-send-email-mikelley@microsoft.com> <1673559753-94403-7-git-send-email-mikelley@microsoft.com> <Y8r2TjW/R3jymmqT@zn.tnic> <BYAPR21MB168897DBA98E91B72B4087E1D7CA9@BYAPR21MB1688.namprd21.prod.outlook.com> <Y9FC7Dpzr5Uge/Mi@zn.tnic> <BYAPR21MB16883BB6178DDEEA10FD1F1CD7D69@BYAPR21MB1688.namprd21.prod.outlook.com> <Y+JG9+zdSwZlz6FU@zn.tnic> <4216dea6-d899-aecb-2207-caa2ae7db0e3@intel.com> <BYAPR21MB16886D92828BA2CA8D47FEA4D7D99@BYAPR21MB1688.namprd21.prod.outlook.com> <Y+aP8rHr6H3LIf/c@google.com>

On Fri, Feb 10, 2023 at 06:41:54PM +0000, Sean Christopherson wrote:
> Anyways, tying things back to the actual code being discussed, I vote against
> CC_ATTR_PARAVISOR.  Being able to trust device emulation is not unique to a
> paravisor.  A single flag also makes too many assumptions about what is trusted
> and thus should be accessed encrypted.

I'm not crazy about the alternative either: one flag per access type:
IO APIC, vTPM, and soon.

Soon this will become an unmaintainable zoo of different guest types
people want the kernel to support. I don't think I want that madness in
kernel proper.

-- 
Regards/Gruss,
    Boris.

https://people.kernel.org/tglx/notes-about-netiquette

Follow-Ups:
- RE: [PATCH v5 06/14] x86/ioremap: Support hypervisor specified range to map as encrypted
  - From: Michael Kelley (LINUX)

References:
- [PATCH v5 00/14] Add PCI pass-thru support to Hyper-V Confidential VMs
  - From: Michael Kelley
- [PATCH v5 06/14] x86/ioremap: Support hypervisor specified range to map as encrypted
  - From: Michael Kelley
- Re: [PATCH v5 06/14] x86/ioremap: Support hypervisor specified range to map as encrypted
  - From: Borislav Petkov
- RE: [PATCH v5 06/14] x86/ioremap: Support hypervisor specified range to map as encrypted
  - From: Michael Kelley (LINUX)
- Re: [PATCH v5 06/14] x86/ioremap: Support hypervisor specified range to map as encrypted
  - From: Borislav Petkov
- RE: [PATCH v5 06/14] x86/ioremap: Support hypervisor specified range to map as encrypted
  - From: Michael Kelley (LINUX)
- Re: [PATCH v5 06/14] x86/ioremap: Support hypervisor specified range to map as encrypted
  - From: Borislav Petkov
- Re: [PATCH v5 06/14] x86/ioremap: Support hypervisor specified range to map as encrypted
  - From: Dave Hansen
- RE: [PATCH v5 06/14] x86/ioremap: Support hypervisor specified range to map as encrypted
  - From: Michael Kelley (LINUX)
- Re: [PATCH v5 06/14] x86/ioremap: Support hypervisor specified range to map as encrypted
  - From: Sean Christopherson

Prev by Date: Re: [PATCH v5 06/14] x86/ioremap: Support hypervisor specified range to map as encrypted
Next by Date: RE: [PATCH v5 06/14] x86/ioremap: Support hypervisor specified range to map as encrypted
Previous by thread: Re: [PATCH v5 06/14] x86/ioremap: Support hypervisor specified range to map as encrypted
Next by thread: RE: [PATCH v5 06/14] x86/ioremap: Support hypervisor specified range to map as encrypted
Index(es):
- Date
- Thread

[Index of Archives] [DMA Engine] [Linux Coverity] [Linux USB] [Video for Linux] [Linux Audio Users] [Yosemite News] [Linux Kernel] [Linux SCSI] [Greybus]