On Thu, 08 Dec 2022 20:26:28 +0000, Jason Gunthorpe <jgg@xxxxxxxxxx> wrote: > > This will replace irq_domain_check_msi_remap() in following patches. > > The new API makes it more clear what "msi_remap" actually means from a > functional perspective instead of identifying an implementation specific > HW feature. > > Secure MSI means that an irq_domain on the path from the initiating device irq_domain is a SW construct, and you are trying to validate something that is HW property. "Secure" is also a terribly overloaded term that means very different things in non-x86 circles. When I read this, I see an ARM system with a device generating an MSI with the "secure" bit set as part of the transaction and identifying the memory access as being part of the "secure" domain. But that's not what you mean at all. > to the CPU will validate that the MSI message specifies an interrupt > number that the initiating device is authorized to trigger. Secure MSI > must block devices from triggering interrupts they are not authorized to > trigger. Currently authorization means the MSI vector is one assigned to > the device. What you are describing here is a *device isolation* property, and I'd rather we stay away from calling that "secure". If anything, I'd rather call everything else "broken". M. -- Without deviation from the norm, progress is not possible.
