Received: by 2002:a25:ad19:0:0:0:0:0 with SMTP id y25csp4718447ybi;
        Mon, 15 Jul 2019 13:37:11 -0700 (PDT)
X-Google-Smtp-Source: APXvYqwYstOcVWIX73AXRMQPuOXhsKhK4Hltw5qtwkSduUel/5f2t/Ja9mIitqgO7IOJJVCrlj4L
X-Received: by 2002:a63:dd17:: with SMTP id t23mr2299906pgg.295.1563223031131;
        Mon, 15 Jul 2019 13:37:11 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1563223031; cv=none;
        d=google.com; s=arc-20160816;
        b=ouTcUUlqrHu7Ynlsj3MsW7Uj2U7JSjcxi9CCQZFd8TRvO3wy0mjiiURyeW50OQM/57
         ldflCT/r/ig7DhMw5gP+mxmbkWYefaUmSDQtDi35+mrbIsPvWP+E3f2qk3vZTHkDSUAF
         fqPhwzKCjGmFgIjVEEJqpZyXyAlbb6YJ5QPTh9UWGrJ34vDublNQ4BPKwRC2KgzjoW4o
         91B/zKNyRbMFYr37wbrMK8gxkrXFAzGiDiUChtAjCQXfzD+7ijIjoiAJWSvWbKl6oHbw
         Y3m6xEFgMZdODjGg5M535FwwIowV+lePks1L22Ek04f+5XEr1MezZkxLQWMMRx91Xxdo
         Zj3Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:in-reply-to:content-disposition
         :mime-version:references:message-id:subject:cc:to:from:date;
        bh=eZzdn1cbX6UiHLEakPA80Cyf19spU/8gOrEL62kxF/w=;
        b=wm9Ja5e4K1N77NI2zdliN8ld2JSVsJtVCLHaTwNCk8mJj1oh1QbDm/SpiX1hfSg8lL
         UapLXf0PTBWPQU+zrTbnei+rjX/R6gpcxPDcTraLzaqPUaPtSIQSK8Itxz5W5NFHrlTL
         ffvlmsDAeobgys3wYL0stJJgxxhLZhcyfa7G6qYS3X0eUdauYIOb1cik3sv9eQx1ySY9
         KuDCtMcfSUK5PwWJSB+iscZ3sxBCsoTFsEmiGNWPZ20GnVqanZxHcO1xsTMd7N0gIYp/
         WfHYVxaWG+NCS3224P9/NcTdV5CY4lmE0IZRkoOpzR624Yzx0zW0mJrU69oXdijZHMas
         DIqQ==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id z20si17139773pfa.282.2019.07.15.13.36.53;
        Mon, 15 Jul 2019 13:37:11 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1731596AbfGOUgZ (ORCPT <rfc822;vladislav.valtchev@gmail.com>
        + 99 others); Mon, 15 Jul 2019 16:36:25 -0400
Received: from mx1.redhat.com ([209.132.183.28]:36816 "EHLO mx1.redhat.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1729505AbfGOUgZ (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 15 Jul 2019 16:36:25 -0400
Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13])
        (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
        (No client certificate requested)
        by mx1.redhat.com (Postfix) with ESMTPS id 9E07D308FEC0;
        Mon, 15 Jul 2019 20:36:24 +0000 (UTC)
Received: from redhat.com (ovpn-125-108.rdu2.redhat.com [10.10.125.108])
        by smtp.corp.redhat.com (Postfix) with SMTP id 26AFF608CA;
        Mon, 15 Jul 2019 20:36:17 +0000 (UTC)
Date:   Mon, 15 Jul 2019 16:36:11 -0400
From:   "Michael S. Tsirkin" <mst@redhat.com>
To:     Thiago Jung Bauermann <bauerman@linux.ibm.com>
Cc:     virtualization@lists.linux-foundation.org,
        linuxppc-dev@lists.ozlabs.org, iommu@lists.linux-foundation.org,
        linux-kernel@vger.kernel.org, Jason Wang <jasowang@redhat.com>,
        Christoph Hellwig <hch@lst.de>,
        David Gibson <david@gibson.dropbear.id.au>,
        Alexey Kardashevskiy <aik@linux.ibm.com>,
        Paul Mackerras <paulus@ozlabs.org>,
        Benjamin Herrenschmidt <benh@kernel.crashing.org>,
        Ram Pai <linuxram@us.ibm.com>,
        Jean-Philippe Brucker <jean-philippe.brucker@arm.com>,
        Michael Roth <mdroth@linux.vnet.ibm.com>,
        Mike Anderson <andmike@linux.ibm.com>
Subject: Re: [RFC PATCH] virtio_ring: Use DMA API if guest memory is encrypted
Message-ID: <20190715163453-mutt-send-email-mst@kernel.org>
References: <20190323165456-mutt-send-email-mst@kernel.org>
 <87a7go71hz.fsf@morokweng.localdomain>
 <20190520090939-mutt-send-email-mst@kernel.org>
 <877ea26tk8.fsf@morokweng.localdomain>
 <20190603211528-mutt-send-email-mst@kernel.org>
 <877e96qxm7.fsf@morokweng.localdomain>
 <20190701092212-mutt-send-email-mst@kernel.org>
 <87d0id9nah.fsf@morokweng.localdomain>
 <20190715103411-mutt-send-email-mst@kernel.org>
 <874l3nnist.fsf@morokweng.localdomain>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <874l3nnist.fsf@morokweng.localdomain>
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.49]); Mon, 15 Jul 2019 20:36:24 +0000 (UTC)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Mon, Jul 15, 2019 at 05:29:06PM -0300, Thiago Jung Bauermann wrote:
> 
> Michael S. Tsirkin <mst@redhat.com> writes:
> 
> > On Sun, Jul 14, 2019 at 02:51:18AM -0300, Thiago Jung Bauermann wrote:
> >>
> >>
> >> Michael S. Tsirkin <mst@redhat.com> writes:
> >>
> >> > So this is what I would call this option:
> >> >
> >> > VIRTIO_F_ACCESS_PLATFORM_IDENTITY_ADDRESS
> >> >
> >> > and the explanation should state that all device
> >> > addresses are translated by the platform to identical
> >> > addresses.
> >> >
> >> > In fact this option then becomes more, not less restrictive
> >> > than VIRTIO_F_ACCESS_PLATFORM - it's a promise
> >> > by guest to only create identity mappings,
> >> > and only before driver_ok is set.
> >> > This option then would always be negotiated together with
> >> > VIRTIO_F_ACCESS_PLATFORM.
> >> >
> >> > Host then must verify that
> >> > 1. full 1:1 mappings are created before driver_ok
> >> >     or can we make sure this happens before features_ok?
> >> >     that would be ideal as we could require that features_ok fails
> >> > 2. mappings are not modified between driver_ok and reset
> >> >     i guess attempts to change them will fail -
> >> >     possibly by causing a guest crash
> >> >     or some other kind of platform-specific error
> >>
> >> I think VIRTIO_F_ACCESS_PLATFORM_IDENTITY_ADDRESS is good, but requiring
> >> it to be accompanied by ACCESS_PLATFORM can be a problem. One reason is
> >> SLOF as I mentioned above, another is that we would be requiring all
> >> guests running on the machine (secure guests or not, since we would use
> >> the same configuration for all guests) to support it. But
> >> ACCESS_PLATFORM is relatively recent so it's a bit early for that. For
> >> instance, Ubuntu 16.04 LTS (which is still supported) doesn't know about
> >> it and wouldn't be able to use the device.
> >
> > OK and your target is to enable use with kernel drivers within
> > guests, right?
> 
> Right.
> 
> > My question is, we are defining a new flag here, I guess old guests
> > then do not set it. How does it help old guests? Or maybe it's
> > not designed to ...
> 
> Indeed. The idea is that QEMU can offer the flag, old guests can reject
> it (or even new guests can reject it, if they decide not to convert into
> secure VMs) and the feature negotiation will succeed with the flag
> unset.

OK. And then what does QEMU do? Assume guest is not encrypted I guess?

> --
> Thiago Jung Bauermann
> IBM Linux Technology Center