Received: by 2002:a25:ad19:0:0:0:0:0 with SMTP id y25csp4718447ybi; Mon, 15 Jul 2019 13:37:11 -0700 (PDT) X-Google-Smtp-Source: APXvYqwYstOcVWIX73AXRMQPuOXhsKhK4Hltw5qtwkSduUel/5f2t/Ja9mIitqgO7IOJJVCrlj4L X-Received: by 2002:a63:dd17:: with SMTP id t23mr2299906pgg.295.1563223031131; Mon, 15 Jul 2019 13:37:11 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1563223031; cv=none; d=google.com; s=arc-20160816; b=ouTcUUlqrHu7Ynlsj3MsW7Uj2U7JSjcxi9CCQZFd8TRvO3wy0mjiiURyeW50OQM/57 ldflCT/r/ig7DhMw5gP+mxmbkWYefaUmSDQtDi35+mrbIsPvWP+E3f2qk3vZTHkDSUAF fqPhwzKCjGmFgIjVEEJqpZyXyAlbb6YJ5QPTh9UWGrJ34vDublNQ4BPKwRC2KgzjoW4o 91B/zKNyRbMFYr37wbrMK8gxkrXFAzGiDiUChtAjCQXfzD+7ijIjoiAJWSvWbKl6oHbw Y3m6xEFgMZdODjGg5M535FwwIowV+lePks1L22Ek04f+5XEr1MezZkxLQWMMRx91Xxdo Zj3Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date; bh=eZzdn1cbX6UiHLEakPA80Cyf19spU/8gOrEL62kxF/w=; b=wm9Ja5e4K1N77NI2zdliN8ld2JSVsJtVCLHaTwNCk8mJj1oh1QbDm/SpiX1hfSg8lL UapLXf0PTBWPQU+zrTbnei+rjX/R6gpcxPDcTraLzaqPUaPtSIQSK8Itxz5W5NFHrlTL ffvlmsDAeobgys3wYL0stJJgxxhLZhcyfa7G6qYS3X0eUdauYIOb1cik3sv9eQx1ySY9 KuDCtMcfSUK5PwWJSB+iscZ3sxBCsoTFsEmiGNWPZ20GnVqanZxHcO1xsTMd7N0gIYp/ WfHYVxaWG+NCS3224P9/NcTdV5CY4lmE0IZRkoOpzR624Yzx0zW0mJrU69oXdijZHMas DIqQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id z20si17139773pfa.282.2019.07.15.13.36.53; Mon, 15 Jul 2019 13:37:11 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731596AbfGOUgZ (ORCPT + 99 others); Mon, 15 Jul 2019 16:36:25 -0400 Received: from mx1.redhat.com ([209.132.183.28]:36816 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729505AbfGOUgZ (ORCPT ); Mon, 15 Jul 2019 16:36:25 -0400 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 9E07D308FEC0; Mon, 15 Jul 2019 20:36:24 +0000 (UTC) Received: from redhat.com (ovpn-125-108.rdu2.redhat.com [10.10.125.108]) by smtp.corp.redhat.com (Postfix) with SMTP id 26AFF608CA; Mon, 15 Jul 2019 20:36:17 +0000 (UTC) Date: Mon, 15 Jul 2019 16:36:11 -0400 From: "Michael S. Tsirkin" To: Thiago Jung Bauermann Cc: virtualization@lists.linux-foundation.org, linuxppc-dev@lists.ozlabs.org, iommu@lists.linux-foundation.org, linux-kernel@vger.kernel.org, Jason Wang , Christoph Hellwig , David Gibson , Alexey Kardashevskiy , Paul Mackerras , Benjamin Herrenschmidt , Ram Pai , Jean-Philippe Brucker , Michael Roth , Mike Anderson Subject: Re: [RFC PATCH] virtio_ring: Use DMA API if guest memory is encrypted Message-ID: <20190715163453-mutt-send-email-mst@kernel.org> References: <20190323165456-mutt-send-email-mst@kernel.org> <87a7go71hz.fsf@morokweng.localdomain> <20190520090939-mutt-send-email-mst@kernel.org> <877ea26tk8.fsf@morokweng.localdomain> <20190603211528-mutt-send-email-mst@kernel.org> <877e96qxm7.fsf@morokweng.localdomain> <20190701092212-mutt-send-email-mst@kernel.org> <87d0id9nah.fsf@morokweng.localdomain> <20190715103411-mutt-send-email-mst@kernel.org> <874l3nnist.fsf@morokweng.localdomain> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <874l3nnist.fsf@morokweng.localdomain> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.49]); Mon, 15 Jul 2019 20:36:24 +0000 (UTC) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Jul 15, 2019 at 05:29:06PM -0300, Thiago Jung Bauermann wrote: > > Michael S. Tsirkin writes: > > > On Sun, Jul 14, 2019 at 02:51:18AM -0300, Thiago Jung Bauermann wrote: > >> > >> > >> Michael S. Tsirkin writes: > >> > >> > So this is what I would call this option: > >> > > >> > VIRTIO_F_ACCESS_PLATFORM_IDENTITY_ADDRESS > >> > > >> > and the explanation should state that all device > >> > addresses are translated by the platform to identical > >> > addresses. > >> > > >> > In fact this option then becomes more, not less restrictive > >> > than VIRTIO_F_ACCESS_PLATFORM - it's a promise > >> > by guest to only create identity mappings, > >> > and only before driver_ok is set. > >> > This option then would always be negotiated together with > >> > VIRTIO_F_ACCESS_PLATFORM. > >> > > >> > Host then must verify that > >> > 1. full 1:1 mappings are created before driver_ok > >> > or can we make sure this happens before features_ok? > >> > that would be ideal as we could require that features_ok fails > >> > 2. mappings are not modified between driver_ok and reset > >> > i guess attempts to change them will fail - > >> > possibly by causing a guest crash > >> > or some other kind of platform-specific error > >> > >> I think VIRTIO_F_ACCESS_PLATFORM_IDENTITY_ADDRESS is good, but requiring > >> it to be accompanied by ACCESS_PLATFORM can be a problem. One reason is > >> SLOF as I mentioned above, another is that we would be requiring all > >> guests running on the machine (secure guests or not, since we would use > >> the same configuration for all guests) to support it. But > >> ACCESS_PLATFORM is relatively recent so it's a bit early for that. For > >> instance, Ubuntu 16.04 LTS (which is still supported) doesn't know about > >> it and wouldn't be able to use the device. > > > > OK and your target is to enable use with kernel drivers within > > guests, right? > > Right. > > > My question is, we are defining a new flag here, I guess old guests > > then do not set it. How does it help old guests? Or maybe it's > > not designed to ... > > Indeed. The idea is that QEMU can offer the flag, old guests can reject > it (or even new guests can reject it, if they decide not to convert into > secure VMs) and the feature negotiation will succeed with the flag > unset. OK. And then what does QEMU do? Assume guest is not encrypted I guess? > -- > Thiago Jung Bauermann > IBM Linux Technology Center