Received: by 2002:a05:6a10:9848:0:0:0:0 with SMTP id x8csp969721pxf; Thu, 1 Apr 2021 19:52:18 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyEsU5gx38UMcDCztW9N42Cr9MGNGqysJ9FPFJDKxtXJ8eqhMggDLxHXlI/MHIrAba81QMx X-Received: by 2002:a05:6402:4301:: with SMTP id m1mr13693341edc.210.1617331938549; Thu, 01 Apr 2021 19:52:18 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1617331938; cv=none; d=google.com; s=arc-20160816; b=pViN4tluEePw/50d/t8YXo8Fgsvb+vReMi5e7DlmwtBiN5yqPEN02GOdRprrqye6Ke H2NWW5uQofksQX/3jw429jmnsqEBLcOsnvjfGFRzbOfBmQuhe8weNpvqsHeVbvrzck48 uuY6Dj6el/kl9iKLaqIaD74TuBdboWFqkzwer31u5Cfy6dBHyOy3xfZyATtlJ2e57TLM aFv9fLP/95Hqc3JPkJCL4WtBcth41bZs5BM7YoAiSQv9UceZnJYDJJixiGn0+Qv6TeqS UR4nO2+tHQQlALE68IUfu4rxKxF9HhxjTwMDAjHgk2/xVdHyLocUeTleAozIUAOv9r96 6GMQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:ironport-sdr :ironport-sdr; bh=CCfFB3ABfaM7TjAOPS5jATbYuczVs40npAmlXO45p+Q=; b=iw50UNDP1eTva1oK9UWDIT79ibtogvCjLLSgWexny98R2y4bm9J6UqunL7yPaLTzKh J0i/LEo1EN6uHm3c24ctAxdG0L3IDejZI/M1jzK6iTpBZXTVFnSv/x2IuI1ZDgbK3Zsn pH6plg2qhbRUTKU1Q4ggc/NtGhR5kltZnDgfMy50UYudE91S8qhBd1JxYGoe3lxR434k vQpqDSUcog1aqz+8cOsZC9lfxuokpbqht2Jc8+JttKq17VaWDimirSpg6M8/urCHAAUg yi+etOb0dhTbI16LBCjdnInogvXqK3oYhpsFt6I6GYNpH5PxvF6+UA9C4m0tVtIy8ezR U11w== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id ly21si5624472ejb.128.2021.04.01.19.51.42; Thu, 01 Apr 2021 19:52:18 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233894AbhDBCsy (ORCPT + 99 others); Thu, 1 Apr 2021 22:48:54 -0400 Received: from mga17.intel.com ([192.55.52.151]:43768 "EHLO mga17.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233665AbhDBCsy (ORCPT ); Thu, 1 Apr 2021 22:48:54 -0400 IronPort-SDR: wV529Fcw12XmVUumTuIDOmgvu6iCTC63Kbc8oBsKBlJ+H2bR0xC47fvAMFLNf53dVCzyAvWvEf Js59GvyoWi8A== X-IronPort-AV: E=McAfee;i="6000,8403,9941"; a="172406896" X-IronPort-AV: E=Sophos;i="5.81,298,1610438400"; d="scan'208";a="172406896" Received: from orsmga005.jf.intel.com ([10.7.209.41]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 01 Apr 2021 19:48:53 -0700 IronPort-SDR: 0cZxnLKxQ2igMPiF7I7ZOZm72ImAl9vnmvomzopHCqpBCB4r65MRotijuOEeJ+jhi8Q40bIsZR uyFBoxn3nh0A== X-IronPort-AV: E=Sophos;i="5.81,298,1610438400"; d="scan'208";a="596570650" Received: from tassilo.jf.intel.com ([10.54.74.11]) by orsmga005-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 01 Apr 2021 19:48:53 -0700 Date: Thu, 1 Apr 2021 19:48:52 -0700 From: Andi Kleen To: Dave Hansen Cc: Kuppuswamy Sathyanarayanan , Peter Zijlstra , Andy Lutomirski , Kirill Shutemov , Kuppuswamy Sathyanarayanan , Dan Williams , Raj Ashok , Sean Christopherson , linux-kernel@vger.kernel.org Subject: Re: [RFC v1 00/26] Add TDX Guest Support Message-ID: <20210402024852.GK1285835@tassilo.jf.intel.com> References: <95e97456-478b-c6a2-f851-3b19ce794262@intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <95e97456-478b-c6a2-f851-3b19ce794262@intel.com> Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org > I've heard things like "we need to harden the drivers" or "we need to do > audits" and that drivers might be "whitelisted". The basic driver allow listing patches are already in the repository, but not currently posted or complete: https://github.com/intel/tdx/commits/guest > > What are we talking about specifically? Which drivers? How many > approximately? Just virtio? Right now just virtio, later other drivers that hypervisors need. > Are there any "real" hardware drivers > involved like how QEMU emulates an e1000 or rtl8139 device? Not currently (but some later hypervisor might rely on one of those) > What about > the APIC or HPET? No IO-APIC, but the local APIC. No HPET. > > How broadly across the kernel is this going to go? Not very broadly for drivers. > > Without something concrete, it's really hard to figure out if we should > go full-blown paravirtualized MMIO, or do something like the #VE > trapping that's in this series currently. As Sean says the concern about MMIO is less drivers (which should be generally ok if they work on other architectures which require MMIO magic), but other odd code that only ran on x86 before. I really don't understand your crusade against #VE. It really isn't that bad if we can avoid the few corner cases. For me it would seem wrong to force all MMIO for all drivers to some complicated paravirt construct, blowing up code side everywhere and adding complicated self modifying code, when it's only needed for very few drivers. But we also don't want to patch every MMIO to be special cased even those few drivers. #VE based MMIO avoids all that cleanly while being nicely non intrusive. -Andi