Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp453136pxj; Thu, 3 Jun 2021 10:37:11 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwbOiXFz0dOQ8NfNz6qiEyJyY41eHIUersRd7t+pRmvgV1iCj5yGrdxNraAHu+FNrvNZPlK X-Received: by 2002:a17:906:3845:: with SMTP id w5mr478263ejc.518.1622741831235; Thu, 03 Jun 2021 10:37:11 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1622741831; cv=none; d=google.com; s=arc-20160816; b=rZctKjVuN0lKcVw+lxsss1D8ZNCjHolMRABNVNgCgos+KVmJg1nnIwY+v9TxzaKMNG 2e1gLxGN9aOkhoIg9UnnqC9/ohSy3vsYcuzonSkw21C/CRFZ6K4DMxytM3BTZNrI0lxa 9M5x2hd2DSkhl4Hh8gNd8rava6EnSIUT2YHvoMxlKJ2xNkPcFYqkVARd4XgRx4+UvHkk LAXG1SBTY0B5k6/P/9vsw/uAAAmD05Z5qMZZlD4uMGUqF0ctb3yvCfZU1UvFdBaaoR3X xsTwwveIZvSSojUMX8BtkjtHdJ2XEzB17l9K5UtiRzt71yFgyfVQZKyJ0S54RIT5/wuE dTNQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:content-language :in-reply-to:mime-version:user-agent:date:message-id:from:references :cc:to:subject:dkim-signature; bh=G/GxhedNXlVDii8L2qe0lwgILEF/Fysz4wCkKH25UEo=; b=YlnL7ESN7l4gjV8cnWNOpzmrG84BrJ3YSbw6mOMl9Q3thHcp8TrCW5jymfFDAJeuDS DlWlwY0qEtYaAJCz1sYoyuOYIaeNqtd3d4EsDtErymSQ06HNblOO0vGTC41OwmA8DjTL SodDewqO3MluYqJWBXkAa6i7XjwCs2wqzEq/NTflG+Fy73LB94mKgWuVql/Iy850BNag B8DOATzqfrKD3atypxRh6NT8o61ANr9SW1kuzzBBO5BuWbKMRh9s0cwxIxtu0SFrBvcZ vR070+AUcm/6RVhdaAZguQRUNP+V5H01ARvEek8ZfmhtssROY0PIqQqmoM7SrOo081x3 tbpg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=MFTkiPeD; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id b11si2989319edz.116.2021.06.03.10.36.46; Thu, 03 Jun 2021 10:37:11 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=MFTkiPeD; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230351AbhFCRf0 (ORCPT + 99 others); Thu, 3 Jun 2021 13:35:26 -0400 Received: from mail.kernel.org ([198.145.29.99]:60062 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229947AbhFCRfZ (ORCPT ); Thu, 3 Jun 2021 13:35:25 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 8D919600EF; Thu, 3 Jun 2021 17:33:40 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1622741621; bh=/UCRcRzeBqTtEan+hKQQytxiVuqK6B0k/wsPUAzHz04=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From; b=MFTkiPeD9pCOCOqPoN5+CzEhXI99TCb/39pyxVHmsIu2k1fk8H/SddDyBYcnAZjdS xdHSwL+7enafUpzCDPPWhuip9DqrJ3fgknH6swTLZGTiCVZtJ3H91+7Jf4luWtvAsM t4nClvFCW1FHgSSW6qB2ZrbsTKofuoGjV47JEPaSNXeuxOGPapBCUc9lFVQruBLTTW 2Ws3Gqt1g/sEt2+i9gvAEBowH0WoN7WHRtG++WdSXO3iwwOv55pJU+p4KiINspejbD vefQqFY64InbySwuXs6s50UHsk9hQWmicWTdvP4UZup7oMXGa2YBPm9L/nb8oaeS9g ITvifMb0XbFfw== Subject: Re: [PATCH v1 1/8] virtio: Force only split mode with protected guest To: Andi Kleen , mst@redhat.com Cc: jasowang@redhat.com, virtualization@lists.linux-foundation.org, hch@lst.de, m.szyprowski@samsung.com, robin.murphy@arm.com, iommu@lists.linux-foundation.org, x86@kernel.org, sathyanarayanan.kuppuswamy@linux.intel.com, jpoimboe@redhat.com, linux-kernel@vger.kernel.org References: <20210603004133.4079390-1-ak@linux.intel.com> <20210603004133.4079390-2-ak@linux.intel.com> From: Andy Lutomirski Message-ID: Date: Thu, 3 Jun 2021 10:33:39 -0700 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.10.1 MIME-Version: 1.0 In-Reply-To: <20210603004133.4079390-2-ak@linux.intel.com> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 6/2/21 5:41 PM, Andi Kleen wrote: > Only allow split mode when in a protected guest. Followon > patches harden the split mode code paths, and we don't want > an malicious host to force anything else. Also disallow > indirect mode for similar reasons. I read this as "the virtio driver is buggy. Let's disable most of the buggy code in one special case in which we need a driver without bugs. In all the other cases (e.g. hardware virtio device connected over USB-C), driver bugs are still allowed." Can we just fix the driver without special cases? --Andy