Received: by 2002:a05:6a10:1d13:0:0:0:0 with SMTP id pp19csp2320444pxb;
        Mon, 23 Aug 2021 18:07:41 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJwexhc78pPoSXFRPhXo8DOVkMGmJJKsSyTUH+7VXVBU/sU+sON+PkE43X60kOV0E15vlKgE
X-Received: by 2002:a17:906:6d85:: with SMTP id h5mr37739206ejt.305.1629767260864;
        Mon, 23 Aug 2021 18:07:40 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1629767260; cv=none;
        d=google.com; s=arc-20160816;
        b=fJH+8hn+NSf2OGTPf3AtY56/Lb2aLdION+vN/PRATfBGiCym6L2WfESzNpUQxk9jU9
         ns0AsbUvWJLKpFDtqFM4nurZqbhevvNe6Ugv8gvPlun7RLpFQPYSj4/BqNqJV92CO+kK
         5QkMgpOSxevH1SMORopWPVwdpknoEB5QZgzPxb6q9Boq23UMHThuYPoF6rTD0T8a0ItW
         aGuaK9xZwLvp6JstbM8zL+l31nM+PR6zwKOdoXTMSTR6jw+2dsT27WqrYhBKxMd8ZqdD
         lWRm6sPCcar5LA7vOw2mYvdiBQ3Ir6FWONUYosX96oACFFPhRss5dn4aq5oOOsRG/kIN
         kRRQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to
         :references:mime-version:dkim-signature;
        bh=+KWjXh2lT4oyxvT6TUUge6cE2M/3E1/QPatrdIWAbCk=;
        b=SjwIz+b6vg3flo6AqoTepBMW9gAPSmvUKiXuCpX018yBv6vbWLcrvPMy+HK3gU5DqC
         WsxftOhYho3TLJYj9IN7uY+oAD9s11inY0hB+1srH9DGCRgfmr82ge9FsMM3LLDOzt/G
         Mfb8b1gtjbyTdfG2QQXgh31ZJTbMVbioeaMpN+qFljMe7jVgH7gd5VghRzD0RuO+NE5/
         lM81O+4BeOfuKmNOcTVpI6tZ6HJ138JfgZenu3ir3ZPhw1vKdR8WUmtcZaPE0LBQg5Ka
         Tj4N/z6hxnOMtwlmz2+EZbwZzNXvxvJ4x4wMrvnjRcDOsPeDCufFwacu8BYbe43TNo5O
         mXkQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@intel-com.20150623.gappssmtp.com header.s=20150623 header.b=ssDUJbZQ;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id a19si8149435edt.168.2021.08.23.18.07.17;
        Mon, 23 Aug 2021 18:07:40 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@intel-com.20150623.gappssmtp.com header.s=20150623 header.b=ssDUJbZQ;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S234958AbhHXBGm (ORCPT <rfc822;liukuiyu0707@gmail.com>
        + 99 others); Mon, 23 Aug 2021 21:06:42 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34050 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S234724AbhHXBGd (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 23 Aug 2021 21:06:33 -0400
Received: from mail-pg1-x52b.google.com (mail-pg1-x52b.google.com [IPv6:2607:f8b0:4864:20::52b])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8324FC061757
        for <linux-kernel@vger.kernel.org>; Mon, 23 Aug 2021 18:04:11 -0700 (PDT)
Received: by mail-pg1-x52b.google.com with SMTP id s11so18263226pgr.11
        for <linux-kernel@vger.kernel.org>; Mon, 23 Aug 2021 18:04:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=intel-com.20150623.gappssmtp.com; s=20150623;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=+KWjXh2lT4oyxvT6TUUge6cE2M/3E1/QPatrdIWAbCk=;
        b=ssDUJbZQUoHOjzKeOoupouQflaDtoV/KGM0ZbImx65Id9YAIXzBr7xLGKgTJu5h7I2
         HHPWAyYNY1bDMlXgvnD4vDkqa1dsykDsMeTtzg3vHCZHA743vpTJ8zJ4NdfqSdbmmqvy
         KiEWa7Khi9N0O/9RoziHtutYHO2/nwyh6DBm4tBUK7GNpef0LXqDL+0p5s3nrsgMW6K/
         FFWm8o5SonyxAvLyA2+U5fUS7ZWjvbxn5iMEzqko5Bo0H+b6KX6dRPsNpkxsT+0zJzz9
         wV+DeBmwuvYfrQWDLM0QASdRWxoXpFfTwLTHLiDMsXuWjkskMss7fMermWEKgv/FmCUr
         IxMA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=+KWjXh2lT4oyxvT6TUUge6cE2M/3E1/QPatrdIWAbCk=;
        b=pYGYrvX24n/E5V+adqb943SgaEeBxMJm41/rXH9jwZ81I0io0zY44DVWgFwZLCYWy1
         KRuBe7mzNgSLDLJZrkVDfXYuScRAT3nGi2et+Ch6Mp4qv27CQZwvpAU2lKjJ6FRCohsz
         XwbLNCCzOBOxuszxhSgxJBuqg1Drly6/YIomXpKA7r05RWeNdhCYS3B4T9+vh467YgiU
         RZ5j8/ervdmnXauJqmCabJEMPQ59KEiFRRQzd+x7rFCoHY2G5FxQ2ZTXf20DEn1W199x
         4pw8MqEoNMyw8boRrMRgHcA5gczx81Vt4cA5L58UXI4CuAVnXP5FVFhbQYzalQ3gMY7K
         ltug==
X-Gm-Message-State: AOAM533OTpc4Zfzf3IvrI8Iq3GDtIgW908klQBNzrr+Fvek07JpbKDU7
        6IzmJqAKMNjHM1kXAZqLNWU+N5bJD3P4mckvO2FwMg==
X-Received: by 2002:a05:6a00:16c6:b029:32d:e190:9dd0 with SMTP id
 l6-20020a056a0016c6b029032de1909dd0mr36118105pfc.70.1629767051049; Mon, 23
 Aug 2021 18:04:11 -0700 (PDT)
MIME-Version: 1.0
References: <20210805005218.2912076-1-sathyanarayanan.kuppuswamy@linux.intel.com>
 <20210805005218.2912076-12-sathyanarayanan.kuppuswamy@linux.intel.com>
 <20210823195409-mutt-send-email-mst@kernel.org> <26a3cce5-ddf7-cbe6-a41e-58a2aea48f78@linux.intel.com>
In-Reply-To: <26a3cce5-ddf7-cbe6-a41e-58a2aea48f78@linux.intel.com>
From:   Dan Williams <dan.j.williams@intel.com>
Date:   Mon, 23 Aug 2021 18:04:00 -0700
Message-ID: <CAPcyv4iJVQKJ3bVwZhD08c8GNEP0jW2gx=H504NXcYK5o2t01A@mail.gmail.com>
Subject: Re: [PATCH v4 11/15] pci: Add pci_iomap_shared{,_range}
To:     "Kuppuswamy, Sathyanarayanan" 
        <sathyanarayanan.kuppuswamy@linux.intel.com>
Cc:     "Michael S. Tsirkin" <mst@redhat.com>,
        Thomas Gleixner <tglx@linutronix.de>,
        Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
        Peter Zijlstra <peterz@infradead.org>,
        Andy Lutomirski <luto@kernel.org>,
        Bjorn Helgaas <bhelgaas@google.com>,
        Richard Henderson <rth@twiddle.net>,
        Thomas Bogendoerfer <tsbogend@alpha.franken.de>,
        James E J Bottomley <James.Bottomley@hansenpartnership.com>,
        Helge Deller <deller@gmx.de>,
        "David S . Miller" <davem@davemloft.net>,
        Arnd Bergmann <arnd@arndb.de>,
        Jonathan Corbet <corbet@lwn.net>,
        Peter H Anvin <hpa@zytor.com>,
        Dave Hansen <dave.hansen@intel.com>,
        Tony Luck <tony.luck@intel.com>,
        Andi Kleen <ak@linux.intel.com>,
        Kirill Shutemov <kirill.shutemov@linux.intel.com>,
        Sean Christopherson <seanjc@google.com>,
        Kuppuswamy Sathyanarayanan <knsathya@kernel.org>,
        X86 ML <x86@kernel.org>,
        Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
        Linux PCI <linux-pci@vger.kernel.org>,
        linux-alpha@vger.kernel.org, linux-mips@vger.kernel.org,
        linux-parisc@vger.kernel.org, sparclinux@vger.kernel.org,
        linux-arch <linux-arch@vger.kernel.org>,
        Linux Doc Mailing List <linux-doc@vger.kernel.org>,
        virtualization@lists.linux-foundation.org
Content-Type: text/plain; charset="UTF-8"
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Mon, Aug 23, 2021 at 5:31 PM Kuppuswamy, Sathyanarayanan
<sathyanarayanan.kuppuswamy@linux.intel.com> wrote:
>
>
>
> On 8/23/21 4:56 PM, Michael S. Tsirkin wrote:
> >> Add a new variant of pci_iomap for mapping all PCI resources
> >> of a devices as shared memory with a hypervisor in a confidential
> >> guest.
> >>
> >> Signed-off-by: Andi Kleen<ak@linux.intel.com>
> >> Signed-off-by: Kuppuswamy Sathyanarayanan<sathyanarayanan.kuppuswamy@linux.intel.com>
> > I'm a bit puzzled by this part. So why should the guest*not*  map
> > pci memory as shared? And if the answer is never (as it seems to be)
> > then why not just make regular pci_iomap DTRT?
>
> It is in the context of confidential guest (where VMM is un-trusted). So
> we don't want to make all PCI resource as shared. It should be allowed
> only for hardened drivers/devices.

That's confusing, isn't device authorization what keeps unaudited
drivers from loading against untrusted devices? I'm feeling like
Michael that this should be a detail that drivers need not care about
explicitly, in which case it does not need to be exported because the
detail can be buried in lower levels.

Note, I specifically said "unaudited", not "hardened" because as Greg
mentioned the kernel must trust drivers, its devices that may not be
trusted.