Received: by 2002:a05:6a10:1d13:0:0:0:0 with SMTP id pp19csp3085406pxb;
        Tue, 24 Aug 2021 14:59:04 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJyzKaIUIQRJMQS06ohp4Ah/+x5PNRtyhEpZrjaM9C0BNc4bGJ94zPPZWLYu5C6dMgzML6QK
X-Received: by 2002:a02:a695:: with SMTP id j21mr33444352jam.99.1629842343891;
        Tue, 24 Aug 2021 14:59:03 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1629842343; cv=none;
        d=google.com; s=arc-20160816;
        b=tLZ8fCUvWRzmWZUQskufU0lCRSQplXXD2Tvj0LGpFTFzMf2V3JSBBDgI7WaTz5LxGl
         QfT0BTeGpFMsFa60yiB6x+psIV+oE/6Tk97sHUECu+PxG/enz0HzoGukqXpEmQx76Gdc
         sJUUry2G88mEjhi4V9wM10/oPUcg7mW3YxPvkLwGOccMNPU84PdXRb66edyRGrEmjTq+
         I6+wiF2foZb/j4CWTmCUYH7j3MeKdO5IrzCgXeVW75X7pHIvhMSNeUYI6DVMmi+1LWTP
         MQm0xvPGTi98UC9y65PHjn0J/Kpu8NPi/SvCOc7r40LYBjYxojRYPtl9YzBfiex+aIG1
         NvDA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to
         :references:mime-version:dkim-signature;
        bh=JA7HjuVr8UM0YrbUtH7xcK5mGIk2G9+Axy1XWOoFNYg=;
        b=fJz2n80i1D51t86hOiQK0J8KhTwryIpgOZ1R3u8UeNQ/BmH2GpX1BbK41jMjY1XHDw
         qrhfXjhyeAXn/COwWS2wiyK8sosxWp3kBwCf2FPZv4SpDCRL7dg09+U66sNg9GuoijVp
         AwRZAzMtPqAq6xLNJCSW7cF9XwTRk8cSap2hjhCRexr9MeKjrAVxZRBfJhceD8eP6dtP
         T+69swic2m82OVVhXg54duP7BC5sqM5cg9eXYPgBUTbWtXpYj7Tni9tkc99zVKQ7xzuC
         hDZTmYm21FjDoac9SzVgtZWqHKziHjJ49dHxJS7AwedLwjfaxJtrbzyWngwsGjMu5HxC
         XsHw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@google.com header.s=20161025 header.b=WsBX54BB;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id r17si22683920iov.104.2021.08.24.14.58.52;
        Tue, 24 Aug 2021 14:59:03 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@google.com header.s=20161025 header.b=WsBX54BB;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S238671AbhHXV5s (ORCPT <rfc822;liukuiyu0707@gmail.com>
        + 99 others); Tue, 24 Aug 2021 17:57:48 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40534 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S238635AbhHXV5r (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 24 Aug 2021 17:57:47 -0400
Received: from mail-pg1-x529.google.com (mail-pg1-x529.google.com [IPv6:2607:f8b0:4864:20::529])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 727A3C061796
        for <linux-kernel@vger.kernel.org>; Tue, 24 Aug 2021 14:57:02 -0700 (PDT)
Received: by mail-pg1-x529.google.com with SMTP id n18so21128365pgm.12
        for <linux-kernel@vger.kernel.org>; Tue, 24 Aug 2021 14:57:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20161025;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=JA7HjuVr8UM0YrbUtH7xcK5mGIk2G9+Axy1XWOoFNYg=;
        b=WsBX54BBkcv11FQPj9OpoaF+eiQb8uX8aKiArIgUDrBIDwtG3b3K65ZX6ebBjitNbN
         w4lUM9y8oGz/tR3k3Zes2iqrAer9nCavy8Gef4NMWt8VTh8WP99eVbvwz7tkCjz4bHrq
         vAbZ8Ec6ssdwu8Vug8/ZEHTYcy8EBLuOfy6qwkqNjb6xNwc80u1Guda8rci8qOfunYZ0
         tpvzRodESKY7xx/aQWat6XsESTC/QWfHfZ+7nW5YmDN2ExMsidGq069RxDz3mdPWGeXC
         OP3Af9IIu+FHi8O+HMr5M/iBE1ePbCqYmUUW9YDYLHWdc0H+pZXOSjb/GoYe4tnuXRJP
         7sjw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=JA7HjuVr8UM0YrbUtH7xcK5mGIk2G9+Axy1XWOoFNYg=;
        b=Dsgk9Km1j9bMF8hKGCdliqTuDU3HZ7e88POk5dfmxDC8funHXLw6kQL80Y8PzwxYLf
         SYUoYXQUgJHncEwQQJ+U4bQXVukvOPShZL8BKCmZ2+XsFNpZNBiDZ4EkxXMd9ZZXcAkl
         WE/IExbuwpmEbBd3FXKA+0Tmzf4MNHksv8aflmWmOQmYOMImiEGnEF/h0Gl8ItsHvxIH
         1h/6H1rMEg5wee0xXd8BWyLZvakKdPbk8c7Lr23EelFPqsYvrEYMi4R4hccyoEfj7BYw
         hnmWMFSu+Ab+vnQPvGOWQ0RVPuSgvMNfwm6X6n4Vbdnb2GbpIdzJc9a0+zgLCokdkYnF
         uemw==
X-Gm-Message-State: AOAM533PEFnmSObZNfmwumqSdj5R5fAU8SPqVJpEqbs3oOkaLnxkf/Xx
        V5h6pDcQT+z1rjrdb0bQcFtnnGYbJLzEYWzwe7AtpA==
X-Received: by 2002:a65:414a:: with SMTP id x10mr26273786pgp.403.1629842221742;
 Tue, 24 Aug 2021 14:57:01 -0700 (PDT)
MIME-Version: 1.0
References: <20210805005218.2912076-1-sathyanarayanan.kuppuswamy@linux.intel.com>
 <20210805005218.2912076-12-sathyanarayanan.kuppuswamy@linux.intel.com>
 <20210823195409-mutt-send-email-mst@kernel.org> <26a3cce5-ddf7-cbe6-a41e-58a2aea48f78@linux.intel.com>
 <CAPcyv4iJVQKJ3bVwZhD08c8GNEP0jW2gx=H504NXcYK5o2t01A@mail.gmail.com>
In-Reply-To: <CAPcyv4iJVQKJ3bVwZhD08c8GNEP0jW2gx=H504NXcYK5o2t01A@mail.gmail.com>
From:   Rajat Jain <rajatja@google.com>
Date:   Tue, 24 Aug 2021 14:56:25 -0700
Message-ID: <CACK8Z6E+__kZqU8mVUnYhFc0wz_e81qBLO3ffqSDghVtztNeQw@mail.gmail.com>
Subject: Re: [PATCH v4 11/15] pci: Add pci_iomap_shared{,_range}
To:     Dan Williams <dan.j.williams@intel.com>
Cc:     "Kuppuswamy, Sathyanarayanan" 
        <sathyanarayanan.kuppuswamy@linux.intel.com>,
        "Michael S. Tsirkin" <mst@redhat.com>,
        Thomas Gleixner <tglx@linutronix.de>,
        Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
        Peter Zijlstra <peterz@infradead.org>,
        Andy Lutomirski <luto@kernel.org>,
        Bjorn Helgaas <bhelgaas@google.com>,
        Richard Henderson <rth@twiddle.net>,
        Thomas Bogendoerfer <tsbogend@alpha.franken.de>,
        James E J Bottomley <James.Bottomley@hansenpartnership.com>,
        Helge Deller <deller@gmx.de>,
        "David S . Miller" <davem@davemloft.net>,
        Arnd Bergmann <arnd@arndb.de>,
        Jonathan Corbet <corbet@lwn.net>,
        Peter H Anvin <hpa@zytor.com>,
        Dave Hansen <dave.hansen@intel.com>,
        Tony Luck <tony.luck@intel.com>,
        Andi Kleen <ak@linux.intel.com>,
        Kirill Shutemov <kirill.shutemov@linux.intel.com>,
        Sean Christopherson <seanjc@google.com>,
        Kuppuswamy Sathyanarayanan <knsathya@kernel.org>,
        X86 ML <x86@kernel.org>,
        Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
        Linux PCI <linux-pci@vger.kernel.org>,
        linux-alpha@vger.kernel.org, linux-mips@vger.kernel.org,
        linux-parisc@vger.kernel.org, sparclinux@vger.kernel.org,
        linux-arch <linux-arch@vger.kernel.org>,
        Linux Doc Mailing List <linux-doc@vger.kernel.org>,
        virtualization@lists.linux-foundation.org
Content-Type: text/plain; charset="UTF-8"
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Mon, Aug 23, 2021 at 6:06 PM Dan Williams <dan.j.williams@intel.com> wrote:
>
> On Mon, Aug 23, 2021 at 5:31 PM Kuppuswamy, Sathyanarayanan
> <sathyanarayanan.kuppuswamy@linux.intel.com> wrote:
> >
> >
> >
> > On 8/23/21 4:56 PM, Michael S. Tsirkin wrote:
> > >> Add a new variant of pci_iomap for mapping all PCI resources
> > >> of a devices as shared memory with a hypervisor in a confidential
> > >> guest.
> > >>
> > >> Signed-off-by: Andi Kleen<ak@linux.intel.com>
> > >> Signed-off-by: Kuppuswamy Sathyanarayanan<sathyanarayanan.kuppuswamy@linux.intel.com>
> > > I'm a bit puzzled by this part. So why should the guest*not*  map
> > > pci memory as shared? And if the answer is never (as it seems to be)
> > > then why not just make regular pci_iomap DTRT?
> >
> > It is in the context of confidential guest (where VMM is un-trusted). So
> > we don't want to make all PCI resource as shared. It should be allowed
> > only for hardened drivers/devices.
>
> That's confusing, isn't device authorization what keeps unaudited
> drivers from loading against untrusted devices? I'm feeling like
> Michael that this should be a detail that drivers need not care about
> explicitly, in which case it does not need to be exported because the
> detail can be buried in lower levels.
>
> Note, I specifically said "unaudited", not "hardened" because as Greg
> mentioned the kernel must trust drivers, its devices that may not be
> trusted.

Can you please point me to the thread where this discussion with Greg
is ongoing?

Thanks,

Rajat