Received: by 2002:a05:6a10:d5a5:0:0:0:0 with SMTP id gn37csp1579700pxb; Fri, 1 Oct 2021 13:59:21 -0700 (PDT) X-Google-Smtp-Source: ABdhPJx4D9He0R4lY74AshE9Ea+FIBlZAfSvGP0f73uS0+3DFrufL6VrRmn/OLSDntPr34RWpswI X-Received: by 2002:a17:907:1b1b:: with SMTP id mp27mr61310ejc.538.1633121961129; Fri, 01 Oct 2021 13:59:21 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1633121961; cv=none; d=google.com; s=arc-20160816; b=xo9Sr6XU4Yy7u5UlO2nEnsi0xk9XlUR+5dEx/mGSny31/5YKy0UMkVgvqb4cPfuvbD 3bM7k/ZXbFpfc7pqAl7jLdYqwElx3ckd9PMql1Sbam9FEGERf4oVrEQAegLfvzKtkn46 LkcCn+ES2lB2NHVf7YZkRIvIJ2BV9XDcGBEM0dzigCyFNCA2+h2AZXbDTrDCaYAkzfkh M+tEUzo71SsN7GwK3wZF6/2Bxr4Frf2Xztq+en3b1hk1yr5BbLaVzu9WgzuxInW9yBuf ZbPQJ1y4U8NocLfD3KQuEXS+n8yngWvB3a7lMW4Hbw5bqgjnnRXxaNy4IW6EIUvuQLW8 zIKQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:content-language :in-reply-to:mime-version:user-agent:date:message-id:from:references :cc:to:subject; bh=SzjghIhEuK4qRa3+5Hp0dXr4PxZmgbTaRDvo9aaIsSE=; b=puP62wAwkEhu7VYLrPkquTGkGwEJubII+QO6BFRrm045/wFBq8EKsfhe8BIwZ7keih gzK1fPqAV1ROvYxMmObochdAvO27grUcCNDrhO+/+rW3n4+hz0Tsd7JQDrF16YYJljyT vXyR/iszUBBmosbJ25yqn21vVytXPPj5j6zb7GvGMQq2ItBwsFV0HUBnSY6GDwwSks1s NXAX1qvbKNHRik2c5brVAZ89913t4T8lIKzdWKXo+Rwth/ICy7TWHDG9rgz66cGEPVD/ gTgB6mws420JzcyMFLvsBgu9EL8OLQ0FGuNKGQwa//SEVC0Al7UohWgtEiEKGpEoFdDn 17UA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id n15si7622271edy.392.2021.10.01.13.58.56; Fri, 01 Oct 2021 13:59:21 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229765AbhJATre (ORCPT + 99 others); Fri, 1 Oct 2021 15:47:34 -0400 Received: from mga11.intel.com ([192.55.52.93]:41519 "EHLO mga11.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229623AbhJATrd (ORCPT ); Fri, 1 Oct 2021 15:47:33 -0400 X-IronPort-AV: E=McAfee;i="6200,9189,10124"; a="222351649" X-IronPort-AV: E=Sophos;i="5.85,340,1624345200"; d="scan'208";a="222351649" Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by fmsmga102.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 01 Oct 2021 12:45:40 -0700 X-IronPort-AV: E=Sophos;i="5.85,340,1624345200"; d="scan'208";a="565235176" Received: from mgelhass-mobl.amr.corp.intel.com (HELO skuppusw-mobl5.amr.corp.intel.com) ([10.212.119.57]) by fmsmga002-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 01 Oct 2021 12:45:39 -0700 Subject: Re: [PATCH v2 4/6] virtio: Initialize authorized attribute for confidential guest To: Alan Stern , Dan Williams Cc: Greg Kroah-Hartman , "Michael S. Tsirkin" , Borislav Petkov , X86 ML , Bjorn Helgaas , Thomas Gleixner , Ingo Molnar , Andreas Noever , Michael Jamet , Yehezkel Bernat , "Rafael J . Wysocki" , Mika Westerberg , Jonathan Corbet , Jason Wang , Andi Kleen , Kuppuswamy Sathyanarayanan , Linux Kernel Mailing List , Linux PCI , USB list , virtualization@lists.linux-foundation.org References: <20210930010511.3387967-5-sathyanarayanan.kuppuswamy@linux.intel.com> <20210930065953-mutt-send-email-mst@kernel.org> <6d1e2701-5095-d110-3b0a-2697abd0c489@linux.intel.com> <1cfdce51-6bb4-f7af-a86b-5854b6737253@linux.intel.com> <20211001164533.GC505557@rowland.harvard.edu> <20211001190048.GA512418@rowland.harvard.edu> From: "Kuppuswamy, Sathyanarayanan" Message-ID: Date: Fri, 1 Oct 2021 12:45:36 -0700 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0 Thunderbird/78.13.0 MIME-Version: 1.0 In-Reply-To: <20211001190048.GA512418@rowland.harvard.edu> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 10/1/21 12:00 PM, Alan Stern wrote: > On Fri, Oct 01, 2021 at 11:09:52AM -0700, Dan Williams wrote: >> On Fri, Oct 1, 2021 at 9:47 AM Alan Stern wrote: >>> >>> On Fri, Oct 01, 2021 at 09:13:54AM -0700, Dan Williams wrote: >>>> Bear with me, and perhaps it's a lack of imagination on my part, but I >>>> don't see how to get to a globally generic "authorized" sysfs ABI >>>> given that USB and Thunderbolt want to do bus specific actions on >>>> authorization toggle events. Certainly a default generic authorized >>>> attribute can be defined for all the other buses that don't have >>>> legacy here, but Thunderbolt will still require support for '2' as an >>>> authorized value, and USB will still want to base probe decisions on >>>> the authorization state of both the usb_device and the usb_interface. >>> >>> The USB part isn't really accurate (I can't speak for Thunderbolt). >>> When a usb_device is deauthorized, the device will be unconfigured, >>> deleting all its interfaces and removing the need for any probe >>> decisions about them. In other words, the probe decision for a >>> usb_device or usb_interface depends only on the device's/interface's >>> own authorization state. >>> >>> True, the interface binding code does contain a test of the device's >>> authorization setting. That test is redundant and can be removed. >>> >>> The actions that USB wants to take on authorization toggle events for >>> usb_devices are: for authorize, select and install a configuration; >>> for deauthorize, unconfigure the device. Each of these could be >>> handled simply enough just by binding/unbinding the device. (There >>> is some special code for handling wireless USB devices, but wireless >>> USB is now defunct.) >> >> Ah, so are you saying that it would be sufficient for USB if the >> generic authorized implementation did something like: >> >> dev->authorized = 1; >> device_attach(dev); >> >> ...for the authorize case, and: >> >> dev->authorize = 0; >> device_release_driver(dev); >> >> ...for the deauthorize case? > > Yes, I think so. But I haven't tried making this change to test and > see what really happens. > For thunderbolt driver, it looks much more complicated. Unless you define some callbacks in struct bus_type, we cannot easily generalize it (but such callbacks are not recommended because it brings bus specific operations to core layer). sysfs_read() -> simple read sysfs_write() -> tb_switch_set_authorized() -> disapprove_switch() -> tb_domain_disapprove_switch() -> tb->cm_ops->disapprove_switch() (product specific call) -> tb_domain_approve_switch_key() -> tb->cm_ops->add_switch_key -> tb->cm_ops->approve_switch() (product specific call) -> tb_domain_approve_switch() -> tb->cm_ops->approve_switch() (product specific call) -> tb_domain_challenge_switch_key() -> tb->cm_ops->challenge_switch_key() -> crypto_alloc_shash() -> crypto_shash_setkey() -> crypto_shash_digest() -> tb->cm_ops->approve_switch() (product specific call) > Alan Stern > -- Sathyanarayanan Kuppuswamy Linux Kernel Developer