Received: by 2002:a05:6a10:d5a5:0:0:0:0 with SMTP id gn37csp42151pxb; Tue, 5 Oct 2021 22:47:31 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxLQVa/xwowAMPgrRBHyvZCfCVrMJL3EZXZYPSGeETGFXbsowLZ0h+aZGH8lT5fGslyfauC X-Received: by 2002:a17:906:2805:: with SMTP id r5mr4485334ejc.540.1633499251038; Tue, 05 Oct 2021 22:47:31 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1633499251; cv=none; d=google.com; s=arc-20160816; b=lAvQ/jArxmWXJGfGYmsk5TdW5szTczwdgvUexZR8nNhIw6bE5uMS3f7ffa4cYWdKwk TJb/mwlO41kp7aPgB/YdFUOd2WXv/GviD5US8aJilwUxfB5aZCoKHVze/hwPHEEusOmA W7IEKN475T1/6bIJd2P2EKl7aktJ1rVJG95w3aFnjTqwOiRSjeygoqQ2u9NgiCQN6gMZ B5xRGkBSI6ZbaY/kGAabAWUX0HAl3Aq9QzZ55y7bD+24bcyGwzhVrDi/GZUGeMnvjcIa HWqdKq5fLu38Dj06wkmc7CV/o9mWgD6HXRPXHrgWhpJ/9G6E1CrWx25+q8AnEcs334oT XIdg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=edCr2KCNjiWAKC78WUHccj3laoUyQB8z7V9UAaWRMDc=; b=MMGiFTvr1A/CrIvFQqcD5+pVaxP387qSXZyJ8cb/TS+q0+kWYJerWhKll96fnKI/DK mkFGNbLeZHU0fZwUfY/d9/BIr2aJpke9qqJhrzFYuaNRWku6MjIZr2/ZD+QDxe9479yi z0tBfkZHklUEhAXyp1XDSMEryQOHJ3XGpDRyu25B2J7bQJeR49Y2FraJfouIVX7fEzRb 7vIfgN8fqhJzurfXGNHYbBqXpADCSOx4Wg3SA3C5F6oAQDXEHfXfVsjlyKxM+YJXr9+8 a+bkKlwJo7qrL27P6X4JtJ70Ols9xkj40Br/jYZe0BVSpQrz8sT4/FxfXj0aMLMVV2Cd CcTw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=Ja+ryf44; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id k7si25380562ejk.77.2021.10.05.22.47.06; Tue, 05 Oct 2021 22:47:31 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=Ja+ryf44; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231621AbhJFFrI (ORCPT + 99 others); Wed, 6 Oct 2021 01:47:08 -0400 Received: from mail.kernel.org ([198.145.29.99]:42092 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229579AbhJFFrH (ORCPT ); Wed, 6 Oct 2021 01:47:07 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 08C45610A8; Wed, 6 Oct 2021 05:45:15 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1633499115; bh=TkhOS3oV3aBi6/QsuUnIcb7Tuh/r6ed2nyWTvBNeZCE=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=Ja+ryf444x6Di/ECYJ1MMxrIt8xWGjoeayFFSxzN7eUIV+0TdxlBE0oLlQK/Z6CPA Mkt0M00dGomHevaZhMCpHpdn51zXqCAEv+4jonKBlHTIZ50E6rRLws7+HdzmJccBZV CwuhTxux4JPGErPjZnNy3G/8slESpIe3e8+O8gMs= Date: Wed, 6 Oct 2021 07:45:12 +0200 From: Greg Kroah-Hartman To: Dan Williams Cc: Mika Westerberg , Alan Stern , "Kuppuswamy, Sathyanarayanan" , "Michael S. Tsirkin" , Borislav Petkov , X86 ML , Bjorn Helgaas , Thomas Gleixner , Ingo Molnar , Andreas Noever , Michael Jamet , Yehezkel Bernat , "Rafael J . Wysocki" , Jonathan Corbet , Jason Wang , Andi Kleen , Kuppuswamy Sathyanarayanan , Linux Kernel Mailing List , Linux PCI , USB list , virtualization@lists.linux-foundation.org Subject: Re: [PATCH v2 4/6] virtio: Initialize authorized attribute for confidential guest Message-ID: References: <1cfdce51-6bb4-f7af-a86b-5854b6737253@linux.intel.com> <20211001164533.GC505557@rowland.harvard.edu> <20211001190048.GA512418@rowland.harvard.edu> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Oct 05, 2021 at 03:33:29PM -0700, Dan Williams wrote: > On Sun, Oct 3, 2021 at 10:16 PM Mika Westerberg > wrote: > > > > Hi, > > > > On Fri, Oct 01, 2021 at 12:57:18PM -0700, Dan Williams wrote: > > > > > Ah, so are you saying that it would be sufficient for USB if the > > > > > generic authorized implementation did something like: > > > > > > > > > > dev->authorized = 1; > > > > > device_attach(dev); > > > > > > > > > > ...for the authorize case, and: > > > > > > > > > > dev->authorize = 0; > > > > > device_release_driver(dev); > > > > > > > > > > ...for the deauthorize case? > > > > > > > > Yes, I think so. But I haven't tried making this change to test and > > > > see what really happens. > > > > > > Sounds like a useful path for this effort to explore. Especially as > > > Greg seems to want the proposed "has_probe_authorization" flag in the > > > bus_type to disappear and make this all generic. It just seems that > > > Thunderbolt would need deeper surgery to move what it does in the > > > authorization toggle path into the probe and remove paths. > > > > > > Mika, do you see a path for Thunderbolt to align its authorization > > > paths behind bus ->probe() ->remove() events similar to what USB might > > > be able to support for a generic authorization path? > > > > In Thunderbolt "authorization" actually means whether there is a PCIe > > tunnel to the device or not. There is no driver bind/unbind happening > > when authorization toggles (well on Thunderbolt bus, there can be on PCI > > bus after the tunnel is established) so I'm not entirely sure how we > > could use the bus ->probe() or ->remove for that to be honest. > > Greg, per your comment: > > "... which was to move the way that busses are allowed to authorize > the devices they wish to control into a generic way instead of being > bus-specific logic." > > We have USB and TB that have already diverged on the ABI here. The USB > behavior is more in line with the "probe authorization" concept, while > TB is about tunnel establishment and not cleanly tied to probe > authorization. So while I see a path to a common authorization > implementation for USB and other buses (per the insight from Alan), TB > needs to retain the ability to record the authorization state as an > enum rather than a bool, and emit a uevent on authorization status > change. > > So how about something like the following that moves the attribute > into the core, but still calls back to TB and USB to perform their > legacy authorization work. This new authorized attribute only shows up > when devices default to not authorized, i.e. when userspace owns the > allow list past critical-boot built-in drivers, or if the bus (USB / > TB) implements ->authorize(). At quick glance, this looks better, but it would be good to see someone test it :) thanks, greg k-h