Received: by 2002:a05:6358:489b:b0:bb:da1:e618 with SMTP id x27csp610468rwn; Thu, 8 Sep 2022 06:31:08 -0700 (PDT) X-Google-Smtp-Source: AA6agR6Dq6TM05L2h+dC+IwH3p0j0ZISQZgh9CAV/gjM4DnM7VhhJ7xdLfiGydXcGUFgGjdJzkcr X-Received: by 2002:a05:6402:4303:b0:448:7014:ed8f with SMTP id m3-20020a056402430300b004487014ed8fmr7296001edc.335.1662643868209; Thu, 08 Sep 2022 06:31:08 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1662643868; cv=none; d=google.com; s=arc-20160816; b=Up51g3Lim859KE2IzPXIl5CdtfQh7iOyPcANXpie81T470HwHDrOkA+8zFZe6H5RwD w7s37rByjPOXpm23wNErVsMuDhf54LPTlmkL2CeoxxkfaOoyph0G1TEEmDG7g6hREFPy lKWWGCs4iepjUg7kMzlpcG20Jmgp82ClAOHq2E5nWjXo3a4jMYJmJWttsNTgiQhNZmav MBSnu9prVVsCmydoArv4ZDAt2ybJWrjXlIkHa9yDg8YN9a7IMblLxg98FXBb16sJ1i/Y u1gHFRrllEHJlUZLlTPqps46+PqL8BKPxC7WBax8HbU/9PpwXYbBu7aUKKGgFBKtWIZ8 aigA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:subject:cc:to:from:date; bh=EzevlCVQ98R+FW5QrvGATyn1YC7GZrIWn6/oclu0q+o=; b=ozL34Q2SUGgoFD/LtJNybMCSgTQFf3QYp/a+FQEtKb/4X2CyVgAoGF7u7mOX3UHqoW Tcdgb4O7U+vOu5VtaeQaUrzBujiRRugd0KjbN/H1Bm690oyWftN92kASldX9EqayzJxk w9WNpAyeLDFQYoEyXSLCVVP8WUGySYISleOM003t7z/4azXTtVbT9E2OarGdFGZKD2zM JH1RQN40SMnjRnq289K/v+ObhIoAwlOmfnQ/89gpqarIMvUY4zD48XP5BbcMFbSsQpYW njJe6gXl2BvasIU3OlOpXERtiKWr3CFwmYK0QAtsfAl8iDGrK21JZ593+nhqVnpxvRQ0 4NFA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=huawei.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id bf24-20020a0564021a5800b00446ac62af48si6468166edb.70.2022.09.08.06.30.40; Thu, 08 Sep 2022 06:31:08 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=huawei.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232065AbiIHNAR (ORCPT + 99 others); Thu, 8 Sep 2022 09:00:17 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43120 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231467AbiIHNAP (ORCPT ); Thu, 8 Sep 2022 09:00:15 -0400 Received: from frasgout.his.huawei.com (frasgout.his.huawei.com [185.176.79.56]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6AC115AC62; Thu, 8 Sep 2022 06:00:14 -0700 (PDT) Received: from fraeml745-chm.china.huawei.com (unknown [172.18.147.200]) by frasgout.his.huawei.com (SkyGuard) with ESMTP id 4MNfJ52X97z688pK; Thu, 8 Sep 2022 20:56:05 +0800 (CST) Received: from lhrpeml500005.china.huawei.com (7.191.163.240) by fraeml745-chm.china.huawei.com (10.206.15.226) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Thu, 8 Sep 2022 15:00:12 +0200 Received: from localhost (10.202.226.42) by lhrpeml500005.china.huawei.com (7.191.163.240) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Thu, 8 Sep 2022 14:00:12 +0100 Date: Thu, 8 Sep 2022 14:00:11 +0100 From: Jonathan Cameron To: Dan Williams CC: Borislav Petkov , Davidlohr Bueso , , , , , , , , , , Subject: Re: [PATCH -next] memregion: Add arch_flush_memregion() interface Message-ID: <20220908140011.000003e8@huawei.com> In-Reply-To: <6319916ba0f9d_5801629437@dwillia2-xfh.jf.intel.com.notmuch> References: <20220829212918.4039240-1-dave@stgolabs.net> <20220907162245.5ddexpmibjbanrho@offworld> <6318cc415161f_166f2941e@dwillia2-xfh.jf.intel.com.notmuch> <6319916ba0f9d_5801629437@dwillia2-xfh.jf.intel.com.notmuch> X-Mailer: Claws Mail 4.0.0 (GTK+ 3.24.29; i686-w64-mingw32) MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Originating-IP: [10.202.226.42] X-ClientProxiedBy: lhrpeml100005.china.huawei.com (7.191.160.25) To lhrpeml500005.china.huawei.com (7.191.163.240) X-CFilter-Loop: Reflected X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED, RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, 7 Sep 2022 23:53:31 -0700 Dan Williams wrote: > Borislav Petkov wrote: > > On Wed, Sep 07, 2022 at 09:52:17AM -0700, Dan Williams wrote: > > > To be clear nfit stuff and CXL does run in guests, but they do not > > > support secure-erase in a guest. > > > > > > However, the QEMU CXL enabling is building the ability to do *guest > > > physical* address space management, but in that case the driver can be > > > paravirtualized to realize that it is not managing host-physical address > > > space and does not need to flush caches. That will need some indicator > > > to differentiate virtual CXL memory expanders from assigned devices. > > > > Sounds to me like that check should be improved later to ask > > whether the kernel is managing host-physical address space, maybe > > arch_flush_memregion() should check whether the address it is supposed > > to flush is host-physical and exit early if not... > > Even though I raised the possibility of guest passthrough of a CXL > memory expander, I do not think it could work in practice without it > being a gigantic security nightmare. So it is probably safe to just do > the hypervisor check and assume that there's no such thing as guest > management of host physical address space. Agreed. Other than occasional convenience of doing driver development in a VM (they reboot quickly ;) can't see why a product system would need to pass a CXL type 3 device through and as you say security would be 'interesting' if it were done. Might be GPU usecases down the line but I'm doubtful on that as well. Jonathan