From: Borislav Petkov <bp@alien8.de> To: Juergen Gross <jgross@suse.com> Cc: Oleksandr <olekstysh@gmail.com>, Christoph Hellwig <hch@infradead.org>, Boris Ostrovsky <boris.ostrovsky@oracle.com>, Stefano Stabellini <sstabellini@kernel.org>, xen-devel@lists.xenproject.org, x86@kernel.org, linux-kernel@vger.kernel.org, linux-arm-kernel@lists.infradead.org, Dave Hansen <dave.hansen@linux.intel.com>, Andy Lutomirski <luto@kernel.org>, Peter Zijlstra <peterz@infradead.org>, Thomas Gleixner <tglx@linutronix.de>, Ingo Molnar <mingo@redhat.com>, "H. Peter Anvin" <hpa@zytor.com>, Julien Grall <julien@xen.org>, Oleksandr Tyshchenko <oleksandr_tyshchenko@epam.com>, "Michael S. Tsirkin" <mst@redhat.com>, Tom Lendacky <thomas.lendacky@amd.com> Subject: Re: [PATCH V1 3/6] xen/virtio: Add option to restrict memory access under Xen Date: Tue, 26 Apr 2022 10:41:09 +0200 [thread overview] Message-ID: <YmewJaxWS1KGVkTf@zn.tnic> (raw) In-Reply-To: <7d89848a-3a1c-415d-957a-564ffdd3712d@suse.com> On Tue, Apr 26, 2022 at 07:16:16AM +0200, Juergen Gross wrote: > Christoph suggested (rather firmly) this would be the way to go. Yeah, I saw it but I don't think it is the right way to go. What happens the next time a guest needs to query the platform underneath? Misuse these interfaces again? Because people will see the Xen use and say, hey, look, I will use this for my funky HV too. Even worse: what happens if Xen decides to implement SEV/TDX? Then you're in for a world of fun. Now, if we want to *extend* the interfaces to have something as generic as, say, platform_has() and that should be the way for generic kernel code running in the guest to query the platform capabilities, then sure, by all means. > This is needed on guest side at a rather hypervisor independent place. > > So a capability of some sort seems appropriate. > > Another suggestion of mine was to have a callback (or flag) in > struct x86_hyper_runtime for that purpose. This becomes an issue if the HV is not x86 - then you need a different method of querying it, which then underneath will call the arch-specific interface. I don't know how much of querying guests need to do and how they've been doing that so far. Depending on the requirements, we probably should think about a clean design from the get-go instead of homegrown things. Thx. -- Regards/Gruss, Boris. https://people.kernel.org/tglx/notes-about-netiquette
WARNING: multiple messages have this Message-ID (diff)
From: Borislav Petkov <bp@alien8.de> To: Juergen Gross <jgross@suse.com> Cc: Oleksandr <olekstysh@gmail.com>, Christoph Hellwig <hch@infradead.org>, Boris Ostrovsky <boris.ostrovsky@oracle.com>, Stefano Stabellini <sstabellini@kernel.org>, xen-devel@lists.xenproject.org, x86@kernel.org, linux-kernel@vger.kernel.org, linux-arm-kernel@lists.infradead.org, Dave Hansen <dave.hansen@linux.intel.com>, Andy Lutomirski <luto@kernel.org>, Peter Zijlstra <peterz@infradead.org>, Thomas Gleixner <tglx@linutronix.de>, Ingo Molnar <mingo@redhat.com>, "H. Peter Anvin" <hpa@zytor.com>, Julien Grall <julien@xen.org>, Oleksandr Tyshchenko <oleksandr_tyshchenko@epam.com>, "Michael S. Tsirkin" <mst@redhat.com>, Tom Lendacky <thomas.lendacky@amd.com> Subject: Re: [PATCH V1 3/6] xen/virtio: Add option to restrict memory access under Xen Date: Tue, 26 Apr 2022 10:41:09 +0200 [thread overview] Message-ID: <YmewJaxWS1KGVkTf@zn.tnic> (raw) In-Reply-To: <7d89848a-3a1c-415d-957a-564ffdd3712d@suse.com> On Tue, Apr 26, 2022 at 07:16:16AM +0200, Juergen Gross wrote: > Christoph suggested (rather firmly) this would be the way to go. Yeah, I saw it but I don't think it is the right way to go. What happens the next time a guest needs to query the platform underneath? Misuse these interfaces again? Because people will see the Xen use and say, hey, look, I will use this for my funky HV too. Even worse: what happens if Xen decides to implement SEV/TDX? Then you're in for a world of fun. Now, if we want to *extend* the interfaces to have something as generic as, say, platform_has() and that should be the way for generic kernel code running in the guest to query the platform capabilities, then sure, by all means. > This is needed on guest side at a rather hypervisor independent place. > > So a capability of some sort seems appropriate. > > Another suggestion of mine was to have a callback (or flag) in > struct x86_hyper_runtime for that purpose. This becomes an issue if the HV is not x86 - then you need a different method of querying it, which then underneath will call the arch-specific interface. I don't know how much of querying guests need to do and how they've been doing that so far. Depending on the requirements, we probably should think about a clean design from the get-go instead of homegrown things. Thx. -- Regards/Gruss, Boris. https://people.kernel.org/tglx/notes-about-netiquette _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2022-04-26 9:17 UTC|newest] Thread overview: 79+ messages / expand[flat|nested] mbox.gz Atom feed top 2022-04-22 16:50 [PATCH V1 0/6] virtio: Solution to restrict memory access under Xen using xen-grant DMA-mapping layer Oleksandr Tyshchenko 2022-04-22 16:50 ` Oleksandr Tyshchenko 2022-04-22 16:50 ` [PATCH V1 1/6] arm/xen: Introduce xen_setup_dma_ops() Oleksandr Tyshchenko 2022-04-22 16:50 ` Oleksandr Tyshchenko 2022-04-22 22:59 ` Stefano Stabellini 2022-04-22 22:59 ` Stefano Stabellini 2022-04-23 14:35 ` Oleksandr 2022-04-23 14:35 ` Oleksandr 2022-04-23 16:32 ` Christoph Hellwig 2022-04-23 16:32 ` Christoph Hellwig 2022-04-22 16:50 ` [PATCH V1 2/6] xen/grants: support allocating consecutive grants Oleksandr Tyshchenko 2022-04-22 16:50 ` Oleksandr Tyshchenko 2022-04-22 16:51 ` [PATCH V1 3/6] xen/virtio: Add option to restrict memory access under Xen Oleksandr Tyshchenko 2022-04-22 16:51 ` Oleksandr Tyshchenko 2022-04-22 23:00 ` Stefano Stabellini 2022-04-22 23:00 ` Stefano Stabellini 2022-04-23 7:05 ` Oleksandr 2022-04-23 7:05 ` Oleksandr 2022-04-23 9:10 ` Juergen Gross 2022-04-23 9:10 ` Juergen Gross 2022-04-23 15:25 ` Oleksandr 2022-04-23 15:25 ` Oleksandr 2022-04-23 16:40 ` Christoph Hellwig 2022-04-23 16:40 ` Christoph Hellwig 2022-04-24 16:53 ` Oleksandr 2022-04-24 16:53 ` Oleksandr 2022-04-24 18:08 ` Boris Ostrovsky 2022-04-24 18:08 ` Boris Ostrovsky 2022-04-25 7:53 ` Juergen Gross 2022-04-25 7:53 ` Juergen Gross 2022-04-25 7:47 ` Juergen Gross 2022-04-25 7:47 ` Juergen Gross 2022-04-25 7:58 ` Christoph Hellwig 2022-04-25 7:58 ` Christoph Hellwig 2022-04-25 9:14 ` Juergen Gross 2022-04-25 9:14 ` Juergen Gross 2022-04-25 20:38 ` Oleksandr 2022-04-25 20:38 ` Oleksandr 2022-04-25 21:25 ` Borislav Petkov 2022-04-25 21:25 ` Borislav Petkov 2022-04-26 5:16 ` Juergen Gross 2022-04-26 5:16 ` Juergen Gross 2022-04-26 8:41 ` Borislav Petkov [this message] 2022-04-26 8:41 ` Borislav Petkov 2022-04-26 9:36 ` Juergen Gross 2022-04-26 9:36 ` Juergen Gross 2022-04-26 11:16 ` Borislav Petkov 2022-04-26 11:16 ` Borislav Petkov 2022-04-22 16:51 ` [PATCH V1 4/6] dt-bindings: Add xen,dev-domid property description for xen-grant DMA ops Oleksandr Tyshchenko 2022-04-22 16:51 ` [PATCH V1 4/6] dt-bindings: Add xen, dev-domid " Oleksandr Tyshchenko 2022-04-22 23:00 ` Stefano Stabellini 2022-04-22 23:00 ` Stefano Stabellini 2022-04-22 23:00 ` Stefano Stabellini 2022-04-23 14:37 ` Oleksandr 2022-04-23 14:37 ` Oleksandr 2022-05-02 21:59 ` [PATCH V1 4/6] dt-bindings: Add xen,dev-domid " Rob Herring 2022-05-02 21:59 ` Rob Herring 2022-05-02 21:59 ` Rob Herring 2022-05-03 17:09 ` Oleksandr 2022-05-03 17:09 ` Oleksandr 2022-05-04 0:02 ` Rob Herring 2022-05-04 0:02 ` Rob Herring 2022-05-04 0:02 ` Rob Herring 2022-05-05 10:12 ` Oleksandr 2022-05-05 10:12 ` Oleksandr 2022-04-22 16:51 ` [PATCH V1 5/6] xen/grant-dma-ops: Retrieve the ID of backend's domain for DT devices Oleksandr Tyshchenko 2022-04-22 16:51 ` Oleksandr Tyshchenko 2022-04-22 23:00 ` Stefano Stabellini 2022-04-22 23:00 ` Stefano Stabellini 2022-04-23 15:23 ` Oleksandr 2022-04-23 15:23 ` Oleksandr 2022-04-22 16:51 ` [PATCH V1 6/6] arm/xen: Assign xen-grant DMA ops for xen-grant DMA devices Oleksandr Tyshchenko 2022-04-22 16:51 ` Oleksandr Tyshchenko 2022-04-22 23:00 ` Stefano Stabellini 2022-04-22 23:00 ` Stefano Stabellini 2022-04-23 16:42 ` Christoph Hellwig 2022-04-23 16:42 ` Christoph Hellwig 2022-04-24 16:07 ` Oleksandr 2022-04-24 16:07 ` Oleksandr
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=YmewJaxWS1KGVkTf@zn.tnic \ --to=bp@alien8.de \ --cc=boris.ostrovsky@oracle.com \ --cc=dave.hansen@linux.intel.com \ --cc=hch@infradead.org \ --cc=hpa@zytor.com \ --cc=jgross@suse.com \ --cc=julien@xen.org \ --cc=linux-arm-kernel@lists.infradead.org \ --cc=linux-kernel@vger.kernel.org \ --cc=luto@kernel.org \ --cc=mingo@redhat.com \ --cc=mst@redhat.com \ --cc=oleksandr_tyshchenko@epam.com \ --cc=olekstysh@gmail.com \ --cc=peterz@infradead.org \ --cc=sstabellini@kernel.org \ --cc=tglx@linutronix.de \ --cc=thomas.lendacky@amd.com \ --cc=x86@kernel.org \ --cc=xen-devel@lists.xenproject.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.