From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.9 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,NICE_REPLY_A,SPF_HELO_NONE, SPF_PASS,USER_AGENT_SANE_1 autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id DB10DC47082 for ; Thu, 3 Jun 2021 23:33:04 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id C6BF3613EC for ; Thu, 3 Jun 2021 23:33:04 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229764AbhFCXet (ORCPT ); Thu, 3 Jun 2021 19:34:49 -0400 Received: from mga01.intel.com ([192.55.52.88]:61135 "EHLO mga01.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229576AbhFCXer (ORCPT ); Thu, 3 Jun 2021 19:34:47 -0400 IronPort-SDR: aACU/vHrmMuvBhCVVvIjYpiyCN9AujtYh5Wbqx0vPrjwOD20MJ87T3OgPK1PAT4/AlsUNWSj4h 8SwLawDUN2WQ== X-IronPort-AV: E=McAfee;i="6200,9189,10004"; a="225488691" X-IronPort-AV: E=Sophos;i="5.83,246,1616482800"; d="scan'208";a="225488691" Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 03 Jun 2021 16:33:00 -0700 IronPort-SDR: qAh/G4h1oAVmxnpXqZzvzXCuEocjpQVTLKofsVYdH1zoxAHAjOZW/w7M8EFkVDo5EB13y1/Kmd 5P5MI2NAPGSw== X-IronPort-AV: E=Sophos;i="5.83,246,1616482800"; d="scan'208";a="550880326" Received: from akleen-mobl1.amr.corp.intel.com (HELO [10.209.7.237]) ([10.209.7.237]) by fmsmga001-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 03 Jun 2021 16:32:59 -0700 Subject: Re: [PATCH v1 1/8] virtio: Force only split mode with protected guest To: Andy Lutomirski , mst@redhat.com Cc: Jason Wang , virtualization@lists.linux-foundation.org, hch@lst.de, m.szyprowski@samsung.com, robin.murphy@arm.com, iommu@lists.linux-foundation.org, the arch/x86 maintainers , sathyanarayanan.kuppuswamy@linux.intel.com, Josh Poimboeuf , Linux Kernel Mailing List References: <20210603004133.4079390-1-ak@linux.intel.com> <20210603004133.4079390-2-ak@linux.intel.com> <2b2dec75-a0c1-4013-ac49-a49f30d5ac3c@www.fastmail.com> <3159e1f4-77cd-e071-b6f2-a2bb83cfc69a@linux.intel.com> From: Andi Kleen Message-ID: <884f34e0-fcd2-bb82-9e9e-4269823fa9b2@linux.intel.com> Date: Thu, 3 Jun 2021 16:32:58 -0700 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.10.2 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Content-Language: en-US Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org > We do not need an increasing pile of kludges Do you mean disabling features is a kludge? If yes I disagree with that characterization. > to make TDX and SEV “secure”. We need the actual loaded driver to be secure. The virtio architecture is full of legacy nonsense, > and there is no good reason for SEV and TDX to be a giant special case. I don't know where you see a "giant special case". Except for the limited feature negotiation all the changes are common, and the disabling of features (which is not new BTW, but already done e.g. with forcing DMA API in some cases) can be of course used by all these other technologies too. But it just cannot be done by default for everything because it would break compatibility. So every technology with such requirements has to explicitly opt-in. > > As I said before, real PCIe (Thunderbolt/USB-C or anything else) has the exact same problem. The fact that TDX has encrypted memory is, at best, a poor proxy for the actual condition. The actual condition is that the host does not trust the device to implement the virtio protocol correctly. Right they can do similar limitations of feature sets. But again it cannot be default. > >> >> TDX and SEV use the arch hook to enforce DMA API, so that part is also >> solved. >> > Can you point me to the code you’re referring to? See 4/8 in this patch kit. It uses an existing hook which is already used in tree by s390. -Andi