Thread (55 messages) 55 messages, 7 authors, 2021-09-27

Re: [PATCH v4 11/15] pci: Add pci_iomap_shared{,_range}

From: "Michael S. Tsirkin" <mst@redhat.com>
Date: 2021-08-24 09:12:17
Also in: linux-arch, linux-doc, linux-mips, linux-pci, lkml, sparclinux, virtualization

On Mon, Aug 23, 2021 at 05:30:54PM -0700, Kuppuswamy, Sathyanarayanan wrote:

On 8/23/21 4:56 PM, Michael S. Tsirkin wrote:
quoted
quoted
Add a new variant of pci_iomap for mapping all PCI resources
of a devices as shared memory with a hypervisor in a confidential
guest.

Signed-off-by: Andi Kleen<redacted>
Signed-off-by: Kuppuswamy Sathyanarayanan<sathyanarayanan.kuppuswamy@linux.intel.com>
I'm a bit puzzled by this part. So why should the guest*not*  map
pci memory as shared? And if the answer is never (as it seems to be)
then why not just make regular pci_iomap DTRT?
It is in the context of confidential guest (where VMM is un-trusted). So
we don't want to make all PCI resource as shared. It should be allowed
only for hardened drivers/devices.
I can't say this answers the question at all. PCI devices are part of
the VMM and so un-trusted. In particular PCI devices do not have
the key to decrypt memory. Therefore as far as I can see PCI resources
should not be encrypted.  I conclude they all should be marked
shared.

If I'm wrong can you please give an example of a PCI resource
that is encrypted?

-- 
MST
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help