Re: [PATCH v5 12/16] PCI: Add pci_iomap_host_shared(), pci_iomap_host_shared_range()

[PATCH v5 00/16] Add TDX Guest Support (shared-mm support) · Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com> · 2021-10-09
[PATCH v5 01/16] x86/mm: Move force_dma_unencrypted() to common code · Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com> · 2021-10-09
Re: [PATCH v5 01/16] x86/mm: Move force_dma_unencrypted() to common code · Tom Lendacky <thomas.lendacky@amd.com> · 2021-10-20
Re: [PATCH v5 01/16] x86/mm: Move force_dma_unencrypted() to common code · Sathyanarayanan Kuppuswamy <sathyanarayanan.kuppuswamy@linux.intel.com> · 2021-10-20
[PATCH v5 02/16] x86/tdx: Get TD execution environment information via TDINFO · Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com> · 2021-10-09
[PATCH v5 03/16] x86/tdx: Exclude Shared bit from physical_mask · Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com> · 2021-10-09
Re: [PATCH v5 03/16] x86/tdx: Exclude Shared bit from physical_mask · Sean Christopherson <seanjc@google.com> · 2021-11-05
Re: [PATCH v5 03/16] x86/tdx: Exclude Shared bit from physical_mask · Kirill A. Shutemov <hidden> · 2021-11-08
[PATCH v5 04/16] x86/tdx: Make pages shared in ioremap() · Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com> · 2021-10-09
Re: [PATCH v5 04/16] x86/tdx: Make pages shared in ioremap() · Tom Lendacky <thomas.lendacky@amd.com> · 2021-10-20
Re: [PATCH v5 04/16] x86/tdx: Make pages shared in ioremap() · Sathyanarayanan Kuppuswamy <sathyanarayanan.kuppuswamy@linux.intel.com> · 2021-10-20
[PATCH v5 05/16] x86/tdx: Add helper to do MapGPA hypercall · Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com> · 2021-10-09
[PATCH v5 06/16] x86/tdx: Make DMA pages shared · Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com> · 2021-10-09
Re: [PATCH v5 06/16] x86/tdx: Make DMA pages shared · Tom Lendacky <thomas.lendacky@amd.com> · 2021-10-20
Re: [PATCH v5 06/16] x86/tdx: Make DMA pages shared · Sathyanarayanan Kuppuswamy <sathyanarayanan.kuppuswamy@linux.intel.com> · 2021-10-20
Re: [PATCH v5 06/16] x86/tdx: Make DMA pages shared · Tom Lendacky <thomas.lendacky@amd.com> · 2021-10-20
Re: [PATCH v5 06/16] x86/tdx: Make DMA pages shared · Sathyanarayanan Kuppuswamy <sathyanarayanan.kuppuswamy@linux.intel.com> · 2021-10-20
[PATCH v5 08/16] x86/tdx: ioapic: Add shared bit for IOAPIC base address · Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com> · 2021-10-09
[PATCH v5 09/16] x86/tdx: Enable shared memory confidential guest flags for TDX guest · Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com> · 2021-10-09
[PATCH v5 07/16] x86/kvm: Use bounce buffers for TD guest · Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com> · 2021-10-09
Re: [PATCH v5 07/16] x86/kvm: Use bounce buffers for TD guest · Tom Lendacky <thomas.lendacky@amd.com> · 2021-10-20
Re: [PATCH v5 07/16] x86/kvm: Use bounce buffers for TD guest · Sathyanarayanan Kuppuswamy <sathyanarayanan.kuppuswamy@linux.intel.com> · 2021-10-20
Re: [PATCH v5 07/16] x86/kvm: Use bounce buffers for TD guest · Tom Lendacky <thomas.lendacky@amd.com> · 2021-10-20
[PATCH v5 10/16] PCI: Consolidate pci_iomap_range(), pci_iomap_wc_range() · Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com> · 2021-10-09
[PATCH v5 11/16] asm/io.h: Add ioremap_host_shared fallback · Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com> · 2021-10-09
[PATCH v5 12/16] PCI: Add pci_iomap_host_shared(), pci_iomap_host_shared_range() · Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com> · 2021-10-09
Re: [PATCH v5 12/16] PCI: Add pci_iomap_host_shared(), pci_iomap_host_shared_range() · "Michael S. Tsirkin" <mst@redhat.com> · 2021-10-09
Re: [PATCH v5 12/16] PCI: Add pci_iomap_host_shared(), pci_iomap_host_shared_range() · Dan Williams <hidden> · 2021-10-09
Re: [PATCH v5 12/16] PCI: Add pci_iomap_host_shared(), pci_iomap_host_shared_range() · Andi Kleen <hidden> · 2021-10-10
Re: [PATCH v5 12/16] PCI: Add pci_iomap_host_shared(), pci_iomap_host_shared_range() · Dan Williams <hidden> · 2021-10-12
Re: [PATCH v5 12/16] PCI: Add pci_iomap_host_shared(), pci_iomap_host_shared_range() · Andi Kleen <hidden> · 2021-10-12
Re: [PATCH v5 12/16] PCI: Add pci_iomap_host_shared(), pci_iomap_host_shared_range() · Dan Williams <hidden> · 2021-10-12
Re: [PATCH v5 12/16] PCI: Add pci_iomap_host_shared(), pci_iomap_host_shared_range() · "Michael S. Tsirkin" <mst@redhat.com> · 2021-10-12
Re: [PATCH v5 12/16] PCI: Add pci_iomap_host_shared(), pci_iomap_host_shared_range() · Andi Kleen <hidden> · 2021-10-12
Re: [PATCH v5 12/16] PCI: Add pci_iomap_host_shared(), pci_iomap_host_shared_range() · Andi Kleen <hidden> · 2021-10-12
Re: [PATCH v5 12/16] PCI: Add pci_iomap_host_shared(), pci_iomap_host_shared_range() · Dan Williams <hidden> · 2021-10-12
Re: [PATCH v5 12/16] PCI: Add pci_iomap_host_shared(), pci_iomap_host_shared_range() · Greg KH <gregkh@linuxfoundation.org> · 2021-10-18
RE: [PATCH v5 12/16] PCI: Add pci_iomap_host_shared(), pci_iomap_host_shared_range() · "Reshetova, Elena" <elena.reshetova@intel.com> · 2021-10-12
Re: [PATCH v5 12/16] PCI: Add pci_iomap_host_shared(), pci_iomap_host_shared_range() · Andi Kleen <hidden> · 2021-10-12
RE: [PATCH v5 12/16] PCI: Add pci_iomap_host_shared(), pci_iomap_host_shared_range() · "Reshetova, Elena" <elena.reshetova@intel.com> · 2021-10-12
Re: [PATCH v5 12/16] PCI: Add pci_iomap_host_shared(), pci_iomap_host_shared_range() · Dan Williams <hidden> · 2021-10-12
Re: [PATCH v5 12/16] PCI: Add pci_iomap_host_shared(), pci_iomap_host_shared_range() · Andi Kleen <hidden> · 2021-10-12
Re: [PATCH v5 12/16] PCI: Add pci_iomap_host_shared(), pci_iomap_host_shared_range() · "Michael S. Tsirkin" <mst@redhat.com> · 2021-10-12
RE: [PATCH v5 12/16] PCI: Add pci_iomap_host_shared(), pci_iomap_host_shared_range() · "Reshetova, Elena" <elena.reshetova@intel.com> · 2021-10-14
Re: [PATCH v5 12/16] PCI: Add pci_iomap_host_shared(), pci_iomap_host_shared_range() · "Michael S. Tsirkin" <mst@redhat.com> · 2021-10-14
RE: [PATCH v5 12/16] PCI: Add pci_iomap_host_shared(), pci_iomap_host_shared_range() · "Reshetova, Elena" <elena.reshetova@intel.com> · 2021-10-14
Re: [PATCH v5 12/16] PCI: Add pci_iomap_host_shared(), pci_iomap_host_shared_range() · "Michael S. Tsirkin" <mst@redhat.com> · 2021-10-14
RE: [PATCH v5 12/16] PCI: Add pci_iomap_host_shared(), pci_iomap_host_shared_range() · "Reshetova, Elena" <elena.reshetova@intel.com> · 2021-10-14
Re: [PATCH v5 12/16] PCI: Add pci_iomap_host_shared(), pci_iomap_host_shared_range() · "Michael S. Tsirkin" <mst@redhat.com> · 2021-10-17
Re: [PATCH v5 12/16] PCI: Add pci_iomap_host_shared(), pci_iomap_host_shared_range() · "Michael S. Tsirkin" <mst@redhat.com> · 2021-10-14
RE: [PATCH v5 12/16] PCI: Add pci_iomap_host_shared(), pci_iomap_host_shared_range() · Thomas Gleixner <hidden> · 2021-10-17
RE: [PATCH v5 12/16] PCI: Add pci_iomap_host_shared(), pci_iomap_host_shared_range() · "Reshetova, Elena" <elena.reshetova@intel.com> · 2021-10-18
Re: [PATCH v5 12/16] PCI: Add pci_iomap_host_shared(), pci_iomap_host_shared_range() · Thomas Gleixner <hidden> · 2021-10-18
Re: [PATCH v5 12/16] PCI: Add pci_iomap_host_shared(), pci_iomap_host_shared_range() · Thomas Gleixner <hidden> · 2021-10-18
Re: [PATCH v5 12/16] PCI: Add pci_iomap_host_shared(), pci_iomap_host_shared_range() · Greg KH <gregkh@linuxfoundation.org> · 2021-10-18
Re: [PATCH v5 12/16] PCI: Add pci_iomap_host_shared(), pci_iomap_host_shared_range() · Andi Kleen <hidden> · 2021-10-10
Re: [PATCH v5 12/16] PCI: Add pci_iomap_host_shared(), pci_iomap_host_shared_range() · "Michael S. Tsirkin" <mst@redhat.com> · 2021-10-11
Re: [PATCH v5 12/16] PCI: Add pci_iomap_host_shared(), pci_iomap_host_shared_range() · Andi Kleen <hidden> · 2021-10-11
Re: [PATCH v5 12/16] PCI: Add pci_iomap_host_shared(), pci_iomap_host_shared_range() · "Michael S. Tsirkin" <mst@redhat.com> · 2021-10-11
Re: [PATCH v5 12/16] PCI: Add pci_iomap_host_shared(), pci_iomap_host_shared_range() · Greg KH <gregkh@linuxfoundation.org> · 2021-10-18
Re: [PATCH v5 12/16] PCI: Add pci_iomap_host_shared(), pci_iomap_host_shared_range() · "Michael S. Tsirkin" <mst@redhat.com> · 2021-10-18
Re: [PATCH v5 12/16] PCI: Add pci_iomap_host_shared(), pci_iomap_host_shared_range() · Christoph Hellwig <hch@infradead.org> · 2021-10-11
Re: [PATCH v5 12/16] PCI: Add pci_iomap_host_shared(), pci_iomap_host_shared_range() · Andi Kleen <hidden> · 2021-10-11
Re: [PATCH v5 12/16] PCI: Add pci_iomap_host_shared(), pci_iomap_host_shared_range() · "Michael S. Tsirkin" <mst@redhat.com> · 2021-10-11
Re: [PATCH v5 12/16] PCI: Add pci_iomap_host_shared(), pci_iomap_host_shared_range() · Christoph Hellwig <hch@infradead.org> · 2021-10-12
Re: [PATCH v5 12/16] PCI: Add pci_iomap_host_shared(), pci_iomap_host_shared_range() · Andi Kleen <hidden> · 2021-10-12
[PATCH v5 13/16] PCI: Mark MSI data shared · Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com> · 2021-10-09
[PATCH v5 14/16] virtio: Use shared mappings for virtio PCI devices · Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com> · 2021-10-09
[PATCH v5 15/16] x86/tdx: Implement ioremap_host_shared for x86 · Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com> · 2021-10-09
[PATCH v5 16/16] x86/tdx: Add cmdline option to force use of ioremap_host_shared · Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com> · 2021-10-09
Re: [PATCH v5 16/16] x86/tdx: Add cmdline option to force use of ioremap_host_shared · Randy Dunlap <hidden> · 2021-10-09
Re: [PATCH v5 16/16] x86/tdx: Add cmdline option to force use of ioremap_host_shared · "Kuppuswamy, Sathyanarayanan" <sathyanarayanan.kuppuswamy@linux.intel.com> · 2021-10-09
Re: [PATCH v5 16/16] x86/tdx: Add cmdline option to force use of ioremap_host_shared · "Michael S. Tsirkin" <mst@redhat.com> · 2021-10-09
Re: [PATCH v5 16/16] x86/tdx: Add cmdline option to force use of ioremap_host_shared · Andi Kleen <hidden> · 2021-10-11
Re: [PATCH v5 16/16] x86/tdx: Add cmdline option to force use of ioremap_host_shared · "Michael S. Tsirkin" <mst@redhat.com> · 2021-10-11
Re: [PATCH v5 16/16] x86/tdx: Add cmdline option to force use of ioremap_host_shared · Andi Kleen <hidden> · 2021-10-11
Re: [PATCH v5 16/16] x86/tdx: Add cmdline option to force use of ioremap_host_shared · "Michael S. Tsirkin" <mst@redhat.com> · 2021-10-11
Re: [PATCH v5 16/16] x86/tdx: Add cmdline option to force use of ioremap_host_shared · Andi Kleen <hidden> · 2021-10-12
Re: [PATCH v5 16/16] x86/tdx: Add cmdline option to force use of ioremap_host_shared · "Michael S. Tsirkin" <mst@redhat.com> · 2021-10-12
Re: [PATCH v5 16/16] x86/tdx: Add cmdline option to force use of ioremap_host_shared · Andi Kleen <hidden> · 2021-10-12
Re: [PATCH v5 16/16] x86/tdx: Add cmdline option to force use of ioremap_host_shared · "Michael S. Tsirkin" <mst@redhat.com> · 2021-10-12
Re: [PATCH v5 16/16] x86/tdx: Add cmdline option to force use of ioremap_host_shared · Andi Kleen <hidden> · 2021-10-15
Re: [PATCH v5 16/16] x86/tdx: Add cmdline option to force use of ioremap_host_shared · "Michael S. Tsirkin" <mst@redhat.com> · 2021-10-15

From: Dan Williams <hidden>
Date: 2021-10-09 20:40:14
Also in: linux-arch, linux-doc, linux-mips, linux-pci, lkml, sparclinux, virtualization

On Sat, Oct 9, 2021 at 2:53 AM Michael S. Tsirkin [off-list ref] wrote:

On Fri, Oct 08, 2021 at 05:37:07PM -0700, Kuppuswamy Sathyanarayanan wrote:

quoted

From: Andi Kleen <redacted>

For Confidential VM guests like TDX, the host is untrusted and hence
the devices emulated by the host or any data coming from the host
cannot be trusted. So the drivers that interact with the outside world
have to be hardened by sharing memory with host on need basis
with proper hardening fixes.

For the PCI driver case, to share the memory with the host add
pci_iomap_host_shared() and pci_iomap_host_shared_range() APIs.

Signed-off-by: Andi Kleen <redacted>
Signed-off-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com>

So I proposed to make all pci mappings shared, eliminating the need
to patch drivers.

To which Andi replied
        One problem with removing the ioremap opt-in is that
        it's still possible for drivers to get at devices without going through probe.

To which Greg replied:
https://lore.kernel.org/all/YVXBNJ431YIWwZdQ@kroah.com/ (local)
        If there are in-kernel PCI drivers that do not do this, they need to be
        fixed today.

Can you guys resolve the differences here?

I agree with you and Greg here. If a driver is accessing hardware
resources outside of the bind lifetime of one of the devices it
supports, and in a way that neither modrobe-policy nor
device-authorization -policy infrastructure can block, that sounds
like a bug report. Fix those drivers instead of sprinkling
ioremap_shared in select places and with unclear rules about when a
driver is allowed to do "shared" mappings. Let the new
device-authorization mechanism (with policy in userspace) be the
central place where all of these driver "trust" issues are managed.

And once they are resolved, mention this in the commit log so
I don't get to re-read the series just to find out nothing
changed in this respect?

I frankly do not believe we are anywhere near being able to harden
an arbitrary kernel config against attack.
How about creating a defconfig that makes sense for TDX then?
Anyone deviating from that better know what they are doing,
this API tweaking is just putting policy into the kernel  ...

Right, userspace authorization policy and select driver fixups seems
to be the answer to the raised concerns.

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help