RE: [PATCH v5 06/14] x86/ioremap: Support hypervisor specified range to map... | netdev

[PATCH v5 00/14] Add PCI pass-thru support to Hyper-V Confidential VMs · Michael Kelley <hidden> · 2023-01-12
[PATCH v5 01/14] x86/ioapic: Gate decrypted mapping on cc_platform_has() attribute · Michael Kelley <hidden> · 2023-01-12
[PATCH v5 03/14] Drivers: hv: Explicitly request decrypted in vmap_pfn() calls · Michael Kelley <hidden> · 2023-01-12
[PATCH v5 02/14] x86/hyperv: Reorder code to facilitate future work · Michael Kelley <hidden> · 2023-01-12
[PATCH v5 05/14] init: Call mem_encrypt_init() after Hyper-V hypercall init is done · Michael Kelley <hidden> · 2023-01-12
[PATCH v5 06/14] x86/ioremap: Support hypervisor specified range to map as encrypted · Michael Kelley <hidden> · 2023-01-12
Re: [PATCH v5 06/14] x86/ioremap: Support hypervisor specified range to map as encrypted · Borislav Petkov <bp@alien8.de> · 2023-01-20
RE: [PATCH v5 06/14] x86/ioremap: Support hypervisor specified range to map as encrypted · Michael Kelley (LINUX) <hidden> · 2023-01-21
Re: [PATCH v5 06/14] x86/ioremap: Support hypervisor specified range to map as encrypted · Borislav Petkov <bp@alien8.de> · 2023-01-25
RE: [PATCH v5 06/14] x86/ioremap: Support hypervisor specified range to map as encrypted · Michael Kelley (LINUX) <hidden> · 2023-02-02
Re: [PATCH v5 06/14] x86/ioremap: Support hypervisor specified range to map as encrypted · Borislav Petkov <bp@alien8.de> · 2023-02-07
RE: [PATCH v5 06/14] x86/ioremap: Support hypervisor specified range to map as encrypted · Michael Kelley (LINUX) <hidden> · 2023-02-07
Re: [PATCH v5 06/14] x86/ioremap: Support hypervisor specified range to map as encrypted · Borislav Petkov <bp@alien8.de> · 2023-02-07
RE: [PATCH v5 06/14] x86/ioremap: Support hypervisor specified range to map as encrypted · Michael Kelley (LINUX) <hidden> · 2023-02-07
Re: [PATCH v5 06/14] x86/ioremap: Support hypervisor specified range to map as encrypted · Borislav Petkov <bp@alien8.de> · 2023-02-07
RE: [PATCH v5 06/14] x86/ioremap: Support hypervisor specified range to map as encrypted · Michael Kelley (LINUX) <hidden> · 2023-02-07
RE: [PATCH v5 06/14] x86/ioremap: Support hypervisor specified range to map as encrypted · Michael Kelley (LINUX) <hidden> · 2023-02-08
Re: [PATCH v5 06/14] x86/ioremap: Support hypervisor specified range to map as encrypted · Dave Hansen <hidden> · 2023-02-08
RE: [PATCH v5 06/14] x86/ioremap: Support hypervisor specified range to map as encrypted · Michael Kelley (LINUX) <hidden> · 2023-02-09
Re: [PATCH v5 06/14] x86/ioremap: Support hypervisor specified range to map as encrypted · Dave Hansen <hidden> · 2023-02-08
RE: [PATCH v5 06/14] x86/ioremap: Support hypervisor specified range to map as encrypted · Michael Kelley (LINUX) <hidden> · 2023-02-09
Re: [PATCH v5 06/14] x86/ioremap: Support hypervisor specified range to map as encrypted · Sean Christopherson <seanjc@google.com> · 2023-02-10
Re: [PATCH v5 06/14] x86/ioremap: Support hypervisor specified range to map as encrypted · Dave Hansen <hidden> · 2023-02-10
Re: [PATCH v5 06/14] x86/ioremap: Support hypervisor specified range to map as encrypted · Borislav Petkov <bp@alien8.de> · 2023-02-10
RE: [PATCH v5 06/14] x86/ioremap: Support hypervisor specified range to map as encrypted · Michael Kelley (LINUX) <hidden> · 2023-02-10
Re: [PATCH v5 06/14] x86/ioremap: Support hypervisor specified range to map as encrypted · Borislav Petkov <bp@alien8.de> · 2023-02-10
Re: [PATCH v5 06/14] x86/ioremap: Support hypervisor specified range to map as encrypted · Dave Hansen <hidden> · 2023-02-10
Re: [PATCH v5 06/14] x86/ioremap: Support hypervisor specified range to map as encrypted · Sean Christopherson <seanjc@google.com> · 2023-02-10
Re: [PATCH v5 06/14] x86/ioremap: Support hypervisor specified range to map as encrypted · Sean Christopherson <seanjc@google.com> · 2023-02-10
RE: [PATCH v5 06/14] x86/ioremap: Support hypervisor specified range to map as encrypted · Michael Kelley (LINUX) <hidden> · 2023-02-10
Re: [PATCH v5 06/14] x86/ioremap: Support hypervisor specified range to map as encrypted · Sean Christopherson <seanjc@google.com> · 2023-02-10
RE: [PATCH v5 06/14] x86/ioremap: Support hypervisor specified range to map as encrypted · Michael Kelley (LINUX) <hidden> · 2023-02-14
Re: [PATCH v5 06/14] x86/ioremap: Support hypervisor specified range to map as encrypted · Borislav Petkov <bp@alien8.de> · 2023-02-16
RE: [PATCH v5 06/14] x86/ioremap: Support hypervisor specified range to map as encrypted · Michael Kelley (LINUX) <hidden> · 2023-02-16
Re: [PATCH v5 06/14] x86/ioremap: Support hypervisor specified range to map as encrypted · Borislav Petkov <bp@alien8.de> · 2023-02-16
RE: [PATCH v5 06/14] x86/ioremap: Support hypervisor specified range to map as encrypted · Michael Kelley (LINUX) <hidden> · 2023-02-17
Re: [PATCH v5 06/14] x86/ioremap: Support hypervisor specified range to map as encrypted · Borislav Petkov <bp@alien8.de> · 2023-02-17
Re: [PATCH v5 06/14] x86/ioremap: Support hypervisor specified range to map as encrypted · Sean Christopherson <seanjc@google.com> · 2023-02-22
Re: [PATCH v5 06/14] x86/ioremap: Support hypervisor specified range to map as encrypted · Borislav Petkov <bp@alien8.de> · 2023-02-22
Re: [PATCH v5 06/14] x86/ioremap: Support hypervisor specified range to map as encrypted · Sean Christopherson <seanjc@google.com> · 2023-02-22
Re: [PATCH v5 06/14] x86/ioremap: Support hypervisor specified range to map as encrypted · Borislav Petkov <bp@alien8.de> · 2023-02-22
Re: [PATCH v5 06/14] x86/ioremap: Support hypervisor specified range to map as encrypted · Sean Christopherson <seanjc@google.com> · 2023-02-23
Re: [PATCH v5 06/14] x86/ioremap: Support hypervisor specified range to map as encrypted · Borislav Petkov <bp@alien8.de> · 2023-02-23
RE: [PATCH v5 06/14] x86/ioremap: Support hypervisor specified range to map as encrypted · Michael Kelley (LINUX) <hidden> · 2023-02-23
Re: [PATCH v5 06/14] x86/ioremap: Support hypervisor specified range to map as encrypted · Dave Hansen <hidden> · 2023-02-23
Re: [PATCH v5 06/14] x86/ioremap: Support hypervisor specified range to map as encrypted · Borislav Petkov <bp@alien8.de> · 2023-03-06
Re: [PATCH v5 06/14] x86/ioremap: Support hypervisor specified range to map as encrypted · David Woodhouse <dwmw2@infradead.org> · 2023-03-09
Re: [PATCH v5 06/14] x86/ioremap: Support hypervisor specified range to map as encrypted · Borislav Petkov <bp@alien8.de> · 2023-03-09
Re: [PATCH v5 06/14] x86/ioremap: Support hypervisor specified range to map as encrypted · David Woodhouse <dwmw2@infradead.org> · 2023-03-09
Re: [PATCH v5 06/14] x86/ioremap: Support hypervisor specified range to map as encrypted · Tom Lendacky <thomas.lendacky@amd.com> · 2023-03-09
Re: [PATCH v5 06/14] x86/ioremap: Support hypervisor specified range to map as encrypted · Jörg Rödel <joro@8bytes.org> · 2023-03-09
Re: [PATCH v5 06/14] x86/ioremap: Support hypervisor specified range to map as encrypted · Borislav Petkov <bp@alien8.de> · 2023-03-09
Re: [PATCH v5 06/14] x86/ioremap: Support hypervisor specified range to map as encrypted · David Woodhouse <dwmw2@infradead.org> · 2023-03-09
Re: [PATCH v5 06/14] x86/ioremap: Support hypervisor specified range to map as encrypted · Borislav Petkov <bp@alien8.de> · 2023-03-09
Re: [PATCH v5 06/14] x86/ioremap: Support hypervisor specified range to map as encrypted · David Woodhouse <dwmw2@infradead.org> · 2023-03-10
Re: [PATCH v5 06/14] x86/ioremap: Support hypervisor specified range to map as encrypted · Dave Hansen <hidden> · 2023-02-23
Re: [PATCH v5 06/14] x86/ioremap: Support hypervisor specified range to map as encrypted · Dave Hansen <hidden> · 2023-02-23
RE: [PATCH v5 06/14] x86/ioremap: Support hypervisor specified range to map as encrypted · Michael Kelley (LINUX) <hidden> · 2023-02-23
Re: [PATCH v5 06/14] x86/ioremap: Support hypervisor specified range to map as encrypted · Sean Christopherson <seanjc@google.com> · 2023-02-23
RE: [PATCH v5 06/14] x86/ioremap: Support hypervisor specified range to map as encrypted · Michael Kelley (LINUX) <hidden> · 2023-02-23
Re: [PATCH v5 06/14] x86/ioremap: Support hypervisor specified range to map as encrypted · Dave Hansen <hidden> · 2023-02-23
[PATCH v5 08/14] swiotlb: Remove bounce buffer remapping for Hyper-V · Michael Kelley <hidden> · 2023-01-12
[PATCH v5 07/14] x86/hyperv: Change vTOM handling to use standard coco mechanisms · Michael Kelley <hidden> · 2023-01-12
[PATCH v5 09/14] Drivers: hv: vmbus: Remove second mapping of VMBus monitor pages · Michael Kelley <hidden> · 2023-01-12
[PATCH v5 04/14] x86/mm: Handle decryption/re-encryption of bss_decrypted consistently · Michael Kelley <hidden> · 2023-01-12
[PATCH v5 10/14] Drivers: hv: vmbus: Remove second way of mapping ring buffers · Michael Kelley <hidden> · 2023-01-12
[PATCH v5 11/14] hv_netvsc: Remove second mapping of send and recv buffers · Michael Kelley <hidden> · 2023-01-12
[PATCH v5 12/14] Drivers: hv: Don't remap addresses that are above shared_gpa_boundary · Michael Kelley <hidden> · 2023-01-12
[PATCH v5 13/14] PCI: hv: Add hypercalls to read/write MMIO space · Michael Kelley <hidden> · 2023-01-12
[PATCH v5 14/14] PCI: hv: Enable PCI pass-thru devices in Confidential VMs · Michael Kelley <hidden> · 2023-01-12

RE: [PATCH v5 06/14] x86/ioremap: Support hypervisor specified range to map as encrypted

From: Michael Kelley (LINUX) <hidden>
Date: 2023-02-10 19:15:50
Also in: linux-arch, linux-hyperv, linux-iommu, linux-pci, lkml

From: Borislav Petkov <bp@alien8.de> Sent: Friday, February 10, 2023 11:04 AM

On Fri, Feb 10, 2023 at 06:41:54PM +0000, Sean Christopherson wrote:

quoted

Anyways, tying things back to the actual code being discussed, I vote against
CC_ATTR_PARAVISOR.  Being able to trust device emulation is not unique to a
paravisor.  A single flag also makes too many assumptions about what is trusted
and thus should be accessed encrypted.

I'm not crazy about the alternative either: one flag per access type:
IO APIC, vTPM, and soon.

FWIW, I don't think the list of devices to be accessed encrypted is likely
to grow significantly.  Is one or two more possible?  Perhaps.  Does it
become a list of ten?  I doubt it.

One approach is to go with the individual device attributes for now.
If the list does grow significantly, there will probably be patterns
or groupings that we can't discern now.  We could restructure into
larger buckets at that point based on those patterns/groupings.

Michael

Soon this will become an unmaintainable zoo of different guest types
people want the kernel to support. I don't think I want that madness in
kernel proper.

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help