Thread (1 message) 1 message, 1 author, 2021-08-24

Re: [PATCH v4 11/15] pci: Add pci_iomap_shared{,_range}

From: "Michael S. Tsirkin" <mst@redhat.com>
Date: 2021-08-24 09:12:17
Also in: linux-alpha, linux-arch, linux-doc, linux-mips, linux-pci, lkml, sparclinux

On Mon, Aug 23, 2021 at 05:30:54PM -0700, Kuppuswamy, Sathyanarayanan wrote:

On 8/23/21 4:56 PM, Michael S. Tsirkin wrote:
quoted
quoted
Add a new variant of pci_iomap for mapping all PCI resources
of a devices as shared memory with a hypervisor in a confidential
guest.

Signed-off-by: Andi Kleen<redacted>
Signed-off-by: Kuppuswamy Sathyanarayanan<sathyanarayanan.kuppuswamy@linux.intel.com>
I'm a bit puzzled by this part. So why should the guest*not*  map
pci memory as shared? And if the answer is never (as it seems to be)
then why not just make regular pci_iomap DTRT?
It is in the context of confidential guest (where VMM is un-trusted). So
we don't want to make all PCI resource as shared. It should be allowed
only for hardened drivers/devices.
I can't say this answers the question at all. PCI devices are part of
the VMM and so un-trusted. In particular PCI devices do not have
the key to decrypt memory. Therefore as far as I can see PCI resources
should not be encrypted.  I conclude they all should be marked
shared.

If I'm wrong can you please give an example of a PCI resource
that is encrypted?

-- 
MST

_______________________________________________
Virtualization mailing list
Virtualization@lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/virtualization
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help