From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E826542BE2 for ; Thu, 5 Oct 2023 20:34:44 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="YxLYOc8G" Received: by smtp.kernel.org (Postfix) with ESMTPSA id F2C61C433C8; Thu, 5 Oct 2023 20:34:43 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1696538084; bh=32IWGcl/GhLZ3tegbGVzkBqng/XbsFXjV2W9sDN1IaY=; h=Date:From:To:Cc:Subject:In-Reply-To:From; b=YxLYOc8GFP90I4Qy7piJ2uW3Mydkjmt+GKzOfIJP1dMkj9hSr6to2W9muxd7RukI/ wdHdVqAG61HQqdffBx/9Oz3g4NJDpzaLH63to74WjxZLPEOfo5HrLH3nYB2DviFL49 n7JcH3a9NerZVzzBZCNX2LtR/kMHhAzwXqwcmw3QFC39pNzy07rp7NlhuwT9cUQ0iZ U1UhM3GGv+Oh1hCmfMrIDCK3dvC4nEz3iT5cxpulGSRle9wzR0q/yTMnSQUWi8LQLS YYLQe2P3wp5k482GvCK6BW7PqkWC5nMaBdMVm9EVXC9PGyD+IRRpTiSiWVUlaQKQjZ XEy4QwveN7JyQ== Date: Thu, 5 Oct 2023 15:34:42 -0500 From: Bjorn Helgaas To: Lukas Wunner Cc: Jonathan Cameron , David Howells , David Woodhouse , Herbert Xu , "David S. Miller" , Alex Williamson , linux-pci@vger.kernel.org, linux-cxl@vger.kernel.org, linux-coco@lists.linux.dev, keyrings@vger.kernel.org, linux-crypto@vger.kernel.org, kvm@vger.kernel.org, linuxarm@huawei.com, David Box , Dan Williams , Dave Jiang , "Li, Ming" , Zhi Wang , Alistair Francis , Wilfred Mallawa , Alexey Kardashevskiy , Tom Lendacky , Sean Christopherson , Alexander Graf Subject: Re: [PATCH 12/12] PCI/CMA: Grant guests exclusive control of authentication Message-ID: <20231005203442.GA790578@bhelgaas> Precedence: bulk X-Mailing-List: linux-coco@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20231003193058.GA16417@wunner.de> On Tue, Oct 03, 2023 at 09:30:58PM +0200, Lukas Wunner wrote: > On Tue, Oct 03, 2023 at 04:40:48PM +0100, Jonathan Cameron wrote: > > On Thu, 28 Sep 2023 19:32:42 +0200 Lukas Wunner wrote: > > > At any given time, only a single entity in a physical system may have > > > an SPDM connection to a device. That's because the GET_VERSION request > > > (which begins an authentication sequence) resets "the connection and all > > > context associated with that connection" (SPDM 1.3.0 margin no 158). > > > > > > Thus, when a device is passed through to a guest and the guest has > > > authenticated it, a subsequent authentication by the host would reset > > > the device's CMA-SPDM session behind the guest's back. > > > > > > Prevent by letting the guest claim exclusive CMA ownership of the device > > > during passthrough. Refuse CMA reauthentication on the host as long. > > > After passthrough has concluded, reauthenticate the device on the host. > Could you (as an English native speaker) comment on the clarity of the > two sentences "Prevent ... as long." above, as Ilpo objected to them? > > The antecedent of "Prevent" is the undesirable behaviour in the preceding > sentence (host resets guest's SPDM connection). I think this means "prevent a reauthentication by the host behind the guest's back" (which seems to match the first diff hunk), but I agree it would be helpful to make the connection clearer, e.g., When passing a device through to a guest, mark it as "CMA owned exclusively by the guest" for the duration of the passthrough to prevent the host from reauthenticating and resetting the device's CMA-SPDM session. > The antecedent of "as long" is "during passthrough" in the preceding > sentence. "as long" definitely needs something to connect it with the passthrough. Bjorn