From: Marc Zyngier <maz@kernel.org>
To: Jason Gunthorpe <jgg@nvidia.com>
Cc: Alexander Gordeev <agordeev@linux.ibm.com>,
Alex Williamson <alex.williamson@redhat.com>,
Lu Baolu <baolu.lu@linux.intel.com>,
Christian Borntraeger <borntraeger@linux.ibm.com>,
Cornelia Huck <cohuck@redhat.com>,
David Woodhouse <dwmw2@infradead.org>,
Gerald Schaefer <gerald.schaefer@linux.ibm.com>,
Vasily Gorbik <gor@linux.ibm.com>,
Heiko Carstens <hca@linux.ibm.com>,
iommu@lists.linux.dev, Joerg Roedel <joro@8bytes.org>,
Kevin Tian <kevin.tian@intel.com>,
kvm@vger.kernel.org, linux-s390@vger.kernel.org,
Robin Murphy <robin.murphy@arm.com>,
Suravee Suthikulpanit <suravee.suthikulpanit@amd.com>,
Sven Schnelle <svens@linux.ibm.com>,
Thomas Gleixner <tglx@linutronix.de>,
Will Deacon <will@kernel.org>,
Bharat Bhushan <bharat.bhushan@nxp.com>,
Christian Borntraeger <borntraeger@de.ibm.com>,
Eric Auger <eric.auger@redhat.com>,
Eric Farman <farman@linux.ibm.com>,
Marc Zyngier <marc.zyngier@arm.com>,
Matthew Rosato <mjrosato@linux.ibm.com>,
Tomasz Nowicki <tomasz.nowicki@caviumnetworks.com>,
Will Deacon <will.deacon@arm.com>
Subject: Re: [PATCH iommufd 1/9] irq: Add msi_device_has_secure_msi()
Date: Fri, 09 Dec 2022 13:59:35 +0000 [thread overview]
Message-ID: <86bkocr83c.wl-maz@kernel.org> (raw)
In-Reply-To: <1-v1-9e466539c244+47b5-secure_msi_jgg@nvidia.com>
On Thu, 08 Dec 2022 20:26:28 +0000,
Jason Gunthorpe <jgg@nvidia.com> wrote:
>
> This will replace irq_domain_check_msi_remap() in following patches.
>
> The new API makes it more clear what "msi_remap" actually means from a
> functional perspective instead of identifying an implementation specific
> HW feature.
>
> Secure MSI means that an irq_domain on the path from the initiating device
irq_domain is a SW construct, and you are trying to validate something
that is HW property.
"Secure" is also a terribly overloaded term that means very different
things in non-x86 circles. When I read this, I see an ARM system with
a device generating an MSI with the "secure" bit set as part of the
transaction and identifying the memory access as being part of the
"secure" domain.
But that's not what you mean at all.
> to the CPU will validate that the MSI message specifies an interrupt
> number that the initiating device is authorized to trigger. Secure MSI
> must block devices from triggering interrupts they are not authorized to
> trigger. Currently authorization means the MSI vector is one assigned to
> the device.
What you are describing here is a *device isolation* property, and I'd
rather we stay away from calling that "secure". If anything, I'd
rather call everything else "broken".
M.
--
Without deviation from the norm, progress is not possible.
next prev parent reply other threads:[~2022-12-09 13:59 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-12-08 20:26 [PATCH iommufd 0/9] Remove IOMMU_CAP_INTR_REMAP Jason Gunthorpe
2022-12-08 20:26 ` [PATCH iommufd 1/9] irq: Add msi_device_has_secure_msi() Jason Gunthorpe
2022-12-09 13:59 ` Marc Zyngier [this message]
2022-12-09 14:10 ` Jason Gunthorpe
2022-12-09 14:18 ` Marc Zyngier
2022-12-08 20:26 ` [PATCH iommufd 2/9] vfio/type1: Check that every device supports IOMMU_CAP_INTR_REMAP Jason Gunthorpe
2022-12-08 21:48 ` Alex Williamson
2022-12-09 0:44 ` Jason Gunthorpe
2022-12-09 10:24 ` Robin Murphy
2022-12-08 20:26 ` [PATCH iommufd 3/9] vfio/type1: Convert to msi_device_has_secure_msi() Jason Gunthorpe
2022-12-08 20:26 ` [PATCH iommufd 4/9] iommufd: " Jason Gunthorpe
2022-12-09 6:01 ` Tian, Kevin
2022-12-09 14:47 ` Jason Gunthorpe
2022-12-09 16:44 ` Robin Murphy
2022-12-09 17:38 ` Jason Gunthorpe
2022-12-12 15:17 ` Thomas Gleixner
2022-12-12 15:47 ` Jason Gunthorpe
2022-12-12 16:25 ` Thomas Gleixner
2022-12-08 20:26 ` [PATCH iommufd 5/9] irq: Remove unused irq_domain_check_msi_remap() code Jason Gunthorpe
2022-12-08 20:26 ` [PATCH iommufd 6/9] irq: Rename MSI_REMAP to SECURE_MSI Jason Gunthorpe
2022-12-08 20:26 ` [PATCH iommufd 7/9] iommu/x86: Replace IOMMU_CAP_INTR_REMAP with IRQ_DOMAIN_FLAG_SECURE_MSI Jason Gunthorpe
2022-12-08 20:26 ` [PATCH iommufd 8/9] irq/s390: Add arch_is_secure_msi() for s390 Jason Gunthorpe
2022-12-08 20:26 ` [PATCH iommufd 9/9] iommu: Remove IOMMU_CAP_INTR_REMAP Jason Gunthorpe
2022-12-08 23:37 ` [PATCH iommufd 0/9] " Matthew Rosato
2022-12-09 0:42 ` Jason Gunthorpe
2022-12-09 5:54 ` Tian, Kevin
2022-12-09 14:38 ` Jason Gunthorpe
2022-12-09 15:21 ` Jason Gunthorpe
2022-12-09 19:57 ` Thomas Gleixner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=86bkocr83c.wl-maz@kernel.org \
--to=maz@kernel.org \
--cc=agordeev@linux.ibm.com \
--cc=alex.williamson@redhat.com \
--cc=baolu.lu@linux.intel.com \
--cc=bharat.bhushan@nxp.com \
--cc=borntraeger@de.ibm.com \
--cc=borntraeger@linux.ibm.com \
--cc=cohuck@redhat.com \
--cc=dwmw2@infradead.org \
--cc=eric.auger@redhat.com \
--cc=farman@linux.ibm.com \
--cc=gerald.schaefer@linux.ibm.com \
--cc=gor@linux.ibm.com \
--cc=hca@linux.ibm.com \
--cc=iommu@lists.linux.dev \
--cc=jgg@nvidia.com \
--cc=joro@8bytes.org \
--cc=kevin.tian@intel.com \
--cc=kvm@vger.kernel.org \
--cc=linux-s390@vger.kernel.org \
--cc=marc.zyngier@arm.com \
--cc=mjrosato@linux.ibm.com \
--cc=robin.murphy@arm.com \
--cc=suravee.suthikulpanit@amd.com \
--cc=svens@linux.ibm.com \
--cc=tglx@linutronix.de \
--cc=tomasz.nowicki@caviumnetworks.com \
--cc=will.deacon@arm.com \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox