virtualization.lists.linux-foundation.org archive mirror
 help / color / mirror / Atom feed
From: Halil Pasic <pasic@linux.ibm.com>
To: Jason Wang <jasowang@redhat.com>
Cc: "Paul E. McKenney" <paulmck@kernel.org>,
	"Michael S. Tsirkin" <mst@redhat.com>,
	Peter Zijlstra <peterz@infradead.org>,
	Marc Zyngier <maz@kernel.org>, Cornelia Huck <cohuck@redhat.com>,
	linux-kernel <linux-kernel@vger.kernel.org>,
	virtualization <virtualization@lists.linux-foundation.org>,
	Halil Pasic <pasic@linux.ibm.com>,
	Thomas Gleixner <tglx@linutronix.de>
Subject: Re: [PATCH V2 4/5] virtio-pci: implement synchronize_vqs()
Date: Tue, 12 Apr 2022 09:55:19 +0200	[thread overview]
Message-ID: <20220412095519.245cf9f7.pasic@linux.ibm.com> (raw)
In-Reply-To: <CACGkMEvDSv+sZwLYqqfP-jzDzonmon+CxeSXkvyd6F-CbfV3tQ@mail.gmail.com>

On Tue, 12 Apr 2022 10:24:35 +0800
Jason Wang <jasowang@redhat.com> wrote:

> > Regarding the question "are we safe against notifications before
> > indicators have been registered" I think we really need to think about
> > something like Secure Execution. We don't have, and we are unlikely
> > to have in hardware virtio-ccw implementations, and for a malicious hypervisor
> > that has full access to the guest memory hardening makes no sense.  
> 
> Does s390 have something like memory encryption? (I guess yes). In the
> case of x86 VM encryption, the I/O buffers were now done via software
> IOTLB, that's why hardening of the virtio driver is needed to prevent
> the hypervisor to poke the swiotlb etc.

Yep! Secure Execution is a confidential computing solution which is much
like encrypted guest memory, except for one gets exceptions when trying
to access private memory instead of ending up with garbage  because of
the encryption. These improvements are IMHO relevant to us!

Regards,
Halil
_______________________________________________
Virtualization mailing list
Virtualization@lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/virtualization

  reply	other threads:[~2022-04-12  7:56 UTC|newest]

Thread overview: 33+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-04-06  8:35 [PATCH V2 0/5] rework on the IRQ hardening of virtio Jason Wang
2022-04-06  8:35 ` [PATCH V2 1/5] virtio: use virtio_device_ready() in virtio_device_restore() Jason Wang
2022-04-06 11:44   ` Michael S. Tsirkin
2022-04-07  6:19     ` Jason Wang
2022-04-06  8:35 ` [PATCH V2 2/5] virtio: use virtio_reset_device() when possible Jason Wang
2022-04-06 11:53   ` Michael S. Tsirkin
2022-04-06  8:35 ` [PATCH V2 3/5] virtio: introduce config op to synchronize vring callbacks Jason Wang
2022-04-06 11:59   ` Michael S. Tsirkin
2022-04-07  6:25     ` Jason Wang
2022-04-06  8:35 ` [PATCH V2 4/5] virtio-pci: implement synchronize_vqs() Jason Wang
2022-04-06 12:00   ` Michael S. Tsirkin
2022-04-06 13:04     ` Cornelia Huck
2022-04-06 15:31       ` Michael S. Tsirkin
2022-04-07  6:38         ` Jason Wang
2022-04-07  7:52           ` Cornelia Huck
2022-04-07  8:04             ` Jason Wang
2022-04-08 13:03       ` Halil Pasic
2022-04-10  7:51         ` Michael S. Tsirkin
2022-04-11  8:22           ` Jason Wang
2022-04-11  8:56             ` Michael S. Tsirkin
2022-04-12  2:21               ` Jason Wang
2022-04-11 14:27             ` Cornelia Huck
2022-04-12  0:01               ` Halil Pasic
2022-04-12  2:24                 ` Jason Wang
2022-04-12  7:55                   ` Halil Pasic [this message]
2022-04-12 16:48                 ` Cornelia Huck
2022-04-13  2:53                   ` Jason Wang
2022-04-13  6:41                     ` Cornelia Huck
2022-04-06  8:35 ` [PATCH V2 5/5] virtio: harden vring IRQ Jason Wang
2022-04-06 12:04   ` Michael S. Tsirkin
2022-04-07  6:39     ` Jason Wang
2022-04-06 11:36 ` [PATCH V2 0/5] rework on the IRQ hardening of virtio Michael S. Tsirkin
2022-04-07  6:12   ` Jason Wang

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20220412095519.245cf9f7.pasic@linux.ibm.com \
    --to=pasic@linux.ibm.com \
    --cc=cohuck@redhat.com \
    --cc=jasowang@redhat.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=maz@kernel.org \
    --cc=mst@redhat.com \
    --cc=paulmck@kernel.org \
    --cc=peterz@infradead.org \
    --cc=tglx@linutronix.de \
    --cc=virtualization@lists.linux-foundation.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).