From: "Daniel P. Berrangé" <berrange@redhat.com>
To: David Gibson <david@gibson.dropbear.id.au>
Cc: pair@us.ibm.com, brijesh.singh@amd.com, frankja@linux.ibm.com,
kvm@vger.kernel.org, mst@redhat.com, cohuck@redhat.com,
david@redhat.com, qemu-devel@nongnu.org, dgilbert@redhat.com,
pasic@linux.ibm.com, qemu-s390x@nongnu.org, qemu-ppc@nongnu.org,
pbonzini@redhat.com, Richard Henderson <rth@twiddle.net>,
mdroth@linux.vnet.ibm.com, Eduardo Habkost <ehabkost@redhat.com>
Subject: Re: [PATCH v3 9/9] host trust limitation: Alter virtio default properties for protected guests
Date: Fri, 19 Jun 2020 11:12:45 +0100 [thread overview]
Message-ID: <20200619101245.GC700896@redhat.com> (raw)
In-Reply-To: <20200619020602.118306-10-david@gibson.dropbear.id.au>
On Fri, Jun 19, 2020 at 12:06:02PM +1000, David Gibson wrote:
> The default behaviour for virtio devices is not to use the platforms normal
> DMA paths, but instead to use the fact that it's running in a hypervisor
> to directly access guest memory. That doesn't work if the guest's memory
> is protected from hypervisor access, such as with AMD's SEV or POWER's PEF.
>
> So, if a host trust limitation mechanism is enabled, then apply the
> iommu_platform=on option so it will go through normal DMA mechanisms.
> Those will presumably have some way of marking memory as shared with the
> hypervisor or hardware so that DMA will work.
>
> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
> ---
> hw/core/machine.c | 11 +++++++++++
> 1 file changed, 11 insertions(+)
>
> diff --git a/hw/core/machine.c b/hw/core/machine.c
> index a71792bc16..8dfc1bb3f8 100644
> --- a/hw/core/machine.c
> +++ b/hw/core/machine.c
> @@ -28,6 +28,8 @@
> #include "hw/mem/nvdimm.h"
> #include "migration/vmstate.h"
> #include "exec/host-trust-limitation.h"
> +#include "hw/virtio/virtio.h"
> +#include "hw/virtio/virtio-pci.h"
>
> GlobalProperty hw_compat_5_0[] = {
> { "virtio-balloon-device", "page-poison", "false" },
> @@ -1165,6 +1167,15 @@ void machine_run_board_init(MachineState *machine)
> * areas.
> */
> machine_set_mem_merge(OBJECT(machine), false, &error_abort);
> +
> + /*
> + * Virtio devices can't count on directly accessing guest
> + * memory, so they need iommu_platform=on to use normal DMA
> + * mechanisms. That requires disabling legacy virtio support
> + * for virtio pci devices
> + */
> + object_register_sugar_prop(TYPE_VIRTIO_PCI, "disable-legacy", "on");
> + object_register_sugar_prop(TYPE_VIRTIO_DEVICE, "iommu_platform", "on");
> }
Silently changing the user's request configuration like this is a bad idea.
The "disable-legacy" option in particular is undesirable as that switches
the device to virtio-1.0 only mode, which exposes a different PCI ID to
the guest.
If some options are incompatible with encryption, then we should raise a
fatal error at startup, so applications/admins are aware that their requested
config is broken.
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
next prev parent reply other threads:[~2020-06-19 10:14 UTC|newest]
Thread overview: 56+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-06-19 2:05 [PATCH v3 0/9] Generalize memory encryption models David Gibson
2020-06-19 2:05 ` [PATCH v3 1/9] host trust limitation: Introduce new host trust limitation interface David Gibson
2020-06-26 11:01 ` Dr. David Alan Gilbert
2020-07-14 19:26 ` Richard Henderson
2020-06-19 2:05 ` [PATCH v3 2/9] host trust limitation: Handle memory encryption via interface David Gibson
2020-06-19 2:05 ` [PATCH v3 3/9] host trust limitation: Move side effect out of machine_set_memory_encryption() David Gibson
2020-06-19 2:05 ` [PATCH v3 4/9] host trust limitation: Rework the "memory-encryption" property David Gibson
2020-07-14 19:36 ` Richard Henderson
2020-06-19 2:05 ` [PATCH v3 5/9] host trust limitation: Decouple kvm_memcrypt_*() helpers from KVM David Gibson
2020-06-19 2:05 ` [PATCH v3 6/9] host trust limitation: Add Error ** to HostTrustLimitation::kvm_init David Gibson
2020-06-19 2:06 ` [PATCH v3 7/9] spapr: Add PEF based host trust limitation David Gibson
2020-06-19 2:06 ` [PATCH v3 8/9] spapr: PEF: block migration David Gibson
2020-06-26 10:33 ` Dr. David Alan Gilbert
2020-07-05 7:38 ` David Gibson
2020-06-19 2:06 ` [PATCH v3 9/9] host trust limitation: Alter virtio default properties for protected guests David Gibson
2020-06-19 10:12 ` Daniel P. Berrangé [this message]
2020-06-19 11:46 ` Michael S. Tsirkin
2020-06-19 11:47 ` Michael S. Tsirkin
2020-06-19 12:16 ` Daniel P. Berrangé
2020-06-19 20:04 ` Halil Pasic
2020-06-24 7:55 ` Michael S. Tsirkin
2020-06-25 4:57 ` David Gibson
2020-06-25 5:02 ` David Gibson
2020-06-19 14:45 ` David Gibson
2020-06-19 15:05 ` Daniel P. Berrangé
2020-06-20 8:24 ` David Gibson
2020-06-22 9:09 ` Daniel P. Berrangé
2020-06-25 5:06 ` David Gibson
2020-06-19 2:42 ` [PATCH v3 0/9] Generalize memory encryption models no-reply
2020-06-19 8:28 ` David Hildenbrand
2020-06-19 9:45 ` Cornelia Huck
2020-06-19 9:56 ` David Hildenbrand
2020-06-19 10:05 ` Cornelia Huck
2020-06-19 10:10 ` David Hildenbrand
2020-06-22 12:02 ` Cornelia Huck
2020-06-25 5:25 ` David Gibson
2020-06-25 7:06 ` David Hildenbrand
2020-06-26 4:42 ` David Gibson
2020-06-26 6:53 ` David Hildenbrand
2020-06-26 9:01 ` Janosch Frank
2020-06-26 9:32 ` Daniel P. Berrangé
2020-06-26 9:49 ` Janosch Frank
2020-06-26 10:29 ` Dr. David Alan Gilbert
2020-06-26 10:58 ` Daniel P. Berrangé
2020-06-26 12:49 ` Janosch Frank
2020-07-01 11:59 ` Halil Pasic
2020-06-19 9:48 ` David Gibson
2020-06-19 10:04 ` David Hildenbrand
2020-06-25 5:42 ` David Gibson
2020-06-25 6:59 ` David Hildenbrand
2020-06-25 9:49 ` Cornelia Huck
2020-06-22 14:27 ` Christian Borntraeger
2020-06-24 7:06 ` Cornelia Huck
2020-06-25 5:47 ` David Gibson
2020-06-25 5:48 ` David Gibson
2020-06-25 5:44 ` David Gibson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200619101245.GC700896@redhat.com \
--to=berrange@redhat.com \
--cc=brijesh.singh@amd.com \
--cc=cohuck@redhat.com \
--cc=david@gibson.dropbear.id.au \
--cc=david@redhat.com \
--cc=dgilbert@redhat.com \
--cc=ehabkost@redhat.com \
--cc=frankja@linux.ibm.com \
--cc=kvm@vger.kernel.org \
--cc=mdroth@linux.vnet.ibm.com \
--cc=mst@redhat.com \
--cc=pair@us.ibm.com \
--cc=pasic@linux.ibm.com \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=qemu-ppc@nongnu.org \
--cc=qemu-s390x@nongnu.org \
--cc=rth@twiddle.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).