From: "Michael S. Tsirkin" <mst@redhat.com>
To: Cornelia Huck <cohuck@redhat.com>
Cc: Pierre Morel <pmorel@linux.ibm.com>,
linux-kernel@vger.kernel.org, pasic@linux.ibm.com,
borntraeger@de.ibm.com, frankja@linux.ibm.com,
jasowang@redhat.com, kvm@vger.kernel.org,
linux-s390@vger.kernel.org,
virtualization@lists.linux-foundation.org,
thomas.lendacky@amd.com, david@gibson.dropbear.id.au,
linuxram@us.ibm.com, heiko.carstens@de.ibm.com,
gor@linux.ibm.com
Subject: Re: [PATCH v4 2/2] s390: virtio: PV needs VIRTIO I/O device protection
Date: Tue, 7 Jul 2020 07:14:49 -0400 [thread overview]
Message-ID: <20200707060838-mutt-send-email-mst@kernel.org> (raw)
In-Reply-To: <20200707114633.68122a00.cohuck@redhat.com>
On Tue, Jul 07, 2020 at 11:46:33AM +0200, Cornelia Huck wrote:
> On Tue, 7 Jul 2020 10:44:37 +0200
> Pierre Morel <pmorel@linux.ibm.com> wrote:
>
> > S390, protecting the guest memory against unauthorized host access
> > needs to enforce VIRTIO I/O device protection through the use of
> > VIRTIO_F_VERSION_1 and VIRTIO_F_IOMMU_PLATFORM.
>
> Hm... what about:
>
> "If protected virtualization is active on s390, the virtio queues are
> not accessible to the host, unless VIRTIO_F_IOMMU_PLATFORM has been
> negotiated. Use the new arch_validate_virtio_features() interface to
> enforce this."
s/enforce this/fail probe if that's not the case, preventing a host error on access attempt/
> >
> > Signed-off-by: Pierre Morel <pmorel@linux.ibm.com>
> > ---
> > arch/s390/kernel/uv.c | 25 +++++++++++++++++++++++++
> > 1 file changed, 25 insertions(+)
> >
> > diff --git a/arch/s390/kernel/uv.c b/arch/s390/kernel/uv.c
> > index c296e5c8dbf9..106330f6eda1 100644
> > --- a/arch/s390/kernel/uv.c
> > +++ b/arch/s390/kernel/uv.c
> > @@ -14,6 +14,7 @@
> > #include <linux/memblock.h>
> > #include <linux/pagemap.h>
> > #include <linux/swap.h>
> > +#include <linux/virtio_config.h>
> > #include <asm/facility.h>
> > #include <asm/sections.h>
> > #include <asm/uv.h>
> > @@ -413,3 +414,27 @@ static int __init uv_info_init(void)
> > }
> > device_initcall(uv_info_init);
> > #endif
> > +
> > +/*
> > + * arch_validate_virtio_iommu_platform
>
> s/arch_validate_virtio_iommu_platform/arch_validate_virtio_features/
>
> > + * @dev: the VIRTIO device being added
> > + *
> > + * Return value: returns -ENODEV if any features of the
> > + * device breaks the protected virtualization
> > + * 0 otherwise.
>
> I don't think you need to specify the contract here: that belongs to
> the definition in the virtio core. What about simply adding a sentence
> "Return an error if required features are missing on a guest running
> with protected virtualization." ?
>
> > + */
> > +int arch_validate_virtio_features(struct virtio_device *dev)
> > +{
>
> Maybe jump out immediately if the guest is not protected?
>
> > + if (!virtio_has_feature(dev, VIRTIO_F_VERSION_1)) {
> > + dev_warn(&dev->dev, "device must provide VIRTIO_F_VERSION_1\n");
> > + return is_prot_virt_guest() ? -ENODEV : 0;
> > + }
> > +
> > + if (!virtio_has_feature(dev, VIRTIO_F_IOMMU_PLATFORM)) {
> > + dev_warn(&dev->dev,
> > + "device must provide VIRTIO_F_IOMMU_PLATFORM\n");
> > + return is_prot_virt_guest() ? -ENODEV : 0;
> > + }
>
> if (!is_prot_virt_guest())
> return 0;
>
> if (!virtio_has_feature(dev, VIRTIO_F_VERSION_1)) {
> dev_warn(&dev->dev,
> "legacy virtio is incompatible with protected guests");
> return -ENODEV;
> }
>
> if (!virtio_has_feature(dev, VIRTIO_F_IOMMU_PLATFORM)) {
> dev_warn(&dev->dev,
> "device does not work with limited memory access in protected guests");
> return -ENODEV;
> }
>
> > +
> > + return 0;
> > +}
next prev parent reply other threads:[~2020-07-07 11:14 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-07-07 8:44 [PATCH v4 0/2] s390: virtio: let arch validate VIRTIO features Pierre Morel
2020-07-07 8:44 ` [PATCH v4 1/2] " Pierre Morel
2020-07-07 9:26 ` Cornelia Huck
2020-07-07 10:39 ` Pierre Morel
2020-07-07 11:09 ` Christian Borntraeger
2020-07-07 11:17 ` Pierre Morel
2020-07-07 8:44 ` [PATCH v4 2/2] s390: virtio: PV needs VIRTIO I/O device protection Pierre Morel
2020-07-07 9:46 ` Cornelia Huck
2020-07-07 10:38 ` Pierre Morel
2020-07-07 11:19 ` Halil Pasic
2020-07-07 11:14 ` Michael S. Tsirkin [this message]
2020-07-07 11:19 ` Pierre Morel
2020-07-07 11:12 ` Christian Borntraeger
2020-07-07 11:16 ` Pierre Morel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200707060838-mutt-send-email-mst@kernel.org \
--to=mst@redhat.com \
--cc=borntraeger@de.ibm.com \
--cc=cohuck@redhat.com \
--cc=david@gibson.dropbear.id.au \
--cc=frankja@linux.ibm.com \
--cc=gor@linux.ibm.com \
--cc=heiko.carstens@de.ibm.com \
--cc=jasowang@redhat.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-s390@vger.kernel.org \
--cc=linuxram@us.ibm.com \
--cc=pasic@linux.ibm.com \
--cc=pmorel@linux.ibm.com \
--cc=thomas.lendacky@amd.com \
--cc=virtualization@lists.linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).