From: Halil Pasic <pasic@linux.ibm.com>
To: Pierre Morel <pmorel@linux.ibm.com>
Cc: gor@linux.ibm.com, linux-s390@vger.kernel.org,
frankja@linux.ibm.com, kvm@vger.kernel.org, mst@redhat.com,
cohuck@redhat.com, linuxram@us.ibm.com,
linux-kernel@vger.kernel.org,
virtualization@lists.linux-foundation.org,
borntraeger@de.ibm.com, thomas.lendacky@amd.com,
hca@linux.ibm.com, david@gibson.dropbear.id.au
Subject: Re: [PATCH v11 2/2] s390: virtio: PV needs VIRTIO I/O device protection
Date: Tue, 8 Sep 2020 00:37:14 +0200 [thread overview]
Message-ID: <20200908003714.6233107d.pasic@linux.ibm.com> (raw)
In-Reply-To: <1599471547-28631-3-git-send-email-pmorel@linux.ibm.com>
On Mon, 7 Sep 2020 11:39:07 +0200
Pierre Morel <pmorel@linux.ibm.com> wrote:
> If protected virtualization is active on s390, VIRTIO has only retricted
> access to the guest memory.
> Define CONFIG_ARCH_HAS_RESTRICTED_VIRTIO_MEMORY_ACCESS and export
> arch_has_restricted_virtio_memory_access to advertize VIRTIO if that's
> the case, preventing a host error on access attempt.
The description is a little inaccurate, but I don't care hence the r-b.
The function arch_has_restricted_virtio_memory_access() returning true
can not prevent the host from attempting to access memory if it decides
to do so. And as far as I know there was no host error on access attempt.
The page gets exported, and the host will operate on the encrypted
page. But in the end we do run into trouble, which is usually fatal for
the guest (not the host).
What we actually do here is the following. If we detect
an ill configured device we fail it (device status field), because
attempting to drive it is a recipe for disaster.
>
> Signed-off-by: Pierre Morel <pmorel@linux.ibm.com>
> Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Reviewed-by: Halil Pasic <pasic@linux.ibm.com>
_______________________________________________
Virtualization mailing list
Virtualization@lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/virtualization
next prev parent reply other threads:[~2020-09-07 22:37 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-09-07 9:39 [PATCH v11 0/2] s390: virtio: let arch validate VIRTIO features Pierre Morel
2020-09-07 9:39 ` [PATCH v11 1/2] virtio: let arch advertise guest's memory access restrictions Pierre Morel
2020-09-07 22:22 ` Halil Pasic
2020-09-07 9:39 ` [PATCH v11 2/2] s390: virtio: PV needs VIRTIO I/O device protection Pierre Morel
2020-09-07 22:37 ` Halil Pasic [this message]
2020-09-08 13:39 ` kernel test robot
2020-09-07 22:39 ` [PATCH v11 0/2] s390: virtio: let arch validate VIRTIO features Halil Pasic
2020-09-08 6:55 ` Cornelia Huck
2020-09-08 8:35 ` Michael S. Tsirkin
2020-09-08 7:57 ` Michael S. Tsirkin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200908003714.6233107d.pasic@linux.ibm.com \
--to=pasic@linux.ibm.com \
--cc=borntraeger@de.ibm.com \
--cc=cohuck@redhat.com \
--cc=david@gibson.dropbear.id.au \
--cc=frankja@linux.ibm.com \
--cc=gor@linux.ibm.com \
--cc=hca@linux.ibm.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-s390@vger.kernel.org \
--cc=linuxram@us.ibm.com \
--cc=mst@redhat.com \
--cc=pmorel@linux.ibm.com \
--cc=thomas.lendacky@amd.com \
--cc=virtualization@lists.linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).