* [PATCH v1 0/1] s390: virtio-ccw: PV needs VIRTIO I/O device protection
@ 2020-08-06 14:23 ` Pierre Morel
0 siblings, 0 replies; 8+ messages in thread
From: Pierre Morel @ 2020-08-06 14:23 UTC (permalink / raw)
To: linux-kernel
Cc: pasic, borntraeger, frankja, mst, jasowang, cohuck, kvm,
linux-s390, virtualization
Hi all,
In another series I proposed to add an architecture specific
callback to fail feature negociation on architecture need.
In VIRTIO, we already have an entry to reject the features on the
transport basis.
Transport is not architecture so I send a separate series in which
we fail the feature negociation inside virtio_ccw_finalize_features,
the virtio_config_ops.finalize_features for S390 CCW transport,
when the device do not propose the VIRTIO_F_IOMMU_PLATFORM.
This solves the problem of crashing QEMU when this one is not using
a CCW device with iommu_platform=on in S390.
Regards,
Pierre
Regards,
Pierre
Pierre Morel (1):
s390: virtio-ccw: PV needs VIRTIO I/O device protection
drivers/s390/virtio/virtio_ccw.c | 24 +++++++++++++++++++-----
1 file changed, 19 insertions(+), 5 deletions(-)
--
2.25.1
^ permalink raw reply [flat|nested] 8+ messages in thread
* [PATCH v1 0/1] s390: virtio-ccw: PV needs VIRTIO I/O device protection
@ 2020-08-06 14:23 ` Pierre Morel
0 siblings, 0 replies; 8+ messages in thread
From: Pierre Morel @ 2020-08-06 14:23 UTC (permalink / raw)
To: linux-kernel
Cc: linux-s390, frankja, kvm, mst, cohuck, virtualization, pasic,
borntraeger
Hi all,
In another series I proposed to add an architecture specific
callback to fail feature negociation on architecture need.
In VIRTIO, we already have an entry to reject the features on the
transport basis.
Transport is not architecture so I send a separate series in which
we fail the feature negociation inside virtio_ccw_finalize_features,
the virtio_config_ops.finalize_features for S390 CCW transport,
when the device do not propose the VIRTIO_F_IOMMU_PLATFORM.
This solves the problem of crashing QEMU when this one is not using
a CCW device with iommu_platform=on in S390.
Regards,
Pierre
Regards,
Pierre
Pierre Morel (1):
s390: virtio-ccw: PV needs VIRTIO I/O device protection
drivers/s390/virtio/virtio_ccw.c | 24 +++++++++++++++++++-----
1 file changed, 19 insertions(+), 5 deletions(-)
--
2.25.1
_______________________________________________
Virtualization mailing list
Virtualization@lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/virtualization
^ permalink raw reply [flat|nested] 8+ messages in thread
* [PATCH v1 1/1] s390: virtio-ccw: PV needs VIRTIO I/O device protection
2020-08-06 14:23 ` Pierre Morel
@ 2020-08-06 14:23 ` Pierre Morel
-1 siblings, 0 replies; 8+ messages in thread
From: Pierre Morel @ 2020-08-06 14:23 UTC (permalink / raw)
To: linux-kernel
Cc: pasic, borntraeger, frankja, mst, jasowang, cohuck, kvm,
linux-s390, virtualization
If protected virtualization is active on s390, the virtio queues are
not accessible to the host, unless VIRTIO_F_IOMMU_PLATFORM has been
negotiated. Use ccw_transport_features() to fail feature negociation
and consequently probe if that's not the case, preventing a host
error on access attempt.
Signed-off-by: Pierre Morel <pmorel@linux.ibm.com>
---
drivers/s390/virtio/virtio_ccw.c | 24 +++++++++++++++++++-----
1 file changed, 19 insertions(+), 5 deletions(-)
diff --git a/drivers/s390/virtio/virtio_ccw.c b/drivers/s390/virtio/virtio_ccw.c
index 5730572b52cd..cc8d8064c6c4 100644
--- a/drivers/s390/virtio/virtio_ccw.c
+++ b/drivers/s390/virtio/virtio_ccw.c
@@ -803,11 +803,23 @@ static u64 virtio_ccw_get_features(struct virtio_device *vdev)
return rc;
}
-static void ccw_transport_features(struct virtio_device *vdev)
+static int ccw_transport_features(struct virtio_device *vdev)
{
- /*
- * Currently nothing to do here.
- */
+ if (!is_prot_virt_guest())
+ return 0;
+
+ if (!virtio_has_feature(vdev, VIRTIO_F_VERSION_1)) {
+ dev_warn(&vdev->dev,
+ "device must provide VIRTIO_F_VERSION_1\n");
+ return -ENODEV;
+ }
+
+ if (!virtio_has_feature(vdev, VIRTIO_F_IOMMU_PLATFORM)) {
+ dev_warn(&vdev->dev,
+ "device must provide VIRTIO_F_IOMMU_PLATFORM\n");
+ return -ENODEV;
+ }
+ return 0;
}
static int virtio_ccw_finalize_features(struct virtio_device *vdev)
@@ -837,7 +849,9 @@ static int virtio_ccw_finalize_features(struct virtio_device *vdev)
vring_transport_features(vdev);
/* Give virtio_ccw a chance to accept features. */
- ccw_transport_features(vdev);
+ ret = ccw_transport_features(vdev);
+ if (ret)
+ goto out_free;
features->index = 0;
features->features = cpu_to_le32((u32)vdev->features);
--
2.25.1
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [PATCH v1 1/1] s390: virtio-ccw: PV needs VIRTIO I/O device protection
@ 2020-08-06 14:23 ` Pierre Morel
0 siblings, 0 replies; 8+ messages in thread
From: Pierre Morel @ 2020-08-06 14:23 UTC (permalink / raw)
To: linux-kernel
Cc: linux-s390, frankja, kvm, mst, cohuck, virtualization, pasic,
borntraeger
If protected virtualization is active on s390, the virtio queues are
not accessible to the host, unless VIRTIO_F_IOMMU_PLATFORM has been
negotiated. Use ccw_transport_features() to fail feature negociation
and consequently probe if that's not the case, preventing a host
error on access attempt.
Signed-off-by: Pierre Morel <pmorel@linux.ibm.com>
---
drivers/s390/virtio/virtio_ccw.c | 24 +++++++++++++++++++-----
1 file changed, 19 insertions(+), 5 deletions(-)
diff --git a/drivers/s390/virtio/virtio_ccw.c b/drivers/s390/virtio/virtio_ccw.c
index 5730572b52cd..cc8d8064c6c4 100644
--- a/drivers/s390/virtio/virtio_ccw.c
+++ b/drivers/s390/virtio/virtio_ccw.c
@@ -803,11 +803,23 @@ static u64 virtio_ccw_get_features(struct virtio_device *vdev)
return rc;
}
-static void ccw_transport_features(struct virtio_device *vdev)
+static int ccw_transport_features(struct virtio_device *vdev)
{
- /*
- * Currently nothing to do here.
- */
+ if (!is_prot_virt_guest())
+ return 0;
+
+ if (!virtio_has_feature(vdev, VIRTIO_F_VERSION_1)) {
+ dev_warn(&vdev->dev,
+ "device must provide VIRTIO_F_VERSION_1\n");
+ return -ENODEV;
+ }
+
+ if (!virtio_has_feature(vdev, VIRTIO_F_IOMMU_PLATFORM)) {
+ dev_warn(&vdev->dev,
+ "device must provide VIRTIO_F_IOMMU_PLATFORM\n");
+ return -ENODEV;
+ }
+ return 0;
}
static int virtio_ccw_finalize_features(struct virtio_device *vdev)
@@ -837,7 +849,9 @@ static int virtio_ccw_finalize_features(struct virtio_device *vdev)
vring_transport_features(vdev);
/* Give virtio_ccw a chance to accept features. */
- ccw_transport_features(vdev);
+ ret = ccw_transport_features(vdev);
+ if (ret)
+ goto out_free;
features->index = 0;
features->features = cpu_to_le32((u32)vdev->features);
--
2.25.1
_______________________________________________
Virtualization mailing list
Virtualization@lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/virtualization
^ permalink raw reply related [flat|nested] 8+ messages in thread
* Re: [PATCH v1 0/1] s390: virtio-ccw: PV needs VIRTIO I/O device protection
2020-08-06 14:23 ` Pierre Morel
@ 2020-08-06 15:47 ` Cornelia Huck
-1 siblings, 0 replies; 8+ messages in thread
From: Cornelia Huck @ 2020-08-06 15:47 UTC (permalink / raw)
To: Pierre Morel
Cc: linux-kernel, pasic, borntraeger, frankja, mst, jasowang, kvm,
linux-s390, virtualization
On Thu, 6 Aug 2020 16:23:01 +0200
Pierre Morel <pmorel@linux.ibm.com> wrote:
> Hi all,
>
> In another series I proposed to add an architecture specific
> callback to fail feature negociation on architecture need.
>
> In VIRTIO, we already have an entry to reject the features on the
> transport basis.
>
> Transport is not architecture so I send a separate series in which
> we fail the feature negociation inside virtio_ccw_finalize_features,
> the virtio_config_ops.finalize_features for S390 CCW transport,
> when the device do not propose the VIRTIO_F_IOMMU_PLATFORM.
>
> This solves the problem of crashing QEMU when this one is not using
> a CCW device with iommu_platform=on in S390.
This does work, and I'm tempted to queue this patch, but I'm wondering
whether we need to give up on a cross-architecture solution already
(especially keeping in mind that ccw is the only transport that is
really architecture-specific).
I know that we've gone through a few rounds already, and I'm not sure
whether we've been there already, but:
Could virtio_finalize_features() call an optional
arch_has_restricted_memory_access() function and do the enforcing of
IOMMU_PLATFORM? That would catch all transports, and things should work
once an architecture opts in. That direction also shouldn't be a
problem if virtio is a module.
>
> Regards,
> Pierre
>
> Regards,
> Pierre
>
> Pierre Morel (1):
> s390: virtio-ccw: PV needs VIRTIO I/O device protection
>
> drivers/s390/virtio/virtio_ccw.c | 24 +++++++++++++++++++-----
> 1 file changed, 19 insertions(+), 5 deletions(-)
>
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH v1 0/1] s390: virtio-ccw: PV needs VIRTIO I/O device protection
@ 2020-08-06 15:47 ` Cornelia Huck
0 siblings, 0 replies; 8+ messages in thread
From: Cornelia Huck @ 2020-08-06 15:47 UTC (permalink / raw)
To: Pierre Morel
Cc: linux-s390, frankja, kvm, mst, linux-kernel, virtualization,
pasic, borntraeger
On Thu, 6 Aug 2020 16:23:01 +0200
Pierre Morel <pmorel@linux.ibm.com> wrote:
> Hi all,
>
> In another series I proposed to add an architecture specific
> callback to fail feature negociation on architecture need.
>
> In VIRTIO, we already have an entry to reject the features on the
> transport basis.
>
> Transport is not architecture so I send a separate series in which
> we fail the feature negociation inside virtio_ccw_finalize_features,
> the virtio_config_ops.finalize_features for S390 CCW transport,
> when the device do not propose the VIRTIO_F_IOMMU_PLATFORM.
>
> This solves the problem of crashing QEMU when this one is not using
> a CCW device with iommu_platform=on in S390.
This does work, and I'm tempted to queue this patch, but I'm wondering
whether we need to give up on a cross-architecture solution already
(especially keeping in mind that ccw is the only transport that is
really architecture-specific).
I know that we've gone through a few rounds already, and I'm not sure
whether we've been there already, but:
Could virtio_finalize_features() call an optional
arch_has_restricted_memory_access() function and do the enforcing of
IOMMU_PLATFORM? That would catch all transports, and things should work
once an architecture opts in. That direction also shouldn't be a
problem if virtio is a module.
>
> Regards,
> Pierre
>
> Regards,
> Pierre
>
> Pierre Morel (1):
> s390: virtio-ccw: PV needs VIRTIO I/O device protection
>
> drivers/s390/virtio/virtio_ccw.c | 24 +++++++++++++++++++-----
> 1 file changed, 19 insertions(+), 5 deletions(-)
>
_______________________________________________
Virtualization mailing list
Virtualization@lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/virtualization
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH v1 0/1] s390: virtio-ccw: PV needs VIRTIO I/O device protection
2020-08-06 15:47 ` Cornelia Huck
@ 2020-08-07 14:25 ` Pierre Morel
-1 siblings, 0 replies; 8+ messages in thread
From: Pierre Morel @ 2020-08-07 14:25 UTC (permalink / raw)
To: Cornelia Huck
Cc: linux-kernel, pasic, borntraeger, frankja, mst, jasowang, kvm,
linux-s390, virtualization
On 2020-08-06 17:47, Cornelia Huck wrote:
> On Thu, 6 Aug 2020 16:23:01 +0200
...
> This does work, and I'm tempted to queue this patch, but I'm wondering
> whether we need to give up on a cross-architecture solution already
> (especially keeping in mind that ccw is the only transport that is
> really architecture-specific).
>
> I know that we've gone through a few rounds already, and I'm not sure
> whether we've been there already, but:
>
> Could virtio_finalize_features() call an optional
> arch_has_restricted_memory_access() function and do the enforcing of
> IOMMU_PLATFORM? That would catch all transports, and things should work
> once an architecture opts in. That direction also shouldn't be a
> problem if virtio is a module.
Yes thanks, I rework it in this direction.
--
Pierre Morel
IBM Lab Boeblingen
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH v1 0/1] s390: virtio-ccw: PV needs VIRTIO I/O device protection
@ 2020-08-07 14:25 ` Pierre Morel
0 siblings, 0 replies; 8+ messages in thread
From: Pierre Morel @ 2020-08-07 14:25 UTC (permalink / raw)
To: Cornelia Huck
Cc: linux-s390, frankja, kvm, mst, linux-kernel, virtualization,
pasic, borntraeger
On 2020-08-06 17:47, Cornelia Huck wrote:
> On Thu, 6 Aug 2020 16:23:01 +0200
...
> This does work, and I'm tempted to queue this patch, but I'm wondering
> whether we need to give up on a cross-architecture solution already
> (especially keeping in mind that ccw is the only transport that is
> really architecture-specific).
>
> I know that we've gone through a few rounds already, and I'm not sure
> whether we've been there already, but:
>
> Could virtio_finalize_features() call an optional
> arch_has_restricted_memory_access() function and do the enforcing of
> IOMMU_PLATFORM? That would catch all transports, and things should work
> once an architecture opts in. That direction also shouldn't be a
> problem if virtio is a module.
Yes thanks, I rework it in this direction.
--
Pierre Morel
IBM Lab Boeblingen
_______________________________________________
Virtualization mailing list
Virtualization@lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/virtualization
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2020-08-07 14:26 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-08-06 14:23 [PATCH v1 0/1] s390: virtio-ccw: PV needs VIRTIO I/O device protection Pierre Morel
2020-08-06 14:23 ` Pierre Morel
2020-08-06 14:23 ` [PATCH v1 1/1] " Pierre Morel
2020-08-06 14:23 ` Pierre Morel
2020-08-06 15:47 ` [PATCH v1 0/1] " Cornelia Huck
2020-08-06 15:47 ` Cornelia Huck
2020-08-07 14:25 ` Pierre Morel
2020-08-07 14:25 ` Pierre Morel
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.