* [PATCH v2 0/2] kernel: add new infrastructure for platform_has() support
@ 2022-04-27 15:33 ` Juergen Gross via Virtualization
0 siblings, 0 replies; 11+ messages in thread
From: Juergen Gross @ 2022-04-27 15:33 UTC (permalink / raw)
To: linux-kernel, linux-arch, x86, linux-s390, linux-hyperv, virtualization
Cc: Juergen Gross, Arnd Bergmann, Heiko Carstens, Vasily Gorbik,
Alexander Gordeev, Christian Borntraeger, Sven Schnelle,
Thomas Gleixner, Ingo Molnar, Borislav Petkov, Dave Hansen,
H. Peter Anvin, K. Y. Srinivasan, Haiyang Zhang,
Stephen Hemminger, Wei Liu, Dexuan Cui, Andy Lutomirski,
Peter Zijlstra, Michael S. Tsirkin, Jason Wang,
Christoph Hellwig, Oleksandr Tyshchenko
In another patch series [1] the need has come up to have support for
a generic feature flag infrastructure.
This patch series is introducing that infrastructure and adds the first
use case.
I have decided to use a similar interface as the already known x86
cpu_has() function. As the new infrastructure is meant to be usable for
general and arch-specific feature flags, the flags are being spread
between a general bitmap and an arch specific one.
The bitmaps start all being zero, single features can be set or reset
at any time by using the related platform_[re]set_feature() functions.
The platform_has() function is using a simple test_bit() call for now,
further optimization might be added when needed.
[1]: https://lore.kernel.org/lkml/1650646263-22047-1-git-send-email-olekstysh@gmail.com/T/#t
Juergen Gross (2):
kernel: add platform_has() infrastructure
virtio: replace arch_has_restricted_virtio_memory_access()
MAINTAINERS | 8 ++++++++
arch/s390/Kconfig | 1 -
arch/s390/mm/init.c | 13 +++----------
arch/x86/Kconfig | 1 -
arch/x86/kernel/cpu/mshyperv.c | 5 ++++-
arch/x86/mm/mem_encrypt.c | 6 ------
arch/x86/mm/mem_encrypt_amd.c | 4 ++++
drivers/virtio/Kconfig | 6 ------
drivers/virtio/virtio.c | 5 ++---
include/asm-generic/Kbuild | 1 +
include/asm-generic/platform-feature.h | 8 ++++++++
include/linux/platform-feature.h | 16 +++++++++++++++
include/linux/virtio_config.h | 9 ---------
kernel/Makefile | 2 +-
kernel/platform-feature.c | 27 ++++++++++++++++++++++++++
15 files changed, 74 insertions(+), 38 deletions(-)
create mode 100644 include/asm-generic/platform-feature.h
create mode 100644 include/linux/platform-feature.h
create mode 100644 kernel/platform-feature.c
--
2.34.1
^ permalink raw reply [flat|nested] 11+ messages in thread
* [PATCH v2 0/2] kernel: add new infrastructure for platform_has() support
@ 2022-04-27 15:33 ` Juergen Gross via Virtualization
0 siblings, 0 replies; 11+ messages in thread
From: Juergen Gross via Virtualization @ 2022-04-27 15:33 UTC (permalink / raw)
To: linux-kernel, linux-arch, x86, linux-s390, linux-hyperv, virtualization
Cc: Michael S. Tsirkin, Peter Zijlstra, Dave Hansen, H. Peter Anvin,
Alexander Gordeev, Wei Liu, Stephen Hemminger, Vasily Gorbik,
Dexuan Cui, Christoph Hellwig, Ingo Molnar, Haiyang Zhang,
Arnd Bergmann, Heiko Carstens, Borislav Petkov, Andy Lutomirski,
Thomas Gleixner, Juergen Gross, Oleksandr Tyshchenko,
Sven Schnelle
In another patch series [1] the need has come up to have support for
a generic feature flag infrastructure.
This patch series is introducing that infrastructure and adds the first
use case.
I have decided to use a similar interface as the already known x86
cpu_has() function. As the new infrastructure is meant to be usable for
general and arch-specific feature flags, the flags are being spread
between a general bitmap and an arch specific one.
The bitmaps start all being zero, single features can be set or reset
at any time by using the related platform_[re]set_feature() functions.
The platform_has() function is using a simple test_bit() call for now,
further optimization might be added when needed.
[1]: https://lore.kernel.org/lkml/1650646263-22047-1-git-send-email-olekstysh@gmail.com/T/#t
Juergen Gross (2):
kernel: add platform_has() infrastructure
virtio: replace arch_has_restricted_virtio_memory_access()
MAINTAINERS | 8 ++++++++
arch/s390/Kconfig | 1 -
arch/s390/mm/init.c | 13 +++----------
arch/x86/Kconfig | 1 -
arch/x86/kernel/cpu/mshyperv.c | 5 ++++-
arch/x86/mm/mem_encrypt.c | 6 ------
arch/x86/mm/mem_encrypt_amd.c | 4 ++++
drivers/virtio/Kconfig | 6 ------
drivers/virtio/virtio.c | 5 ++---
include/asm-generic/Kbuild | 1 +
include/asm-generic/platform-feature.h | 8 ++++++++
include/linux/platform-feature.h | 16 +++++++++++++++
include/linux/virtio_config.h | 9 ---------
kernel/Makefile | 2 +-
kernel/platform-feature.c | 27 ++++++++++++++++++++++++++
15 files changed, 74 insertions(+), 38 deletions(-)
create mode 100644 include/asm-generic/platform-feature.h
create mode 100644 include/linux/platform-feature.h
create mode 100644 kernel/platform-feature.c
--
2.34.1
_______________________________________________
Virtualization mailing list
Virtualization@lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/virtualization
^ permalink raw reply [flat|nested] 11+ messages in thread
* [PATCH v2 1/2] kernel: add platform_has() infrastructure
2022-04-27 15:33 ` Juergen Gross via Virtualization
@ 2022-04-27 15:33 ` Juergen Gross via Virtualization
-1 siblings, 0 replies; 11+ messages in thread
From: Juergen Gross @ 2022-04-27 15:33 UTC (permalink / raw)
To: linux-kernel, linux-arch, x86, linux-s390, linux-hyperv, virtualization
Cc: Juergen Gross, Arnd Bergmann, Heiko Carstens, Vasily Gorbik,
Alexander Gordeev, Christian Borntraeger, Sven Schnelle,
Thomas Gleixner, Ingo Molnar, Borislav Petkov, Dave Hansen,
H. Peter Anvin, K. Y. Srinivasan, Haiyang Zhang,
Stephen Hemminger, Wei Liu, Dexuan Cui, Andy Lutomirski,
Peter Zijlstra, Michael S. Tsirkin, Jason Wang,
Christoph Hellwig, Oleksandr Tyshchenko
Add a simple infrastructure for setting, resetting and querying
platform feature flags.
Flags can be either global or architecture specific.
Signed-off-by: Juergen Gross <jgross@suse.com>
---
V2:
- rename set/reset functions to platform_[set|clear]() (Boris Petkov,
Heiko Carstens)
- move function implementations to c file (Boris Petkov)
---
MAINTAINERS | 8 ++++++++
include/asm-generic/Kbuild | 1 +
include/asm-generic/platform-feature.h | 8 ++++++++
include/linux/platform-feature.h | 15 ++++++++++++++
kernel/Makefile | 2 +-
kernel/platform-feature.c | 27 ++++++++++++++++++++++++++
6 files changed, 60 insertions(+), 1 deletion(-)
create mode 100644 include/asm-generic/platform-feature.h
create mode 100644 include/linux/platform-feature.h
create mode 100644 kernel/platform-feature.c
diff --git a/MAINTAINERS b/MAINTAINERS
index 5e8c2f611766..eb943f089eda 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -15650,6 +15650,14 @@ S: Maintained
F: Documentation/devicetree/bindings/iio/chemical/plantower,pms7003.yaml
F: drivers/iio/chemical/pms7003.c
+PLATFORM FEATURE INFRASTRUCTURE
+M: Juergen Gross <jgross@suse.com>
+S: Maintained
+F: arch/*/include/asm/platform-feature.h
+F: include/asm-generic/platform-feature.h
+F: include/linux/platform-feature.h
+F: kernel/platform-feature.c
+
PLDMFW LIBRARY
M: Jacob Keller <jacob.e.keller@intel.com>
S: Maintained
diff --git a/include/asm-generic/Kbuild b/include/asm-generic/Kbuild
index 302506bbc2a4..8e47d483b524 100644
--- a/include/asm-generic/Kbuild
+++ b/include/asm-generic/Kbuild
@@ -44,6 +44,7 @@ mandatory-y += msi.h
mandatory-y += pci.h
mandatory-y += percpu.h
mandatory-y += pgalloc.h
+mandatory-y += platform-feature.h
mandatory-y += preempt.h
mandatory-y += rwonce.h
mandatory-y += sections.h
diff --git a/include/asm-generic/platform-feature.h b/include/asm-generic/platform-feature.h
new file mode 100644
index 000000000000..4b0af3d51588
--- /dev/null
+++ b/include/asm-generic/platform-feature.h
@@ -0,0 +1,8 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+#ifndef _ASM_GENERIC_PLATFORM_FEATURE_H
+#define _ASM_GENERIC_PLATFORM_FEATURE_H
+
+/* Number of arch specific feature flags. */
+#define PLATFORM_ARCH_FEAT_N 0
+
+#endif /* _ASM_GENERIC_PLATFORM_FEATURE_H */
diff --git a/include/linux/platform-feature.h b/include/linux/platform-feature.h
new file mode 100644
index 000000000000..6ed859928b97
--- /dev/null
+++ b/include/linux/platform-feature.h
@@ -0,0 +1,15 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+#ifndef _PLATFORM_FEATURE_H
+#define _PLATFORM_FEATURE_H
+
+#include <linux/bitops.h>
+#include <asm/platform-feature.h>
+
+/* The platform features are starting with the architecture specific ones. */
+#define PLATFORM_FEAT_N (0 + PLATFORM_ARCH_FEAT_N)
+
+void platform_set(unsigned int feature);
+void platform_clear(unsigned int feature);
+bool platform_has(unsigned int feature);
+
+#endif /* _PLATFORM_FEATURE_H */
diff --git a/kernel/Makefile b/kernel/Makefile
index 847a82bfe0e3..2f412f80110d 100644
--- a/kernel/Makefile
+++ b/kernel/Makefile
@@ -7,7 +7,7 @@ obj-y = fork.o exec_domain.o panic.o \
cpu.o exit.o softirq.o resource.o \
sysctl.o capability.o ptrace.o user.o \
signal.o sys.o umh.o workqueue.o pid.o task_work.o \
- extable.o params.o \
+ extable.o params.o platform-feature.o \
kthread.o sys_ni.o nsproxy.o \
notifier.o ksysfs.o cred.o reboot.o \
async.o range.o smpboot.o ucount.o regset.o
diff --git a/kernel/platform-feature.c b/kernel/platform-feature.c
new file mode 100644
index 000000000000..cb6a6c3e4fed
--- /dev/null
+++ b/kernel/platform-feature.c
@@ -0,0 +1,27 @@
+// SPDX-License-Identifier: GPL-2.0
+
+#include <linux/bitops.h>
+#include <linux/cache.h>
+#include <linux/export.h>
+#include <linux/platform-feature.h>
+
+#define PLATFORM_FEAT_ARRAY_SZ BITS_TO_LONGS(PLATFORM_FEAT_N)
+static unsigned long __read_mostly platform_features[PLATFORM_FEAT_ARRAY_SZ];
+
+void platform_set(unsigned int feature)
+{
+ set_bit(feature, platform_features);
+}
+EXPORT_SYMBOL_GPL(platform_set);
+
+void platform_clear(unsigned int feature)
+{
+ clear_bit(feature, platform_features);
+}
+EXPORT_SYMBOL_GPL(platform_clear);
+
+bool platform_has(unsigned int feature)
+{
+ return test_bit(feature, platform_features);
+}
+EXPORT_SYMBOL_GPL(platform_has);
--
2.34.1
^ permalink raw reply related [flat|nested] 11+ messages in thread
* [PATCH v2 1/2] kernel: add platform_has() infrastructure
@ 2022-04-27 15:33 ` Juergen Gross via Virtualization
0 siblings, 0 replies; 11+ messages in thread
From: Juergen Gross via Virtualization @ 2022-04-27 15:33 UTC (permalink / raw)
To: linux-kernel, linux-arch, x86, linux-s390, linux-hyperv, virtualization
Cc: Michael S. Tsirkin, Peter Zijlstra, Dave Hansen, H. Peter Anvin,
Alexander Gordeev, Wei Liu, Stephen Hemminger, Vasily Gorbik,
Dexuan Cui, Christoph Hellwig, Ingo Molnar, Haiyang Zhang,
Arnd Bergmann, Heiko Carstens, Borislav Petkov, Andy Lutomirski,
Thomas Gleixner, Juergen Gross, Oleksandr Tyshchenko,
Sven Schnelle
Add a simple infrastructure for setting, resetting and querying
platform feature flags.
Flags can be either global or architecture specific.
Signed-off-by: Juergen Gross <jgross@suse.com>
---
V2:
- rename set/reset functions to platform_[set|clear]() (Boris Petkov,
Heiko Carstens)
- move function implementations to c file (Boris Petkov)
---
MAINTAINERS | 8 ++++++++
include/asm-generic/Kbuild | 1 +
include/asm-generic/platform-feature.h | 8 ++++++++
include/linux/platform-feature.h | 15 ++++++++++++++
kernel/Makefile | 2 +-
kernel/platform-feature.c | 27 ++++++++++++++++++++++++++
6 files changed, 60 insertions(+), 1 deletion(-)
create mode 100644 include/asm-generic/platform-feature.h
create mode 100644 include/linux/platform-feature.h
create mode 100644 kernel/platform-feature.c
diff --git a/MAINTAINERS b/MAINTAINERS
index 5e8c2f611766..eb943f089eda 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -15650,6 +15650,14 @@ S: Maintained
F: Documentation/devicetree/bindings/iio/chemical/plantower,pms7003.yaml
F: drivers/iio/chemical/pms7003.c
+PLATFORM FEATURE INFRASTRUCTURE
+M: Juergen Gross <jgross@suse.com>
+S: Maintained
+F: arch/*/include/asm/platform-feature.h
+F: include/asm-generic/platform-feature.h
+F: include/linux/platform-feature.h
+F: kernel/platform-feature.c
+
PLDMFW LIBRARY
M: Jacob Keller <jacob.e.keller@intel.com>
S: Maintained
diff --git a/include/asm-generic/Kbuild b/include/asm-generic/Kbuild
index 302506bbc2a4..8e47d483b524 100644
--- a/include/asm-generic/Kbuild
+++ b/include/asm-generic/Kbuild
@@ -44,6 +44,7 @@ mandatory-y += msi.h
mandatory-y += pci.h
mandatory-y += percpu.h
mandatory-y += pgalloc.h
+mandatory-y += platform-feature.h
mandatory-y += preempt.h
mandatory-y += rwonce.h
mandatory-y += sections.h
diff --git a/include/asm-generic/platform-feature.h b/include/asm-generic/platform-feature.h
new file mode 100644
index 000000000000..4b0af3d51588
--- /dev/null
+++ b/include/asm-generic/platform-feature.h
@@ -0,0 +1,8 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+#ifndef _ASM_GENERIC_PLATFORM_FEATURE_H
+#define _ASM_GENERIC_PLATFORM_FEATURE_H
+
+/* Number of arch specific feature flags. */
+#define PLATFORM_ARCH_FEAT_N 0
+
+#endif /* _ASM_GENERIC_PLATFORM_FEATURE_H */
diff --git a/include/linux/platform-feature.h b/include/linux/platform-feature.h
new file mode 100644
index 000000000000..6ed859928b97
--- /dev/null
+++ b/include/linux/platform-feature.h
@@ -0,0 +1,15 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+#ifndef _PLATFORM_FEATURE_H
+#define _PLATFORM_FEATURE_H
+
+#include <linux/bitops.h>
+#include <asm/platform-feature.h>
+
+/* The platform features are starting with the architecture specific ones. */
+#define PLATFORM_FEAT_N (0 + PLATFORM_ARCH_FEAT_N)
+
+void platform_set(unsigned int feature);
+void platform_clear(unsigned int feature);
+bool platform_has(unsigned int feature);
+
+#endif /* _PLATFORM_FEATURE_H */
diff --git a/kernel/Makefile b/kernel/Makefile
index 847a82bfe0e3..2f412f80110d 100644
--- a/kernel/Makefile
+++ b/kernel/Makefile
@@ -7,7 +7,7 @@ obj-y = fork.o exec_domain.o panic.o \
cpu.o exit.o softirq.o resource.o \
sysctl.o capability.o ptrace.o user.o \
signal.o sys.o umh.o workqueue.o pid.o task_work.o \
- extable.o params.o \
+ extable.o params.o platform-feature.o \
kthread.o sys_ni.o nsproxy.o \
notifier.o ksysfs.o cred.o reboot.o \
async.o range.o smpboot.o ucount.o regset.o
diff --git a/kernel/platform-feature.c b/kernel/platform-feature.c
new file mode 100644
index 000000000000..cb6a6c3e4fed
--- /dev/null
+++ b/kernel/platform-feature.c
@@ -0,0 +1,27 @@
+// SPDX-License-Identifier: GPL-2.0
+
+#include <linux/bitops.h>
+#include <linux/cache.h>
+#include <linux/export.h>
+#include <linux/platform-feature.h>
+
+#define PLATFORM_FEAT_ARRAY_SZ BITS_TO_LONGS(PLATFORM_FEAT_N)
+static unsigned long __read_mostly platform_features[PLATFORM_FEAT_ARRAY_SZ];
+
+void platform_set(unsigned int feature)
+{
+ set_bit(feature, platform_features);
+}
+EXPORT_SYMBOL_GPL(platform_set);
+
+void platform_clear(unsigned int feature)
+{
+ clear_bit(feature, platform_features);
+}
+EXPORT_SYMBOL_GPL(platform_clear);
+
+bool platform_has(unsigned int feature)
+{
+ return test_bit(feature, platform_features);
+}
+EXPORT_SYMBOL_GPL(platform_has);
--
2.34.1
_______________________________________________
Virtualization mailing list
Virtualization@lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/virtualization
^ permalink raw reply related [flat|nested] 11+ messages in thread
* [PATCH v2 2/2] virtio: replace arch_has_restricted_virtio_memory_access()
2022-04-27 15:33 ` Juergen Gross via Virtualization
@ 2022-04-27 15:33 ` Juergen Gross via Virtualization
-1 siblings, 0 replies; 11+ messages in thread
From: Juergen Gross @ 2022-04-27 15:33 UTC (permalink / raw)
To: linux-kernel, linux-arch, x86, linux-s390, linux-hyperv, virtualization
Cc: Juergen Gross, Arnd Bergmann, Heiko Carstens, Vasily Gorbik,
Alexander Gordeev, Christian Borntraeger, Sven Schnelle,
Thomas Gleixner, Ingo Molnar, Borislav Petkov, Dave Hansen,
H. Peter Anvin, K. Y. Srinivasan, Haiyang Zhang,
Stephen Hemminger, Wei Liu, Dexuan Cui, Andy Lutomirski,
Peter Zijlstra, Michael S. Tsirkin, Jason Wang,
Christoph Hellwig, Oleksandr Tyshchenko
Instead of using arch_has_restricted_virtio_memory_access() together
with CONFIG_ARCH_HAS_RESTRICTED_VIRTIO_MEMORY_ACCESS, replace those
with platform_has() and a new platform feature
PLATFORM_VIRTIO_RESTRICTED_MEM_ACCESS.
Signed-off-by: Juergen Gross <jgross@suse.com>
---
V2:
- move setting of PLATFORM_VIRTIO_RESTRICTED_MEM_ACCESS in SEV case
to sev_setup_arch().
---
arch/s390/Kconfig | 1 -
arch/s390/mm/init.c | 13 +++----------
arch/x86/Kconfig | 1 -
arch/x86/kernel/cpu/mshyperv.c | 5 ++++-
arch/x86/mm/mem_encrypt.c | 6 ------
arch/x86/mm/mem_encrypt_amd.c | 4 ++++
drivers/virtio/Kconfig | 6 ------
drivers/virtio/virtio.c | 5 ++---
include/linux/platform-feature.h | 3 ++-
include/linux/virtio_config.h | 9 ---------
10 files changed, 15 insertions(+), 38 deletions(-)
diff --git a/arch/s390/Kconfig b/arch/s390/Kconfig
index e084c72104f8..f97a22ae69a8 100644
--- a/arch/s390/Kconfig
+++ b/arch/s390/Kconfig
@@ -772,7 +772,6 @@ menu "Virtualization"
config PROTECTED_VIRTUALIZATION_GUEST
def_bool n
prompt "Protected virtualization guest support"
- select ARCH_HAS_RESTRICTED_VIRTIO_MEMORY_ACCESS
help
Select this option, if you want to be able to run this
kernel as a protected virtualization KVM guest.
diff --git a/arch/s390/mm/init.c b/arch/s390/mm/init.c
index 86ffd0d51fd5..2c3b451813ed 100644
--- a/arch/s390/mm/init.c
+++ b/arch/s390/mm/init.c
@@ -31,6 +31,7 @@
#include <linux/cma.h>
#include <linux/gfp.h>
#include <linux/dma-direct.h>
+#include <linux/platform-feature.h>
#include <asm/processor.h>
#include <linux/uaccess.h>
#include <asm/pgalloc.h>
@@ -168,22 +169,14 @@ bool force_dma_unencrypted(struct device *dev)
return is_prot_virt_guest();
}
-#ifdef CONFIG_ARCH_HAS_RESTRICTED_VIRTIO_MEMORY_ACCESS
-
-int arch_has_restricted_virtio_memory_access(void)
-{
- return is_prot_virt_guest();
-}
-EXPORT_SYMBOL(arch_has_restricted_virtio_memory_access);
-
-#endif
-
/* protected virtualization */
static void pv_init(void)
{
if (!is_prot_virt_guest())
return;
+ platform_set(PLATFORM_VIRTIO_RESTRICTED_MEM_ACCESS);
+
/* make sure bounce buffers are shared */
swiotlb_force = SWIOTLB_FORCE;
swiotlb_init(1);
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index b0142e01002e..20ac72546ae4 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -1515,7 +1515,6 @@ config X86_CPA_STATISTICS
config X86_MEM_ENCRYPT
select ARCH_HAS_FORCE_DMA_UNENCRYPTED
select DYNAMIC_PHYSICAL_MASK
- select ARCH_HAS_RESTRICTED_VIRTIO_MEMORY_ACCESS
def_bool n
config AMD_MEM_ENCRYPT
diff --git a/arch/x86/kernel/cpu/mshyperv.c b/arch/x86/kernel/cpu/mshyperv.c
index 4b67094215bb..965518b9d14b 100644
--- a/arch/x86/kernel/cpu/mshyperv.c
+++ b/arch/x86/kernel/cpu/mshyperv.c
@@ -19,6 +19,7 @@
#include <linux/i8253.h>
#include <linux/random.h>
#include <linux/swiotlb.h>
+#include <linux/platform-feature.h>
#include <asm/processor.h>
#include <asm/hypervisor.h>
#include <asm/hyperv-tlfs.h>
@@ -347,8 +348,10 @@ static void __init ms_hyperv_init_platform(void)
#endif
/* Isolation VMs are unenlightened SEV-based VMs, thus this check: */
if (IS_ENABLED(CONFIG_AMD_MEM_ENCRYPT)) {
- if (hv_get_isolation_type() != HV_ISOLATION_TYPE_NONE)
+ if (hv_get_isolation_type() != HV_ISOLATION_TYPE_NONE) {
cc_set_vendor(CC_VENDOR_HYPERV);
+ platform_set(PLATFORM_VIRTIO_RESTRICTED_MEM_ACCESS);
+ }
}
}
diff --git a/arch/x86/mm/mem_encrypt.c b/arch/x86/mm/mem_encrypt.c
index 50d209939c66..9b6a7c98b2b1 100644
--- a/arch/x86/mm/mem_encrypt.c
+++ b/arch/x86/mm/mem_encrypt.c
@@ -76,9 +76,3 @@ void __init mem_encrypt_init(void)
print_mem_encrypt_feature_info();
}
-
-int arch_has_restricted_virtio_memory_access(void)
-{
- return cc_platform_has(CC_ATTR_GUEST_MEM_ENCRYPT);
-}
-EXPORT_SYMBOL_GPL(arch_has_restricted_virtio_memory_access);
diff --git a/arch/x86/mm/mem_encrypt_amd.c b/arch/x86/mm/mem_encrypt_amd.c
index 6169053c2854..39b71084d36b 100644
--- a/arch/x86/mm/mem_encrypt_amd.c
+++ b/arch/x86/mm/mem_encrypt_amd.c
@@ -21,6 +21,7 @@
#include <linux/dma-mapping.h>
#include <linux/virtio_config.h>
#include <linux/cc_platform.h>
+#include <linux/platform-feature.h>
#include <asm/tlbflush.h>
#include <asm/fixmap.h>
@@ -206,6 +207,9 @@ void __init sev_setup_arch(void)
size = total_mem * 6 / 100;
size = clamp_val(size, IO_TLB_DEFAULT_SIZE, SZ_1G);
swiotlb_adjust_size(size);
+
+ /* Set restricted memory access for virtio. */
+ platform_set(PLATFORM_VIRTIO_RESTRICTED_MEM_ACCESS);
}
static unsigned long pg_level_to_pfn(int level, pte_t *kpte, pgprot_t *ret_prot)
diff --git a/drivers/virtio/Kconfig b/drivers/virtio/Kconfig
index b5adf6abd241..a6dc8b5846fe 100644
--- a/drivers/virtio/Kconfig
+++ b/drivers/virtio/Kconfig
@@ -6,12 +6,6 @@ config VIRTIO
bus, such as CONFIG_VIRTIO_PCI, CONFIG_VIRTIO_MMIO, CONFIG_RPMSG
or CONFIG_S390_GUEST.
-config ARCH_HAS_RESTRICTED_VIRTIO_MEMORY_ACCESS
- bool
- help
- This option is selected if the architecture may need to enforce
- VIRTIO_F_ACCESS_PLATFORM
-
config VIRTIO_PCI_LIB
tristate
help
diff --git a/drivers/virtio/virtio.c b/drivers/virtio/virtio.c
index 22f15f444f75..371e16b18381 100644
--- a/drivers/virtio/virtio.c
+++ b/drivers/virtio/virtio.c
@@ -5,6 +5,7 @@
#include <linux/module.h>
#include <linux/idr.h>
#include <linux/of.h>
+#include <linux/platform-feature.h>
#include <uapi/linux/virtio_ids.h>
/* Unique numbering for virtio devices. */
@@ -170,12 +171,10 @@ EXPORT_SYMBOL_GPL(virtio_add_status);
static int virtio_features_ok(struct virtio_device *dev)
{
unsigned status;
- int ret;
might_sleep();
- ret = arch_has_restricted_virtio_memory_access();
- if (ret) {
+ if (platform_has(PLATFORM_VIRTIO_RESTRICTED_MEM_ACCESS)) {
if (!virtio_has_feature(dev, VIRTIO_F_VERSION_1)) {
dev_warn(&dev->dev,
"device must provide VIRTIO_F_VERSION_1\n");
diff --git a/include/linux/platform-feature.h b/include/linux/platform-feature.h
index 6ed859928b97..5e2f08554b38 100644
--- a/include/linux/platform-feature.h
+++ b/include/linux/platform-feature.h
@@ -6,7 +6,8 @@
#include <asm/platform-feature.h>
/* The platform features are starting with the architecture specific ones. */
-#define PLATFORM_FEAT_N (0 + PLATFORM_ARCH_FEAT_N)
+#define PLATFORM_VIRTIO_RESTRICTED_MEM_ACCESS (0 + PLATFORM_ARCH_FEAT_N)
+#define PLATFORM_FEAT_N (1 + PLATFORM_ARCH_FEAT_N)
void platform_set(unsigned int feature);
void platform_clear(unsigned int feature);
diff --git a/include/linux/virtio_config.h b/include/linux/virtio_config.h
index b341dd62aa4d..79498298519d 100644
--- a/include/linux/virtio_config.h
+++ b/include/linux/virtio_config.h
@@ -559,13 +559,4 @@ static inline void virtio_cwrite64(struct virtio_device *vdev,
_r; \
})
-#ifdef CONFIG_ARCH_HAS_RESTRICTED_VIRTIO_MEMORY_ACCESS
-int arch_has_restricted_virtio_memory_access(void);
-#else
-static inline int arch_has_restricted_virtio_memory_access(void)
-{
- return 0;
-}
-#endif /* CONFIG_ARCH_HAS_RESTRICTED_VIRTIO_MEMORY_ACCESS */
-
#endif /* _LINUX_VIRTIO_CONFIG_H */
--
2.34.1
^ permalink raw reply related [flat|nested] 11+ messages in thread
* [PATCH v2 2/2] virtio: replace arch_has_restricted_virtio_memory_access()
@ 2022-04-27 15:33 ` Juergen Gross via Virtualization
0 siblings, 0 replies; 11+ messages in thread
From: Juergen Gross via Virtualization @ 2022-04-27 15:33 UTC (permalink / raw)
To: linux-kernel, linux-arch, x86, linux-s390, linux-hyperv, virtualization
Cc: Michael S. Tsirkin, Peter Zijlstra, Dave Hansen, H. Peter Anvin,
Alexander Gordeev, Wei Liu, Stephen Hemminger, Vasily Gorbik,
Dexuan Cui, Christoph Hellwig, Ingo Molnar, Haiyang Zhang,
Arnd Bergmann, Heiko Carstens, Borislav Petkov, Andy Lutomirski,
Thomas Gleixner, Juergen Gross, Oleksandr Tyshchenko,
Sven Schnelle
Instead of using arch_has_restricted_virtio_memory_access() together
with CONFIG_ARCH_HAS_RESTRICTED_VIRTIO_MEMORY_ACCESS, replace those
with platform_has() and a new platform feature
PLATFORM_VIRTIO_RESTRICTED_MEM_ACCESS.
Signed-off-by: Juergen Gross <jgross@suse.com>
---
V2:
- move setting of PLATFORM_VIRTIO_RESTRICTED_MEM_ACCESS in SEV case
to sev_setup_arch().
---
arch/s390/Kconfig | 1 -
arch/s390/mm/init.c | 13 +++----------
arch/x86/Kconfig | 1 -
arch/x86/kernel/cpu/mshyperv.c | 5 ++++-
arch/x86/mm/mem_encrypt.c | 6 ------
arch/x86/mm/mem_encrypt_amd.c | 4 ++++
drivers/virtio/Kconfig | 6 ------
drivers/virtio/virtio.c | 5 ++---
include/linux/platform-feature.h | 3 ++-
include/linux/virtio_config.h | 9 ---------
10 files changed, 15 insertions(+), 38 deletions(-)
diff --git a/arch/s390/Kconfig b/arch/s390/Kconfig
index e084c72104f8..f97a22ae69a8 100644
--- a/arch/s390/Kconfig
+++ b/arch/s390/Kconfig
@@ -772,7 +772,6 @@ menu "Virtualization"
config PROTECTED_VIRTUALIZATION_GUEST
def_bool n
prompt "Protected virtualization guest support"
- select ARCH_HAS_RESTRICTED_VIRTIO_MEMORY_ACCESS
help
Select this option, if you want to be able to run this
kernel as a protected virtualization KVM guest.
diff --git a/arch/s390/mm/init.c b/arch/s390/mm/init.c
index 86ffd0d51fd5..2c3b451813ed 100644
--- a/arch/s390/mm/init.c
+++ b/arch/s390/mm/init.c
@@ -31,6 +31,7 @@
#include <linux/cma.h>
#include <linux/gfp.h>
#include <linux/dma-direct.h>
+#include <linux/platform-feature.h>
#include <asm/processor.h>
#include <linux/uaccess.h>
#include <asm/pgalloc.h>
@@ -168,22 +169,14 @@ bool force_dma_unencrypted(struct device *dev)
return is_prot_virt_guest();
}
-#ifdef CONFIG_ARCH_HAS_RESTRICTED_VIRTIO_MEMORY_ACCESS
-
-int arch_has_restricted_virtio_memory_access(void)
-{
- return is_prot_virt_guest();
-}
-EXPORT_SYMBOL(arch_has_restricted_virtio_memory_access);
-
-#endif
-
/* protected virtualization */
static void pv_init(void)
{
if (!is_prot_virt_guest())
return;
+ platform_set(PLATFORM_VIRTIO_RESTRICTED_MEM_ACCESS);
+
/* make sure bounce buffers are shared */
swiotlb_force = SWIOTLB_FORCE;
swiotlb_init(1);
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index b0142e01002e..20ac72546ae4 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -1515,7 +1515,6 @@ config X86_CPA_STATISTICS
config X86_MEM_ENCRYPT
select ARCH_HAS_FORCE_DMA_UNENCRYPTED
select DYNAMIC_PHYSICAL_MASK
- select ARCH_HAS_RESTRICTED_VIRTIO_MEMORY_ACCESS
def_bool n
config AMD_MEM_ENCRYPT
diff --git a/arch/x86/kernel/cpu/mshyperv.c b/arch/x86/kernel/cpu/mshyperv.c
index 4b67094215bb..965518b9d14b 100644
--- a/arch/x86/kernel/cpu/mshyperv.c
+++ b/arch/x86/kernel/cpu/mshyperv.c
@@ -19,6 +19,7 @@
#include <linux/i8253.h>
#include <linux/random.h>
#include <linux/swiotlb.h>
+#include <linux/platform-feature.h>
#include <asm/processor.h>
#include <asm/hypervisor.h>
#include <asm/hyperv-tlfs.h>
@@ -347,8 +348,10 @@ static void __init ms_hyperv_init_platform(void)
#endif
/* Isolation VMs are unenlightened SEV-based VMs, thus this check: */
if (IS_ENABLED(CONFIG_AMD_MEM_ENCRYPT)) {
- if (hv_get_isolation_type() != HV_ISOLATION_TYPE_NONE)
+ if (hv_get_isolation_type() != HV_ISOLATION_TYPE_NONE) {
cc_set_vendor(CC_VENDOR_HYPERV);
+ platform_set(PLATFORM_VIRTIO_RESTRICTED_MEM_ACCESS);
+ }
}
}
diff --git a/arch/x86/mm/mem_encrypt.c b/arch/x86/mm/mem_encrypt.c
index 50d209939c66..9b6a7c98b2b1 100644
--- a/arch/x86/mm/mem_encrypt.c
+++ b/arch/x86/mm/mem_encrypt.c
@@ -76,9 +76,3 @@ void __init mem_encrypt_init(void)
print_mem_encrypt_feature_info();
}
-
-int arch_has_restricted_virtio_memory_access(void)
-{
- return cc_platform_has(CC_ATTR_GUEST_MEM_ENCRYPT);
-}
-EXPORT_SYMBOL_GPL(arch_has_restricted_virtio_memory_access);
diff --git a/arch/x86/mm/mem_encrypt_amd.c b/arch/x86/mm/mem_encrypt_amd.c
index 6169053c2854..39b71084d36b 100644
--- a/arch/x86/mm/mem_encrypt_amd.c
+++ b/arch/x86/mm/mem_encrypt_amd.c
@@ -21,6 +21,7 @@
#include <linux/dma-mapping.h>
#include <linux/virtio_config.h>
#include <linux/cc_platform.h>
+#include <linux/platform-feature.h>
#include <asm/tlbflush.h>
#include <asm/fixmap.h>
@@ -206,6 +207,9 @@ void __init sev_setup_arch(void)
size = total_mem * 6 / 100;
size = clamp_val(size, IO_TLB_DEFAULT_SIZE, SZ_1G);
swiotlb_adjust_size(size);
+
+ /* Set restricted memory access for virtio. */
+ platform_set(PLATFORM_VIRTIO_RESTRICTED_MEM_ACCESS);
}
static unsigned long pg_level_to_pfn(int level, pte_t *kpte, pgprot_t *ret_prot)
diff --git a/drivers/virtio/Kconfig b/drivers/virtio/Kconfig
index b5adf6abd241..a6dc8b5846fe 100644
--- a/drivers/virtio/Kconfig
+++ b/drivers/virtio/Kconfig
@@ -6,12 +6,6 @@ config VIRTIO
bus, such as CONFIG_VIRTIO_PCI, CONFIG_VIRTIO_MMIO, CONFIG_RPMSG
or CONFIG_S390_GUEST.
-config ARCH_HAS_RESTRICTED_VIRTIO_MEMORY_ACCESS
- bool
- help
- This option is selected if the architecture may need to enforce
- VIRTIO_F_ACCESS_PLATFORM
-
config VIRTIO_PCI_LIB
tristate
help
diff --git a/drivers/virtio/virtio.c b/drivers/virtio/virtio.c
index 22f15f444f75..371e16b18381 100644
--- a/drivers/virtio/virtio.c
+++ b/drivers/virtio/virtio.c
@@ -5,6 +5,7 @@
#include <linux/module.h>
#include <linux/idr.h>
#include <linux/of.h>
+#include <linux/platform-feature.h>
#include <uapi/linux/virtio_ids.h>
/* Unique numbering for virtio devices. */
@@ -170,12 +171,10 @@ EXPORT_SYMBOL_GPL(virtio_add_status);
static int virtio_features_ok(struct virtio_device *dev)
{
unsigned status;
- int ret;
might_sleep();
- ret = arch_has_restricted_virtio_memory_access();
- if (ret) {
+ if (platform_has(PLATFORM_VIRTIO_RESTRICTED_MEM_ACCESS)) {
if (!virtio_has_feature(dev, VIRTIO_F_VERSION_1)) {
dev_warn(&dev->dev,
"device must provide VIRTIO_F_VERSION_1\n");
diff --git a/include/linux/platform-feature.h b/include/linux/platform-feature.h
index 6ed859928b97..5e2f08554b38 100644
--- a/include/linux/platform-feature.h
+++ b/include/linux/platform-feature.h
@@ -6,7 +6,8 @@
#include <asm/platform-feature.h>
/* The platform features are starting with the architecture specific ones. */
-#define PLATFORM_FEAT_N (0 + PLATFORM_ARCH_FEAT_N)
+#define PLATFORM_VIRTIO_RESTRICTED_MEM_ACCESS (0 + PLATFORM_ARCH_FEAT_N)
+#define PLATFORM_FEAT_N (1 + PLATFORM_ARCH_FEAT_N)
void platform_set(unsigned int feature);
void platform_clear(unsigned int feature);
diff --git a/include/linux/virtio_config.h b/include/linux/virtio_config.h
index b341dd62aa4d..79498298519d 100644
--- a/include/linux/virtio_config.h
+++ b/include/linux/virtio_config.h
@@ -559,13 +559,4 @@ static inline void virtio_cwrite64(struct virtio_device *vdev,
_r; \
})
-#ifdef CONFIG_ARCH_HAS_RESTRICTED_VIRTIO_MEMORY_ACCESS
-int arch_has_restricted_virtio_memory_access(void);
-#else
-static inline int arch_has_restricted_virtio_memory_access(void)
-{
- return 0;
-}
-#endif /* CONFIG_ARCH_HAS_RESTRICTED_VIRTIO_MEMORY_ACCESS */
-
#endif /* _LINUX_VIRTIO_CONFIG_H */
--
2.34.1
_______________________________________________
Virtualization mailing list
Virtualization@lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/virtualization
^ permalink raw reply related [flat|nested] 11+ messages in thread
* RE: [PATCH v2 2/2] virtio: replace arch_has_restricted_virtio_memory_access()
2022-04-27 15:33 ` Juergen Gross via Virtualization
@ 2022-04-27 16:30 ` Michael Kelley (LINUX)
-1 siblings, 0 replies; 11+ messages in thread
From: Michael Kelley (LINUX) via Virtualization @ 2022-04-27 16:30 UTC (permalink / raw)
To: Juergen Gross, linux-kernel, linux-arch, x86, linux-s390,
linux-hyperv, virtualization
Cc: Michael S. Tsirkin, Peter Zijlstra, Dave Hansen, H. Peter Anvin,
Alexander Gordeev, Wei Liu, Stephen Hemminger, Vasily Gorbik,
Dexuan Cui, Christoph Hellwig, Ingo Molnar, Haiyang Zhang,
Arnd Bergmann, Heiko Carstens, Borislav Petkov, Andy Lutomirski,
Thomas Gleixner, Oleksandr Tyshchenko, Sven Schnelle
From: Juergen Gross <jgross@suse.com> Sent: Wednesday, April 27, 2022 8:34 AM
>
> Instead of using arch_has_restricted_virtio_memory_access() together
> with CONFIG_ARCH_HAS_RESTRICTED_VIRTIO_MEMORY_ACCESS, replace those
> with platform_has() and a new platform feature
> PLATFORM_VIRTIO_RESTRICTED_MEM_ACCESS.
>
> Signed-off-by: Juergen Gross <jgross@suse.com>
> ---
> V2:
> - move setting of PLATFORM_VIRTIO_RESTRICTED_MEM_ACCESS in SEV case
> to sev_setup_arch().
> ---
> arch/s390/Kconfig | 1 -
> arch/s390/mm/init.c | 13 +++----------
> arch/x86/Kconfig | 1 -
> arch/x86/kernel/cpu/mshyperv.c | 5 ++++-
> arch/x86/mm/mem_encrypt.c | 6 ------
> arch/x86/mm/mem_encrypt_amd.c | 4 ++++
> drivers/virtio/Kconfig | 6 ------
> drivers/virtio/virtio.c | 5 ++---
> include/linux/platform-feature.h | 3 ++-
> include/linux/virtio_config.h | 9 ---------
> 10 files changed, 15 insertions(+), 38 deletions(-)
>
> diff --git a/arch/s390/Kconfig b/arch/s390/Kconfig
> index e084c72104f8..f97a22ae69a8 100644
> --- a/arch/s390/Kconfig
> +++ b/arch/s390/Kconfig
> @@ -772,7 +772,6 @@ menu "Virtualization"
> config PROTECTED_VIRTUALIZATION_GUEST
> def_bool n
> prompt "Protected virtualization guest support"
> - select ARCH_HAS_RESTRICTED_VIRTIO_MEMORY_ACCESS
> help
> Select this option, if you want to be able to run this
> kernel as a protected virtualization KVM guest.
> diff --git a/arch/s390/mm/init.c b/arch/s390/mm/init.c
> index 86ffd0d51fd5..2c3b451813ed 100644
> --- a/arch/s390/mm/init.c
> +++ b/arch/s390/mm/init.c
> @@ -31,6 +31,7 @@
> #include <linux/cma.h>
> #include <linux/gfp.h>
> #include <linux/dma-direct.h>
> +#include <linux/platform-feature.h>
> #include <asm/processor.h>
> #include <linux/uaccess.h>
> #include <asm/pgalloc.h>
> @@ -168,22 +169,14 @@ bool force_dma_unencrypted(struct device *dev)
> return is_prot_virt_guest();
> }
>
> -#ifdef CONFIG_ARCH_HAS_RESTRICTED_VIRTIO_MEMORY_ACCESS
> -
> -int arch_has_restricted_virtio_memory_access(void)
> -{
> - return is_prot_virt_guest();
> -}
> -EXPORT_SYMBOL(arch_has_restricted_virtio_memory_access);
> -
> -#endif
> -
> /* protected virtualization */
> static void pv_init(void)
> {
> if (!is_prot_virt_guest())
> return;
>
> + platform_set(PLATFORM_VIRTIO_RESTRICTED_MEM_ACCESS);
> +
> /* make sure bounce buffers are shared */
> swiotlb_force = SWIOTLB_FORCE;
> swiotlb_init(1);
> diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
> index b0142e01002e..20ac72546ae4 100644
> --- a/arch/x86/Kconfig
> +++ b/arch/x86/Kconfig
> @@ -1515,7 +1515,6 @@ config X86_CPA_STATISTICS
> config X86_MEM_ENCRYPT
> select ARCH_HAS_FORCE_DMA_UNENCRYPTED
> select DYNAMIC_PHYSICAL_MASK
> - select ARCH_HAS_RESTRICTED_VIRTIO_MEMORY_ACCESS
> def_bool n
>
> config AMD_MEM_ENCRYPT
> diff --git a/arch/x86/kernel/cpu/mshyperv.c b/arch/x86/kernel/cpu/mshyperv.c
> index 4b67094215bb..965518b9d14b 100644
> --- a/arch/x86/kernel/cpu/mshyperv.c
> +++ b/arch/x86/kernel/cpu/mshyperv.c
> @@ -19,6 +19,7 @@
> #include <linux/i8253.h>
> #include <linux/random.h>
> #include <linux/swiotlb.h>
> +#include <linux/platform-feature.h>
> #include <asm/processor.h>
> #include <asm/hypervisor.h>
> #include <asm/hyperv-tlfs.h>
> @@ -347,8 +348,10 @@ static void __init ms_hyperv_init_platform(void)
> #endif
> /* Isolation VMs are unenlightened SEV-based VMs, thus this check: */
> if (IS_ENABLED(CONFIG_AMD_MEM_ENCRYPT)) {
> - if (hv_get_isolation_type() != HV_ISOLATION_TYPE_NONE)
> + if (hv_get_isolation_type() != HV_ISOLATION_TYPE_NONE) {
> cc_set_vendor(CC_VENDOR_HYPERV);
> +
> platform_set(PLATFORM_VIRTIO_RESTRICTED_MEM_ACCESS);
> + }
> }
> }
>
Unless I'm misunderstanding something, the Hyper-V specific change isn't
needed. Hyper-V doesn't support virtio in the first place, so it's a bit
unexpected be setting a virtio-related flag in Hyper-V code. Also, Hyper-V
guests call sev_setup_arch() with CC_ATTR_GUEST_MEM_ENCRYPT set,
so this virtio-related flag will get set anyway via that path.
Michael
> diff --git a/arch/x86/mm/mem_encrypt.c b/arch/x86/mm/mem_encrypt.c
> index 50d209939c66..9b6a7c98b2b1 100644
> --- a/arch/x86/mm/mem_encrypt.c
> +++ b/arch/x86/mm/mem_encrypt.c
> @@ -76,9 +76,3 @@ void __init mem_encrypt_init(void)
>
> print_mem_encrypt_feature_info();
> }
> -
> -int arch_has_restricted_virtio_memory_access(void)
> -{
> - return cc_platform_has(CC_ATTR_GUEST_MEM_ENCRYPT);
> -}
> -EXPORT_SYMBOL_GPL(arch_has_restricted_virtio_memory_access);
> diff --git a/arch/x86/mm/mem_encrypt_amd.c b/arch/x86/mm/mem_encrypt_amd.c
> index 6169053c2854..39b71084d36b 100644
> --- a/arch/x86/mm/mem_encrypt_amd.c
> +++ b/arch/x86/mm/mem_encrypt_amd.c
> @@ -21,6 +21,7 @@
> #include <linux/dma-mapping.h>
> #include <linux/virtio_config.h>
> #include <linux/cc_platform.h>
> +#include <linux/platform-feature.h>
>
> #include <asm/tlbflush.h>
> #include <asm/fixmap.h>
> @@ -206,6 +207,9 @@ void __init sev_setup_arch(void)
> size = total_mem * 6 / 100;
> size = clamp_val(size, IO_TLB_DEFAULT_SIZE, SZ_1G);
> swiotlb_adjust_size(size);
> +
> + /* Set restricted memory access for virtio. */
> + platform_set(PLATFORM_VIRTIO_RESTRICTED_MEM_ACCESS);
> }
>
> static unsigned long pg_level_to_pfn(int level, pte_t *kpte, pgprot_t *ret_prot)
> diff --git a/drivers/virtio/Kconfig b/drivers/virtio/Kconfig
> index b5adf6abd241..a6dc8b5846fe 100644
> --- a/drivers/virtio/Kconfig
> +++ b/drivers/virtio/Kconfig
> @@ -6,12 +6,6 @@ config VIRTIO
> bus, such as CONFIG_VIRTIO_PCI, CONFIG_VIRTIO_MMIO, CONFIG_RPMSG
> or CONFIG_S390_GUEST.
>
> -config ARCH_HAS_RESTRICTED_VIRTIO_MEMORY_ACCESS
> - bool
> - help
> - This option is selected if the architecture may need to enforce
> - VIRTIO_F_ACCESS_PLATFORM
> -
> config VIRTIO_PCI_LIB
> tristate
> help
> diff --git a/drivers/virtio/virtio.c b/drivers/virtio/virtio.c
> index 22f15f444f75..371e16b18381 100644
> --- a/drivers/virtio/virtio.c
> +++ b/drivers/virtio/virtio.c
> @@ -5,6 +5,7 @@
> #include <linux/module.h>
> #include <linux/idr.h>
> #include <linux/of.h>
> +#include <linux/platform-feature.h>
> #include <uapi/linux/virtio_ids.h>
>
> /* Unique numbering for virtio devices. */
> @@ -170,12 +171,10 @@ EXPORT_SYMBOL_GPL(virtio_add_status);
> static int virtio_features_ok(struct virtio_device *dev)
> {
> unsigned status;
> - int ret;
>
> might_sleep();
>
> - ret = arch_has_restricted_virtio_memory_access();
> - if (ret) {
> + if (platform_has(PLATFORM_VIRTIO_RESTRICTED_MEM_ACCESS)) {
> if (!virtio_has_feature(dev, VIRTIO_F_VERSION_1)) {
> dev_warn(&dev->dev,
> "device must provide VIRTIO_F_VERSION_1\n");
> diff --git a/include/linux/platform-feature.h b/include/linux/platform-feature.h
> index 6ed859928b97..5e2f08554b38 100644
> --- a/include/linux/platform-feature.h
> +++ b/include/linux/platform-feature.h
> @@ -6,7 +6,8 @@
> #include <asm/platform-feature.h>
>
> /* The platform features are starting with the architecture specific ones. */
> -#define PLATFORM_FEAT_N (0 +
> PLATFORM_ARCH_FEAT_N)
> +#define PLATFORM_VIRTIO_RESTRICTED_MEM_ACCESS (0 +
> PLATFORM_ARCH_FEAT_N)
> +#define PLATFORM_FEAT_N (1 +
> PLATFORM_ARCH_FEAT_N)
>
> void platform_set(unsigned int feature);
> void platform_clear(unsigned int feature);
> diff --git a/include/linux/virtio_config.h b/include/linux/virtio_config.h
> index b341dd62aa4d..79498298519d 100644
> --- a/include/linux/virtio_config.h
> +++ b/include/linux/virtio_config.h
> @@ -559,13 +559,4 @@ static inline void virtio_cwrite64(struct virtio_device *vdev,
> _r; \
> })
>
> -#ifdef CONFIG_ARCH_HAS_RESTRICTED_VIRTIO_MEMORY_ACCESS
> -int arch_has_restricted_virtio_memory_access(void);
> -#else
> -static inline int arch_has_restricted_virtio_memory_access(void)
> -{
> - return 0;
> -}
> -#endif /* CONFIG_ARCH_HAS_RESTRICTED_VIRTIO_MEMORY_ACCESS */
> -
> #endif /* _LINUX_VIRTIO_CONFIG_H */
> --
> 2.34.1
_______________________________________________
Virtualization mailing list
Virtualization@lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/virtualization
^ permalink raw reply [flat|nested] 11+ messages in thread
* RE: [PATCH v2 2/2] virtio: replace arch_has_restricted_virtio_memory_access()
@ 2022-04-27 16:30 ` Michael Kelley (LINUX)
0 siblings, 0 replies; 11+ messages in thread
From: Michael Kelley (LINUX) @ 2022-04-27 16:30 UTC (permalink / raw)
To: Juergen Gross, linux-kernel, linux-arch, x86, linux-s390,
linux-hyperv, virtualization
Cc: Arnd Bergmann, Heiko Carstens, Vasily Gorbik, Alexander Gordeev,
Christian Borntraeger, Sven Schnelle, Thomas Gleixner,
Ingo Molnar, Borislav Petkov, Dave Hansen, H. Peter Anvin,
KY Srinivasan, Haiyang Zhang, Stephen Hemminger, Wei Liu,
Dexuan Cui, Andy Lutomirski, Peter Zijlstra, Michael S. Tsirkin,
Jason Wang, Christoph Hellwig, Oleksandr Tyshchenko
From: Juergen Gross <jgross@suse.com> Sent: Wednesday, April 27, 2022 8:34 AM
>
> Instead of using arch_has_restricted_virtio_memory_access() together
> with CONFIG_ARCH_HAS_RESTRICTED_VIRTIO_MEMORY_ACCESS, replace those
> with platform_has() and a new platform feature
> PLATFORM_VIRTIO_RESTRICTED_MEM_ACCESS.
>
> Signed-off-by: Juergen Gross <jgross@suse.com>
> ---
> V2:
> - move setting of PLATFORM_VIRTIO_RESTRICTED_MEM_ACCESS in SEV case
> to sev_setup_arch().
> ---
> arch/s390/Kconfig | 1 -
> arch/s390/mm/init.c | 13 +++----------
> arch/x86/Kconfig | 1 -
> arch/x86/kernel/cpu/mshyperv.c | 5 ++++-
> arch/x86/mm/mem_encrypt.c | 6 ------
> arch/x86/mm/mem_encrypt_amd.c | 4 ++++
> drivers/virtio/Kconfig | 6 ------
> drivers/virtio/virtio.c | 5 ++---
> include/linux/platform-feature.h | 3 ++-
> include/linux/virtio_config.h | 9 ---------
> 10 files changed, 15 insertions(+), 38 deletions(-)
>
> diff --git a/arch/s390/Kconfig b/arch/s390/Kconfig
> index e084c72104f8..f97a22ae69a8 100644
> --- a/arch/s390/Kconfig
> +++ b/arch/s390/Kconfig
> @@ -772,7 +772,6 @@ menu "Virtualization"
> config PROTECTED_VIRTUALIZATION_GUEST
> def_bool n
> prompt "Protected virtualization guest support"
> - select ARCH_HAS_RESTRICTED_VIRTIO_MEMORY_ACCESS
> help
> Select this option, if you want to be able to run this
> kernel as a protected virtualization KVM guest.
> diff --git a/arch/s390/mm/init.c b/arch/s390/mm/init.c
> index 86ffd0d51fd5..2c3b451813ed 100644
> --- a/arch/s390/mm/init.c
> +++ b/arch/s390/mm/init.c
> @@ -31,6 +31,7 @@
> #include <linux/cma.h>
> #include <linux/gfp.h>
> #include <linux/dma-direct.h>
> +#include <linux/platform-feature.h>
> #include <asm/processor.h>
> #include <linux/uaccess.h>
> #include <asm/pgalloc.h>
> @@ -168,22 +169,14 @@ bool force_dma_unencrypted(struct device *dev)
> return is_prot_virt_guest();
> }
>
> -#ifdef CONFIG_ARCH_HAS_RESTRICTED_VIRTIO_MEMORY_ACCESS
> -
> -int arch_has_restricted_virtio_memory_access(void)
> -{
> - return is_prot_virt_guest();
> -}
> -EXPORT_SYMBOL(arch_has_restricted_virtio_memory_access);
> -
> -#endif
> -
> /* protected virtualization */
> static void pv_init(void)
> {
> if (!is_prot_virt_guest())
> return;
>
> + platform_set(PLATFORM_VIRTIO_RESTRICTED_MEM_ACCESS);
> +
> /* make sure bounce buffers are shared */
> swiotlb_force = SWIOTLB_FORCE;
> swiotlb_init(1);
> diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
> index b0142e01002e..20ac72546ae4 100644
> --- a/arch/x86/Kconfig
> +++ b/arch/x86/Kconfig
> @@ -1515,7 +1515,6 @@ config X86_CPA_STATISTICS
> config X86_MEM_ENCRYPT
> select ARCH_HAS_FORCE_DMA_UNENCRYPTED
> select DYNAMIC_PHYSICAL_MASK
> - select ARCH_HAS_RESTRICTED_VIRTIO_MEMORY_ACCESS
> def_bool n
>
> config AMD_MEM_ENCRYPT
> diff --git a/arch/x86/kernel/cpu/mshyperv.c b/arch/x86/kernel/cpu/mshyperv.c
> index 4b67094215bb..965518b9d14b 100644
> --- a/arch/x86/kernel/cpu/mshyperv.c
> +++ b/arch/x86/kernel/cpu/mshyperv.c
> @@ -19,6 +19,7 @@
> #include <linux/i8253.h>
> #include <linux/random.h>
> #include <linux/swiotlb.h>
> +#include <linux/platform-feature.h>
> #include <asm/processor.h>
> #include <asm/hypervisor.h>
> #include <asm/hyperv-tlfs.h>
> @@ -347,8 +348,10 @@ static void __init ms_hyperv_init_platform(void)
> #endif
> /* Isolation VMs are unenlightened SEV-based VMs, thus this check: */
> if (IS_ENABLED(CONFIG_AMD_MEM_ENCRYPT)) {
> - if (hv_get_isolation_type() != HV_ISOLATION_TYPE_NONE)
> + if (hv_get_isolation_type() != HV_ISOLATION_TYPE_NONE) {
> cc_set_vendor(CC_VENDOR_HYPERV);
> +
> platform_set(PLATFORM_VIRTIO_RESTRICTED_MEM_ACCESS);
> + }
> }
> }
>
Unless I'm misunderstanding something, the Hyper-V specific change isn't
needed. Hyper-V doesn't support virtio in the first place, so it's a bit
unexpected be setting a virtio-related flag in Hyper-V code. Also, Hyper-V
guests call sev_setup_arch() with CC_ATTR_GUEST_MEM_ENCRYPT set,
so this virtio-related flag will get set anyway via that path.
Michael
> diff --git a/arch/x86/mm/mem_encrypt.c b/arch/x86/mm/mem_encrypt.c
> index 50d209939c66..9b6a7c98b2b1 100644
> --- a/arch/x86/mm/mem_encrypt.c
> +++ b/arch/x86/mm/mem_encrypt.c
> @@ -76,9 +76,3 @@ void __init mem_encrypt_init(void)
>
> print_mem_encrypt_feature_info();
> }
> -
> -int arch_has_restricted_virtio_memory_access(void)
> -{
> - return cc_platform_has(CC_ATTR_GUEST_MEM_ENCRYPT);
> -}
> -EXPORT_SYMBOL_GPL(arch_has_restricted_virtio_memory_access);
> diff --git a/arch/x86/mm/mem_encrypt_amd.c b/arch/x86/mm/mem_encrypt_amd.c
> index 6169053c2854..39b71084d36b 100644
> --- a/arch/x86/mm/mem_encrypt_amd.c
> +++ b/arch/x86/mm/mem_encrypt_amd.c
> @@ -21,6 +21,7 @@
> #include <linux/dma-mapping.h>
> #include <linux/virtio_config.h>
> #include <linux/cc_platform.h>
> +#include <linux/platform-feature.h>
>
> #include <asm/tlbflush.h>
> #include <asm/fixmap.h>
> @@ -206,6 +207,9 @@ void __init sev_setup_arch(void)
> size = total_mem * 6 / 100;
> size = clamp_val(size, IO_TLB_DEFAULT_SIZE, SZ_1G);
> swiotlb_adjust_size(size);
> +
> + /* Set restricted memory access for virtio. */
> + platform_set(PLATFORM_VIRTIO_RESTRICTED_MEM_ACCESS);
> }
>
> static unsigned long pg_level_to_pfn(int level, pte_t *kpte, pgprot_t *ret_prot)
> diff --git a/drivers/virtio/Kconfig b/drivers/virtio/Kconfig
> index b5adf6abd241..a6dc8b5846fe 100644
> --- a/drivers/virtio/Kconfig
> +++ b/drivers/virtio/Kconfig
> @@ -6,12 +6,6 @@ config VIRTIO
> bus, such as CONFIG_VIRTIO_PCI, CONFIG_VIRTIO_MMIO, CONFIG_RPMSG
> or CONFIG_S390_GUEST.
>
> -config ARCH_HAS_RESTRICTED_VIRTIO_MEMORY_ACCESS
> - bool
> - help
> - This option is selected if the architecture may need to enforce
> - VIRTIO_F_ACCESS_PLATFORM
> -
> config VIRTIO_PCI_LIB
> tristate
> help
> diff --git a/drivers/virtio/virtio.c b/drivers/virtio/virtio.c
> index 22f15f444f75..371e16b18381 100644
> --- a/drivers/virtio/virtio.c
> +++ b/drivers/virtio/virtio.c
> @@ -5,6 +5,7 @@
> #include <linux/module.h>
> #include <linux/idr.h>
> #include <linux/of.h>
> +#include <linux/platform-feature.h>
> #include <uapi/linux/virtio_ids.h>
>
> /* Unique numbering for virtio devices. */
> @@ -170,12 +171,10 @@ EXPORT_SYMBOL_GPL(virtio_add_status);
> static int virtio_features_ok(struct virtio_device *dev)
> {
> unsigned status;
> - int ret;
>
> might_sleep();
>
> - ret = arch_has_restricted_virtio_memory_access();
> - if (ret) {
> + if (platform_has(PLATFORM_VIRTIO_RESTRICTED_MEM_ACCESS)) {
> if (!virtio_has_feature(dev, VIRTIO_F_VERSION_1)) {
> dev_warn(&dev->dev,
> "device must provide VIRTIO_F_VERSION_1\n");
> diff --git a/include/linux/platform-feature.h b/include/linux/platform-feature.h
> index 6ed859928b97..5e2f08554b38 100644
> --- a/include/linux/platform-feature.h
> +++ b/include/linux/platform-feature.h
> @@ -6,7 +6,8 @@
> #include <asm/platform-feature.h>
>
> /* The platform features are starting with the architecture specific ones. */
> -#define PLATFORM_FEAT_N (0 +
> PLATFORM_ARCH_FEAT_N)
> +#define PLATFORM_VIRTIO_RESTRICTED_MEM_ACCESS (0 +
> PLATFORM_ARCH_FEAT_N)
> +#define PLATFORM_FEAT_N (1 +
> PLATFORM_ARCH_FEAT_N)
>
> void platform_set(unsigned int feature);
> void platform_clear(unsigned int feature);
> diff --git a/include/linux/virtio_config.h b/include/linux/virtio_config.h
> index b341dd62aa4d..79498298519d 100644
> --- a/include/linux/virtio_config.h
> +++ b/include/linux/virtio_config.h
> @@ -559,13 +559,4 @@ static inline void virtio_cwrite64(struct virtio_device *vdev,
> _r; \
> })
>
> -#ifdef CONFIG_ARCH_HAS_RESTRICTED_VIRTIO_MEMORY_ACCESS
> -int arch_has_restricted_virtio_memory_access(void);
> -#else
> -static inline int arch_has_restricted_virtio_memory_access(void)
> -{
> - return 0;
> -}
> -#endif /* CONFIG_ARCH_HAS_RESTRICTED_VIRTIO_MEMORY_ACCESS */
> -
> #endif /* _LINUX_VIRTIO_CONFIG_H */
> --
> 2.34.1
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH v2 2/2] virtio: replace arch_has_restricted_virtio_memory_access()
2022-04-27 16:30 ` Michael Kelley (LINUX)
@ 2022-04-27 18:36 ` Juergen Gross
-1 siblings, 0 replies; 11+ messages in thread
From: Juergen Gross via Virtualization @ 2022-04-27 18:36 UTC (permalink / raw)
To: Michael Kelley (LINUX),
linux-kernel, linux-arch, x86, linux-s390, linux-hyperv,
virtualization
Cc: Michael S. Tsirkin, Peter Zijlstra, Dave Hansen, H. Peter Anvin,
Alexander Gordeev, Wei Liu, Stephen Hemminger, Vasily Gorbik,
Dexuan Cui, Christoph Hellwig, Ingo Molnar, Haiyang Zhang,
Arnd Bergmann, Heiko Carstens, Borislav Petkov, Andy Lutomirski,
Thomas Gleixner, Oleksandr Tyshchenko, Sven Schnelle
[-- Attachment #1.1.1.1: Type: text/plain, Size: 4523 bytes --]
On 27.04.22 18:30, Michael Kelley (LINUX) wrote:
> From: Juergen Gross <jgross@suse.com> Sent: Wednesday, April 27, 2022 8:34 AM
>>
>> Instead of using arch_has_restricted_virtio_memory_access() together
>> with CONFIG_ARCH_HAS_RESTRICTED_VIRTIO_MEMORY_ACCESS, replace those
>> with platform_has() and a new platform feature
>> PLATFORM_VIRTIO_RESTRICTED_MEM_ACCESS.
>>
>> Signed-off-by: Juergen Gross <jgross@suse.com>
>> ---
>> V2:
>> - move setting of PLATFORM_VIRTIO_RESTRICTED_MEM_ACCESS in SEV case
>> to sev_setup_arch().
>> ---
>> arch/s390/Kconfig | 1 -
>> arch/s390/mm/init.c | 13 +++----------
>> arch/x86/Kconfig | 1 -
>> arch/x86/kernel/cpu/mshyperv.c | 5 ++++-
>> arch/x86/mm/mem_encrypt.c | 6 ------
>> arch/x86/mm/mem_encrypt_amd.c | 4 ++++
>> drivers/virtio/Kconfig | 6 ------
>> drivers/virtio/virtio.c | 5 ++---
>> include/linux/platform-feature.h | 3 ++-
>> include/linux/virtio_config.h | 9 ---------
>> 10 files changed, 15 insertions(+), 38 deletions(-)
>>
>> diff --git a/arch/s390/Kconfig b/arch/s390/Kconfig
>> index e084c72104f8..f97a22ae69a8 100644
>> --- a/arch/s390/Kconfig
>> +++ b/arch/s390/Kconfig
>> @@ -772,7 +772,6 @@ menu "Virtualization"
>> config PROTECTED_VIRTUALIZATION_GUEST
>> def_bool n
>> prompt "Protected virtualization guest support"
>> - select ARCH_HAS_RESTRICTED_VIRTIO_MEMORY_ACCESS
>> help
>> Select this option, if you want to be able to run this
>> kernel as a protected virtualization KVM guest.
>> diff --git a/arch/s390/mm/init.c b/arch/s390/mm/init.c
>> index 86ffd0d51fd5..2c3b451813ed 100644
>> --- a/arch/s390/mm/init.c
>> +++ b/arch/s390/mm/init.c
>> @@ -31,6 +31,7 @@
>> #include <linux/cma.h>
>> #include <linux/gfp.h>
>> #include <linux/dma-direct.h>
>> +#include <linux/platform-feature.h>
>> #include <asm/processor.h>
>> #include <linux/uaccess.h>
>> #include <asm/pgalloc.h>
>> @@ -168,22 +169,14 @@ bool force_dma_unencrypted(struct device *dev)
>> return is_prot_virt_guest();
>> }
>>
>> -#ifdef CONFIG_ARCH_HAS_RESTRICTED_VIRTIO_MEMORY_ACCESS
>> -
>> -int arch_has_restricted_virtio_memory_access(void)
>> -{
>> - return is_prot_virt_guest();
>> -}
>> -EXPORT_SYMBOL(arch_has_restricted_virtio_memory_access);
>> -
>> -#endif
>> -
>> /* protected virtualization */
>> static void pv_init(void)
>> {
>> if (!is_prot_virt_guest())
>> return;
>>
>> + platform_set(PLATFORM_VIRTIO_RESTRICTED_MEM_ACCESS);
>> +
>> /* make sure bounce buffers are shared */
>> swiotlb_force = SWIOTLB_FORCE;
>> swiotlb_init(1);
>> diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
>> index b0142e01002e..20ac72546ae4 100644
>> --- a/arch/x86/Kconfig
>> +++ b/arch/x86/Kconfig
>> @@ -1515,7 +1515,6 @@ config X86_CPA_STATISTICS
>> config X86_MEM_ENCRYPT
>> select ARCH_HAS_FORCE_DMA_UNENCRYPTED
>> select DYNAMIC_PHYSICAL_MASK
>> - select ARCH_HAS_RESTRICTED_VIRTIO_MEMORY_ACCESS
>> def_bool n
>>
>> config AMD_MEM_ENCRYPT
>> diff --git a/arch/x86/kernel/cpu/mshyperv.c b/arch/x86/kernel/cpu/mshyperv.c
>> index 4b67094215bb..965518b9d14b 100644
>> --- a/arch/x86/kernel/cpu/mshyperv.c
>> +++ b/arch/x86/kernel/cpu/mshyperv.c
>> @@ -19,6 +19,7 @@
>> #include <linux/i8253.h>
>> #include <linux/random.h>
>> #include <linux/swiotlb.h>
>> +#include <linux/platform-feature.h>
>> #include <asm/processor.h>
>> #include <asm/hypervisor.h>
>> #include <asm/hyperv-tlfs.h>
>> @@ -347,8 +348,10 @@ static void __init ms_hyperv_init_platform(void)
>> #endif
>> /* Isolation VMs are unenlightened SEV-based VMs, thus this check: */
>> if (IS_ENABLED(CONFIG_AMD_MEM_ENCRYPT)) {
>> - if (hv_get_isolation_type() != HV_ISOLATION_TYPE_NONE)
>> + if (hv_get_isolation_type() != HV_ISOLATION_TYPE_NONE) {
>> cc_set_vendor(CC_VENDOR_HYPERV);
>> +
>> platform_set(PLATFORM_VIRTIO_RESTRICTED_MEM_ACCESS);
>> + }
>> }
>> }
>>
>
> Unless I'm misunderstanding something, the Hyper-V specific change isn't
> needed. Hyper-V doesn't support virtio in the first place, so it's a bit
> unexpected be setting a virtio-related flag in Hyper-V code. Also, Hyper-V
> guests call sev_setup_arch() with CC_ATTR_GUEST_MEM_ENCRYPT set,
> so this virtio-related flag will get set anyway via that path.
Okay, thanks. Will drop that chunk then.
Juergen
[-- Attachment #1.1.1.2: OpenPGP public key --]
[-- Type: application/pgp-keys, Size: 3149 bytes --]
[-- Attachment #1.2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 495 bytes --]
[-- Attachment #2: Type: text/plain, Size: 183 bytes --]
_______________________________________________
Virtualization mailing list
Virtualization@lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/virtualization
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH v2 2/2] virtio: replace arch_has_restricted_virtio_memory_access()
@ 2022-04-27 18:36 ` Juergen Gross
0 siblings, 0 replies; 11+ messages in thread
From: Juergen Gross @ 2022-04-27 18:36 UTC (permalink / raw)
To: Michael Kelley (LINUX),
linux-kernel, linux-arch, x86, linux-s390, linux-hyperv,
virtualization
Cc: Arnd Bergmann, Heiko Carstens, Vasily Gorbik, Alexander Gordeev,
Christian Borntraeger, Sven Schnelle, Thomas Gleixner,
Ingo Molnar, Borislav Petkov, Dave Hansen, H. Peter Anvin,
KY Srinivasan, Haiyang Zhang, Stephen Hemminger, Wei Liu,
Dexuan Cui, Andy Lutomirski, Peter Zijlstra, Michael S. Tsirkin,
Jason Wang, Christoph Hellwig, Oleksandr Tyshchenko
[-- Attachment #1.1.1: Type: text/plain, Size: 4523 bytes --]
On 27.04.22 18:30, Michael Kelley (LINUX) wrote:
> From: Juergen Gross <jgross@suse.com> Sent: Wednesday, April 27, 2022 8:34 AM
>>
>> Instead of using arch_has_restricted_virtio_memory_access() together
>> with CONFIG_ARCH_HAS_RESTRICTED_VIRTIO_MEMORY_ACCESS, replace those
>> with platform_has() and a new platform feature
>> PLATFORM_VIRTIO_RESTRICTED_MEM_ACCESS.
>>
>> Signed-off-by: Juergen Gross <jgross@suse.com>
>> ---
>> V2:
>> - move setting of PLATFORM_VIRTIO_RESTRICTED_MEM_ACCESS in SEV case
>> to sev_setup_arch().
>> ---
>> arch/s390/Kconfig | 1 -
>> arch/s390/mm/init.c | 13 +++----------
>> arch/x86/Kconfig | 1 -
>> arch/x86/kernel/cpu/mshyperv.c | 5 ++++-
>> arch/x86/mm/mem_encrypt.c | 6 ------
>> arch/x86/mm/mem_encrypt_amd.c | 4 ++++
>> drivers/virtio/Kconfig | 6 ------
>> drivers/virtio/virtio.c | 5 ++---
>> include/linux/platform-feature.h | 3 ++-
>> include/linux/virtio_config.h | 9 ---------
>> 10 files changed, 15 insertions(+), 38 deletions(-)
>>
>> diff --git a/arch/s390/Kconfig b/arch/s390/Kconfig
>> index e084c72104f8..f97a22ae69a8 100644
>> --- a/arch/s390/Kconfig
>> +++ b/arch/s390/Kconfig
>> @@ -772,7 +772,6 @@ menu "Virtualization"
>> config PROTECTED_VIRTUALIZATION_GUEST
>> def_bool n
>> prompt "Protected virtualization guest support"
>> - select ARCH_HAS_RESTRICTED_VIRTIO_MEMORY_ACCESS
>> help
>> Select this option, if you want to be able to run this
>> kernel as a protected virtualization KVM guest.
>> diff --git a/arch/s390/mm/init.c b/arch/s390/mm/init.c
>> index 86ffd0d51fd5..2c3b451813ed 100644
>> --- a/arch/s390/mm/init.c
>> +++ b/arch/s390/mm/init.c
>> @@ -31,6 +31,7 @@
>> #include <linux/cma.h>
>> #include <linux/gfp.h>
>> #include <linux/dma-direct.h>
>> +#include <linux/platform-feature.h>
>> #include <asm/processor.h>
>> #include <linux/uaccess.h>
>> #include <asm/pgalloc.h>
>> @@ -168,22 +169,14 @@ bool force_dma_unencrypted(struct device *dev)
>> return is_prot_virt_guest();
>> }
>>
>> -#ifdef CONFIG_ARCH_HAS_RESTRICTED_VIRTIO_MEMORY_ACCESS
>> -
>> -int arch_has_restricted_virtio_memory_access(void)
>> -{
>> - return is_prot_virt_guest();
>> -}
>> -EXPORT_SYMBOL(arch_has_restricted_virtio_memory_access);
>> -
>> -#endif
>> -
>> /* protected virtualization */
>> static void pv_init(void)
>> {
>> if (!is_prot_virt_guest())
>> return;
>>
>> + platform_set(PLATFORM_VIRTIO_RESTRICTED_MEM_ACCESS);
>> +
>> /* make sure bounce buffers are shared */
>> swiotlb_force = SWIOTLB_FORCE;
>> swiotlb_init(1);
>> diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
>> index b0142e01002e..20ac72546ae4 100644
>> --- a/arch/x86/Kconfig
>> +++ b/arch/x86/Kconfig
>> @@ -1515,7 +1515,6 @@ config X86_CPA_STATISTICS
>> config X86_MEM_ENCRYPT
>> select ARCH_HAS_FORCE_DMA_UNENCRYPTED
>> select DYNAMIC_PHYSICAL_MASK
>> - select ARCH_HAS_RESTRICTED_VIRTIO_MEMORY_ACCESS
>> def_bool n
>>
>> config AMD_MEM_ENCRYPT
>> diff --git a/arch/x86/kernel/cpu/mshyperv.c b/arch/x86/kernel/cpu/mshyperv.c
>> index 4b67094215bb..965518b9d14b 100644
>> --- a/arch/x86/kernel/cpu/mshyperv.c
>> +++ b/arch/x86/kernel/cpu/mshyperv.c
>> @@ -19,6 +19,7 @@
>> #include <linux/i8253.h>
>> #include <linux/random.h>
>> #include <linux/swiotlb.h>
>> +#include <linux/platform-feature.h>
>> #include <asm/processor.h>
>> #include <asm/hypervisor.h>
>> #include <asm/hyperv-tlfs.h>
>> @@ -347,8 +348,10 @@ static void __init ms_hyperv_init_platform(void)
>> #endif
>> /* Isolation VMs are unenlightened SEV-based VMs, thus this check: */
>> if (IS_ENABLED(CONFIG_AMD_MEM_ENCRYPT)) {
>> - if (hv_get_isolation_type() != HV_ISOLATION_TYPE_NONE)
>> + if (hv_get_isolation_type() != HV_ISOLATION_TYPE_NONE) {
>> cc_set_vendor(CC_VENDOR_HYPERV);
>> +
>> platform_set(PLATFORM_VIRTIO_RESTRICTED_MEM_ACCESS);
>> + }
>> }
>> }
>>
>
> Unless I'm misunderstanding something, the Hyper-V specific change isn't
> needed. Hyper-V doesn't support virtio in the first place, so it's a bit
> unexpected be setting a virtio-related flag in Hyper-V code. Also, Hyper-V
> guests call sev_setup_arch() with CC_ATTR_GUEST_MEM_ENCRYPT set,
> so this virtio-related flag will get set anyway via that path.
Okay, thanks. Will drop that chunk then.
Juergen
[-- Attachment #1.1.2: OpenPGP public key --]
[-- Type: application/pgp-keys, Size: 3149 bytes --]
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 495 bytes --]
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH v2 2/2] virtio: replace arch_has_restricted_virtio_memory_access()
2022-04-27 15:33 ` Juergen Gross via Virtualization
(?)
(?)
@ 2022-04-27 19:24 ` Oleksandr
-1 siblings, 0 replies; 11+ messages in thread
From: Oleksandr @ 2022-04-27 19:24 UTC (permalink / raw)
To: Juergen Gross
Cc: linux-kernel, linux-arch, x86, linux-s390, linux-hyperv,
virtualization, Arnd Bergmann, Heiko Carstens, Vasily Gorbik,
Alexander Gordeev, Christian Borntraeger, Sven Schnelle,
Thomas Gleixner, Ingo Molnar, Borislav Petkov, Dave Hansen,
H. Peter Anvin, K. Y. Srinivasan, Haiyang Zhang,
Stephen Hemminger, Wei Liu, Dexuan Cui, Andy Lutomirski,
Peter Zijlstra, Michael S. Tsirkin, Jason Wang,
Christoph Hellwig
On 27.04.22 18:33, Juergen Gross wrote:
Hello Juergen, all
> Instead of using arch_has_restricted_virtio_memory_access() together
> with CONFIG_ARCH_HAS_RESTRICTED_VIRTIO_MEMORY_ACCESS, replace those
> with platform_has() and a new platform feature
> PLATFORM_VIRTIO_RESTRICTED_MEM_ACCESS.
>
> Signed-off-by: Juergen Gross <jgross@suse.com>
> ---
> V2:
> - move setting of PLATFORM_VIRTIO_RESTRICTED_MEM_ACCESS in SEV case
> to sev_setup_arch().
V2 works as fine as V1 did. I have tested on Arm64 in the context of
xen-virtio enabling work [1]. Thank you!
Just small NIT below.
> ---
> arch/s390/Kconfig | 1 -
> arch/s390/mm/init.c | 13 +++----------
> arch/x86/Kconfig | 1 -
> arch/x86/kernel/cpu/mshyperv.c | 5 ++++-
> arch/x86/mm/mem_encrypt.c | 6 ------
> arch/x86/mm/mem_encrypt_amd.c | 4 ++++
> drivers/virtio/Kconfig | 6 ------
> drivers/virtio/virtio.c | 5 ++---
> include/linux/platform-feature.h | 3 ++-
> include/linux/virtio_config.h | 9 ---------
> 10 files changed, 15 insertions(+), 38 deletions(-)
>
> diff --git a/arch/s390/Kconfig b/arch/s390/Kconfig
> index e084c72104f8..f97a22ae69a8 100644
> --- a/arch/s390/Kconfig
> +++ b/arch/s390/Kconfig
> @@ -772,7 +772,6 @@ menu "Virtualization"
> config PROTECTED_VIRTUALIZATION_GUEST
> def_bool n
> prompt "Protected virtualization guest support"
> - select ARCH_HAS_RESTRICTED_VIRTIO_MEMORY_ACCESS
> help
> Select this option, if you want to be able to run this
> kernel as a protected virtualization KVM guest.
> diff --git a/arch/s390/mm/init.c b/arch/s390/mm/init.c
> index 86ffd0d51fd5..2c3b451813ed 100644
> --- a/arch/s390/mm/init.c
> +++ b/arch/s390/mm/init.c
> @@ -31,6 +31,7 @@
> #include <linux/cma.h>
> #include <linux/gfp.h>
> #include <linux/dma-direct.h>
> +#include <linux/platform-feature.h>
> #include <asm/processor.h>
> #include <linux/uaccess.h>
> #include <asm/pgalloc.h>
> @@ -168,22 +169,14 @@ bool force_dma_unencrypted(struct device *dev)
> return is_prot_virt_guest();
> }
>
> -#ifdef CONFIG_ARCH_HAS_RESTRICTED_VIRTIO_MEMORY_ACCESS
> -
> -int arch_has_restricted_virtio_memory_access(void)
> -{
> - return is_prot_virt_guest();
> -}
> -EXPORT_SYMBOL(arch_has_restricted_virtio_memory_access);
> -
> -#endif
> -
> /* protected virtualization */
> static void pv_init(void)
> {
> if (!is_prot_virt_guest())
> return;
>
> + platform_set(PLATFORM_VIRTIO_RESTRICTED_MEM_ACCESS);
> +
> /* make sure bounce buffers are shared */
> swiotlb_force = SWIOTLB_FORCE;
> swiotlb_init(1);
> diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
> index b0142e01002e..20ac72546ae4 100644
> --- a/arch/x86/Kconfig
> +++ b/arch/x86/Kconfig
> @@ -1515,7 +1515,6 @@ config X86_CPA_STATISTICS
> config X86_MEM_ENCRYPT
> select ARCH_HAS_FORCE_DMA_UNENCRYPTED
> select DYNAMIC_PHYSICAL_MASK
> - select ARCH_HAS_RESTRICTED_VIRTIO_MEMORY_ACCESS
> def_bool n
>
> config AMD_MEM_ENCRYPT
> diff --git a/arch/x86/kernel/cpu/mshyperv.c b/arch/x86/kernel/cpu/mshyperv.c
> index 4b67094215bb..965518b9d14b 100644
> --- a/arch/x86/kernel/cpu/mshyperv.c
> +++ b/arch/x86/kernel/cpu/mshyperv.c
> @@ -19,6 +19,7 @@
> #include <linux/i8253.h>
> #include <linux/random.h>
> #include <linux/swiotlb.h>
> +#include <linux/platform-feature.h>
> #include <asm/processor.h>
> #include <asm/hypervisor.h>
> #include <asm/hyperv-tlfs.h>
> @@ -347,8 +348,10 @@ static void __init ms_hyperv_init_platform(void)
> #endif
> /* Isolation VMs are unenlightened SEV-based VMs, thus this check: */
> if (IS_ENABLED(CONFIG_AMD_MEM_ENCRYPT)) {
> - if (hv_get_isolation_type() != HV_ISOLATION_TYPE_NONE)
> + if (hv_get_isolation_type() != HV_ISOLATION_TYPE_NONE) {
> cc_set_vendor(CC_VENDOR_HYPERV);
> + platform_set(PLATFORM_VIRTIO_RESTRICTED_MEM_ACCESS);
> + }
> }
> }
>
> diff --git a/arch/x86/mm/mem_encrypt.c b/arch/x86/mm/mem_encrypt.c
> index 50d209939c66..9b6a7c98b2b1 100644
> --- a/arch/x86/mm/mem_encrypt.c
> +++ b/arch/x86/mm/mem_encrypt.c
> @@ -76,9 +76,3 @@ void __init mem_encrypt_init(void)
>
> print_mem_encrypt_feature_info();
> }
> -
> -int arch_has_restricted_virtio_memory_access(void)
> -{
> - return cc_platform_has(CC_ATTR_GUEST_MEM_ENCRYPT);
> -}
> -EXPORT_SYMBOL_GPL(arch_has_restricted_virtio_memory_access);
I assume, everywhere where <linux/virtio_config.h> was specifically
included only for sake of arch_has_restricted_virtio_memory_access(),
the inclusion of <linux/virtio_config.h>
could be removed now.
> diff --git a/arch/x86/mm/mem_encrypt_amd.c b/arch/x86/mm/mem_encrypt_amd.c
> index 6169053c2854..39b71084d36b 100644
> --- a/arch/x86/mm/mem_encrypt_amd.c
> +++ b/arch/x86/mm/mem_encrypt_amd.c
> @@ -21,6 +21,7 @@
> #include <linux/dma-mapping.h>
> #include <linux/virtio_config.h>
> #include <linux/cc_platform.h>
> +#include <linux/platform-feature.h>
>
> #include <asm/tlbflush.h>
> #include <asm/fixmap.h>
> @@ -206,6 +207,9 @@ void __init sev_setup_arch(void)
> size = total_mem * 6 / 100;
> size = clamp_val(size, IO_TLB_DEFAULT_SIZE, SZ_1G);
> swiotlb_adjust_size(size);
> +
> + /* Set restricted memory access for virtio. */
> + platform_set(PLATFORM_VIRTIO_RESTRICTED_MEM_ACCESS);
> }
>
> static unsigned long pg_level_to_pfn(int level, pte_t *kpte, pgprot_t *ret_prot)
> diff --git a/drivers/virtio/Kconfig b/drivers/virtio/Kconfig
> index b5adf6abd241..a6dc8b5846fe 100644
> --- a/drivers/virtio/Kconfig
> +++ b/drivers/virtio/Kconfig
> @@ -6,12 +6,6 @@ config VIRTIO
> bus, such as CONFIG_VIRTIO_PCI, CONFIG_VIRTIO_MMIO, CONFIG_RPMSG
> or CONFIG_S390_GUEST.
>
> -config ARCH_HAS_RESTRICTED_VIRTIO_MEMORY_ACCESS
> - bool
> - help
> - This option is selected if the architecture may need to enforce
> - VIRTIO_F_ACCESS_PLATFORM
> -
> config VIRTIO_PCI_LIB
> tristate
> help
> diff --git a/drivers/virtio/virtio.c b/drivers/virtio/virtio.c
> index 22f15f444f75..371e16b18381 100644
> --- a/drivers/virtio/virtio.c
> +++ b/drivers/virtio/virtio.c
> @@ -5,6 +5,7 @@
> #include <linux/module.h>
> #include <linux/idr.h>
> #include <linux/of.h>
> +#include <linux/platform-feature.h>
> #include <uapi/linux/virtio_ids.h>
>
> /* Unique numbering for virtio devices. */
> @@ -170,12 +171,10 @@ EXPORT_SYMBOL_GPL(virtio_add_status);
> static int virtio_features_ok(struct virtio_device *dev)
> {
> unsigned status;
> - int ret;
>
> might_sleep();
>
> - ret = arch_has_restricted_virtio_memory_access();
> - if (ret) {
> + if (platform_has(PLATFORM_VIRTIO_RESTRICTED_MEM_ACCESS)) {
> if (!virtio_has_feature(dev, VIRTIO_F_VERSION_1)) {
> dev_warn(&dev->dev,
> "device must provide VIRTIO_F_VERSION_1\n");
> diff --git a/include/linux/platform-feature.h b/include/linux/platform-feature.h
> index 6ed859928b97..5e2f08554b38 100644
> --- a/include/linux/platform-feature.h
> +++ b/include/linux/platform-feature.h
> @@ -6,7 +6,8 @@
> #include <asm/platform-feature.h>
>
> /* The platform features are starting with the architecture specific ones. */
> -#define PLATFORM_FEAT_N (0 + PLATFORM_ARCH_FEAT_N)
> +#define PLATFORM_VIRTIO_RESTRICTED_MEM_ACCESS (0 + PLATFORM_ARCH_FEAT_N)
I would add a sentence describing the purpose of that "common" feature.
> +#define PLATFORM_FEAT_N (1 + PLATFORM_ARCH_FEAT_N)
>
> void platform_set(unsigned int feature);
> void platform_clear(unsigned int feature);
> diff --git a/include/linux/virtio_config.h b/include/linux/virtio_config.h
> index b341dd62aa4d..79498298519d 100644
> --- a/include/linux/virtio_config.h
> +++ b/include/linux/virtio_config.h
> @@ -559,13 +559,4 @@ static inline void virtio_cwrite64(struct virtio_device *vdev,
> _r; \
> })
>
> -#ifdef CONFIG_ARCH_HAS_RESTRICTED_VIRTIO_MEMORY_ACCESS
> -int arch_has_restricted_virtio_memory_access(void);
> -#else
> -static inline int arch_has_restricted_virtio_memory_access(void)
> -{
> - return 0;
> -}
> -#endif /* CONFIG_ARCH_HAS_RESTRICTED_VIRTIO_MEMORY_ACCESS */
> -
> #endif /* _LINUX_VIRTIO_CONFIG_H */
[1]
https://lore.kernel.org/lkml/1650646263-22047-1-git-send-email-olekstysh@gmail.com/T/#mf3eaee90da6bb2c52a4c4b36b9989dacc4e9c597
--
Regards,
Oleksandr Tyshchenko
^ permalink raw reply [flat|nested] 11+ messages in thread
end of thread, other threads:[~2022-04-27 19:24 UTC | newest]
Thread overview: 11+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-04-27 15:33 [PATCH v2 0/2] kernel: add new infrastructure for platform_has() support Juergen Gross
2022-04-27 15:33 ` Juergen Gross via Virtualization
2022-04-27 15:33 ` [PATCH v2 1/2] kernel: add platform_has() infrastructure Juergen Gross
2022-04-27 15:33 ` Juergen Gross via Virtualization
2022-04-27 15:33 ` [PATCH v2 2/2] virtio: replace arch_has_restricted_virtio_memory_access() Juergen Gross
2022-04-27 15:33 ` Juergen Gross via Virtualization
2022-04-27 16:30 ` Michael Kelley (LINUX) via Virtualization
2022-04-27 16:30 ` Michael Kelley (LINUX)
2022-04-27 18:36 ` Juergen Gross via Virtualization
2022-04-27 18:36 ` Juergen Gross
2022-04-27 19:24 ` Oleksandr
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.