From: Stefano Stabellini <sstabellini@kernel.org>
To: Oleksandr <olekstysh@gmail.com>
Cc: Stefano Stabellini <sstabellini@kernel.org>,
xen-devel@lists.xenproject.org, linux-kernel@vger.kernel.org,
linux-arm-kernel@lists.infradead.org,
Oleksandr Tyshchenko <oleksandr_tyshchenko@epam.com>,
Russell King <linux@armlinux.org.uk>,
Boris Ostrovsky <boris.ostrovsky@oracle.com>,
Juergen Gross <jgross@suse.com>, Julien Grall <julien@xen.org>,
"Michael S. Tsirkin" <mst@redhat.com>,
Christoph Hellwig <hch@infradead.org>
Subject: Re: [RFC PATCH 4/6] virtio: Various updates to xen-virtio DMA ops layer
Date: Mon, 18 Apr 2022 12:11:16 -0700 (PDT) [thread overview]
Message-ID: <alpine.DEB.2.22.394.2204181156280.915916@ubuntu-linux-20-04-desktop> (raw)
In-Reply-To: <84f5264c-6b98-6d56-b7ca-61c19dc502ca@gmail.com>
[-- Attachment #1: Type: text/plain, Size: 4444 bytes --]
On Sun, 17 Apr 2022, Oleksandr wrote:
> On 16.04.22 01:02, Stefano Stabellini wrote:
> > On Thu, 14 Apr 2022, Oleksandr Tyshchenko wrote:
> > > From: Oleksandr Tyshchenko <oleksandr_tyshchenko@epam.com>
> > >
> > > In the context of current patch do the following:
> > > 1. Update code to support virtio-mmio devices
> > > 2. Introduce struct xen_virtio_data and account passed virtio devices
> > > (using list) as we need to store some per-device data
> > > 3. Add multi-page support for xen_virtio_dma_map(unmap)_page callbacks
> > > 4. Harden code against malicious backend
> > > 5. Change to use alloc_pages_exact() instead of __get_free_pages()
> > > 6. Introduce locking scheme to protect mappings (I am not 100% sure
> > > whether per-device lock is really needed)
> > > 7. Handle virtio device's DMA mask
> > > 8. Retrieve the ID of backend domain from DT for virtio-mmio device
> > > instead of hardcoding it.
> > >
> > > Signed-off-by: Oleksandr Tyshchenko <oleksandr_tyshchenko@epam.com>
> > > ---
> > > arch/arm/xen/enlighten.c | 11 +++
> > > drivers/xen/Kconfig | 2 +-
> > > drivers/xen/xen-virtio.c | 200
> > > ++++++++++++++++++++++++++++++++++++++++++-----
> > > include/xen/xen-ops.h | 5 ++
> > > 4 files changed, 196 insertions(+), 22 deletions(-)
> > >
> > > diff --git a/arch/arm/xen/enlighten.c b/arch/arm/xen/enlighten.c
> > > index ec5b082..870d92f 100644
> > > --- a/arch/arm/xen/enlighten.c
> > > +++ b/arch/arm/xen/enlighten.c
> > > @@ -409,6 +409,17 @@ int __init arch_xen_unpopulated_init(struct resource
> > > **res)
> > > }
> > > #endif
> > > +#ifdef CONFIG_ARCH_HAS_RESTRICTED_VIRTIO_MEMORY_ACCESS
> > > +int arch_has_restricted_virtio_memory_access(void)
> > > +{
> > > + if (IS_ENABLED(CONFIG_XEN_HVM_VIRTIO_GRANT) && xen_hvm_domain())
> > > + return 1;
> > Instead of xen_hvm_domain(), you can just use xen_domain(). Also there
> > is no need for the #ifdef
> > CONFIG_ARCH_HAS_RESTRICTED_VIRTIO_MEMORY_ACCESS, given that:
> >
> > CONFIG_XEN_HVM_VIRTIO_GRANT depends on XEN_VIRTIO which selects
> > ARCH_HAS_RESTRICTED_VIRTIO_MEMORY_ACCESS
>
>
> Yes, but please see my comments in commit #2 regarding
> CONFIG_XEN_HVM_VIRTIO_GRANT option and
> arch_has_restricted_virtio_memory_access() on Arm.
>
> I propose to have the following on Arm:
>
> int arch_has_restricted_virtio_memory_access(void)
> {
> return xen_has_restricted_virtio_memory_access();
> }
>
>
> where common xen.h contain a helper to be used by both Arm and x86:
>
> static inline int xen_has_restricted_virtio_memory_access(void)
> {
> if (IS_ENABLED(CONFIG_XEN_VIRTIO) && (xen_pv_domain() ||
> xen_hvm_domain()))
> return 1;
>
> return 0;
> }
>
>
> But I would be happy with what you propose as well.
As I wrote in the previous reply, I also prefer to share the code
between x86 and ARM, and I think it could look like:
int arch_has_restricted_virtio_memory_access(void)
{
return xen_has_restricted_virtio_memory_access();
}
[...]
static inline int xen_has_restricted_virtio_memory_access(void)
{
return (IS_ENABLED(CONFIG_XEN_VIRTIO) && xen_domain());
}
But let's check with Juergen and Boris.
> > > + return 0;
> > > +}
> > > +EXPORT_SYMBOL_GPL(arch_has_restricted_virtio_memory_access);
> > > +#endif
> > > +
> > > static void __init xen_dt_guest_init(void)
> > > {
> > > struct device_node *xen_node;
> > > diff --git a/drivers/xen/Kconfig b/drivers/xen/Kconfig
> > > index fc61f7a..56afe6a 100644
> > > --- a/drivers/xen/Kconfig
> > > +++ b/drivers/xen/Kconfig
> > > @@ -347,7 +347,7 @@ config XEN_VIRTIO
> > > config XEN_HVM_VIRTIO_GRANT
> > > bool "Require virtio for fully virtualized guests to use grant
> > > mappings"
> > > - depends on XEN_VIRTIO && X86_64
> > > + depends on XEN_VIRTIO && (X86_64 || ARM || ARM64)
> > you can remove the architectural dependencies
>
>
> According to the conversation in commit #2 we are considering just a single
> XEN_VIRTIO option, but it is going to has the
> same architectural dependencies: (X86_64 || ARM || ARM64)
>
> By removing the architectural dependencies here, we will leave also X86_32
> covered (neither XEN_HVM_VIRTIO_GRANT nor XEN_PV_VIRTIO covered it). I don't
> know whether it is ok or not.
>
> Shall I remove dependencies anyway?
No, good point. I don't know about X86_32. This is another detail where
Juergen or Boris should comment.
WARNING: multiple messages have this Message-ID (diff)
From: Stefano Stabellini <sstabellini@kernel.org>
To: Oleksandr <olekstysh@gmail.com>
Cc: Stefano Stabellini <sstabellini@kernel.org>,
xen-devel@lists.xenproject.org, linux-kernel@vger.kernel.org,
linux-arm-kernel@lists.infradead.org,
Oleksandr Tyshchenko <oleksandr_tyshchenko@epam.com>,
Russell King <linux@armlinux.org.uk>,
Boris Ostrovsky <boris.ostrovsky@oracle.com>,
Juergen Gross <jgross@suse.com>, Julien Grall <julien@xen.org>,
"Michael S. Tsirkin" <mst@redhat.com>,
Christoph Hellwig <hch@infradead.org>
Subject: Re: [RFC PATCH 4/6] virtio: Various updates to xen-virtio DMA ops layer
Date: Mon, 18 Apr 2022 12:11:16 -0700 (PDT) [thread overview]
Message-ID: <alpine.DEB.2.22.394.2204181156280.915916@ubuntu-linux-20-04-desktop> (raw)
In-Reply-To: <84f5264c-6b98-6d56-b7ca-61c19dc502ca@gmail.com>
[-- Attachment #1: Type: text/plain, Size: 4444 bytes --]
On Sun, 17 Apr 2022, Oleksandr wrote:
> On 16.04.22 01:02, Stefano Stabellini wrote:
> > On Thu, 14 Apr 2022, Oleksandr Tyshchenko wrote:
> > > From: Oleksandr Tyshchenko <oleksandr_tyshchenko@epam.com>
> > >
> > > In the context of current patch do the following:
> > > 1. Update code to support virtio-mmio devices
> > > 2. Introduce struct xen_virtio_data and account passed virtio devices
> > > (using list) as we need to store some per-device data
> > > 3. Add multi-page support for xen_virtio_dma_map(unmap)_page callbacks
> > > 4. Harden code against malicious backend
> > > 5. Change to use alloc_pages_exact() instead of __get_free_pages()
> > > 6. Introduce locking scheme to protect mappings (I am not 100% sure
> > > whether per-device lock is really needed)
> > > 7. Handle virtio device's DMA mask
> > > 8. Retrieve the ID of backend domain from DT for virtio-mmio device
> > > instead of hardcoding it.
> > >
> > > Signed-off-by: Oleksandr Tyshchenko <oleksandr_tyshchenko@epam.com>
> > > ---
> > > arch/arm/xen/enlighten.c | 11 +++
> > > drivers/xen/Kconfig | 2 +-
> > > drivers/xen/xen-virtio.c | 200
> > > ++++++++++++++++++++++++++++++++++++++++++-----
> > > include/xen/xen-ops.h | 5 ++
> > > 4 files changed, 196 insertions(+), 22 deletions(-)
> > >
> > > diff --git a/arch/arm/xen/enlighten.c b/arch/arm/xen/enlighten.c
> > > index ec5b082..870d92f 100644
> > > --- a/arch/arm/xen/enlighten.c
> > > +++ b/arch/arm/xen/enlighten.c
> > > @@ -409,6 +409,17 @@ int __init arch_xen_unpopulated_init(struct resource
> > > **res)
> > > }
> > > #endif
> > > +#ifdef CONFIG_ARCH_HAS_RESTRICTED_VIRTIO_MEMORY_ACCESS
> > > +int arch_has_restricted_virtio_memory_access(void)
> > > +{
> > > + if (IS_ENABLED(CONFIG_XEN_HVM_VIRTIO_GRANT) && xen_hvm_domain())
> > > + return 1;
> > Instead of xen_hvm_domain(), you can just use xen_domain(). Also there
> > is no need for the #ifdef
> > CONFIG_ARCH_HAS_RESTRICTED_VIRTIO_MEMORY_ACCESS, given that:
> >
> > CONFIG_XEN_HVM_VIRTIO_GRANT depends on XEN_VIRTIO which selects
> > ARCH_HAS_RESTRICTED_VIRTIO_MEMORY_ACCESS
>
>
> Yes, but please see my comments in commit #2 regarding
> CONFIG_XEN_HVM_VIRTIO_GRANT option and
> arch_has_restricted_virtio_memory_access() on Arm.
>
> I propose to have the following on Arm:
>
> int arch_has_restricted_virtio_memory_access(void)
> {
> return xen_has_restricted_virtio_memory_access();
> }
>
>
> where common xen.h contain a helper to be used by both Arm and x86:
>
> static inline int xen_has_restricted_virtio_memory_access(void)
> {
> if (IS_ENABLED(CONFIG_XEN_VIRTIO) && (xen_pv_domain() ||
> xen_hvm_domain()))
> return 1;
>
> return 0;
> }
>
>
> But I would be happy with what you propose as well.
As I wrote in the previous reply, I also prefer to share the code
between x86 and ARM, and I think it could look like:
int arch_has_restricted_virtio_memory_access(void)
{
return xen_has_restricted_virtio_memory_access();
}
[...]
static inline int xen_has_restricted_virtio_memory_access(void)
{
return (IS_ENABLED(CONFIG_XEN_VIRTIO) && xen_domain());
}
But let's check with Juergen and Boris.
> > > + return 0;
> > > +}
> > > +EXPORT_SYMBOL_GPL(arch_has_restricted_virtio_memory_access);
> > > +#endif
> > > +
> > > static void __init xen_dt_guest_init(void)
> > > {
> > > struct device_node *xen_node;
> > > diff --git a/drivers/xen/Kconfig b/drivers/xen/Kconfig
> > > index fc61f7a..56afe6a 100644
> > > --- a/drivers/xen/Kconfig
> > > +++ b/drivers/xen/Kconfig
> > > @@ -347,7 +347,7 @@ config XEN_VIRTIO
> > > config XEN_HVM_VIRTIO_GRANT
> > > bool "Require virtio for fully virtualized guests to use grant
> > > mappings"
> > > - depends on XEN_VIRTIO && X86_64
> > > + depends on XEN_VIRTIO && (X86_64 || ARM || ARM64)
> > you can remove the architectural dependencies
>
>
> According to the conversation in commit #2 we are considering just a single
> XEN_VIRTIO option, but it is going to has the
> same architectural dependencies: (X86_64 || ARM || ARM64)
>
> By removing the architectural dependencies here, we will leave also X86_32
> covered (neither XEN_HVM_VIRTIO_GRANT nor XEN_PV_VIRTIO covered it). I don't
> know whether it is ok or not.
>
> Shall I remove dependencies anyway?
No, good point. I don't know about X86_32. This is another detail where
Juergen or Boris should comment.
[-- Attachment #2: Type: text/plain, Size: 176 bytes --]
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2022-04-18 19:11 UTC|newest]
Thread overview: 80+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-04-14 19:19 [RFC PATCH 0/6] virtio: Solution to restrict memory access under Xen using xen-virtio DMA ops layer Oleksandr Tyshchenko
2022-04-14 19:19 ` Oleksandr Tyshchenko
2022-04-14 19:19 ` [RFC PATCH 1/6] xen/grants: support allocating consecutive grants Oleksandr Tyshchenko
2022-04-14 19:19 ` Oleksandr Tyshchenko
2022-04-14 19:19 ` [RFC PATCH 2/6] virtio: add option to restrict memory access under Xen Oleksandr Tyshchenko
2022-04-14 19:19 ` Oleksandr Tyshchenko
2022-04-14 19:43 ` H. Peter Anvin
2022-04-15 15:20 ` Oleksandr
2022-04-15 15:20 ` Oleksandr
2022-04-15 22:01 ` Stefano Stabellini
2022-04-17 17:02 ` Oleksandr
2022-04-17 17:02 ` Oleksandr
2022-04-18 19:11 ` Stefano Stabellini
2022-04-18 19:11 ` Stefano Stabellini
2022-04-19 6:21 ` Juergen Gross
2022-04-19 6:21 ` Juergen Gross
2022-04-19 6:37 ` Oleksandr
2022-04-19 6:37 ` Oleksandr
2022-04-14 19:19 ` [RFC PATCH 3/6] dt-bindings: xen: Add xen,dev-domid property description for xen-virtio layer Oleksandr Tyshchenko
2022-04-14 19:19 ` [RFC PATCH 3/6] dt-bindings: xen: Add xen, dev-domid " Oleksandr Tyshchenko
2022-04-15 22:01 ` [RFC PATCH 3/6] dt-bindings: xen: Add xen,dev-domid " Stefano Stabellini
2022-04-15 22:01 ` Stefano Stabellini
2022-04-17 17:24 ` Oleksandr
2022-04-17 17:24 ` Oleksandr
2022-04-14 19:19 ` [RFC PATCH 4/6] virtio: Various updates to xen-virtio DMA ops layer Oleksandr Tyshchenko
2022-04-14 19:19 ` Oleksandr Tyshchenko
2022-04-15 22:02 ` Stefano Stabellini
2022-04-15 22:02 ` Stefano Stabellini
2022-04-17 18:21 ` Oleksandr
2022-04-17 18:21 ` Oleksandr
2022-04-18 19:11 ` Stefano Stabellini [this message]
2022-04-18 19:11 ` Stefano Stabellini
2022-04-19 6:58 ` Juergen Gross
2022-04-19 6:58 ` Juergen Gross
2022-04-19 7:07 ` Oleksandr
2022-04-19 7:07 ` Oleksandr
2022-04-16 6:05 ` Christoph Hellwig
2022-04-16 6:05 ` Christoph Hellwig
2022-04-17 18:39 ` Oleksandr
2022-04-17 18:39 ` Oleksandr
2022-04-14 19:19 ` [RFC PATCH 5/6] arm/xen: Introduce xen_setup_dma_ops() Oleksandr Tyshchenko
2022-04-14 19:19 ` Oleksandr Tyshchenko
2022-04-15 22:02 ` Stefano Stabellini
2022-04-15 22:02 ` Stefano Stabellini
2022-04-17 18:43 ` Oleksandr
2022-04-17 18:43 ` Oleksandr
2022-04-14 19:19 ` [RFC PATCH 6/6] arm/xen: Assign xen-virtio DMA ops for virtio devices in Xen guests Oleksandr Tyshchenko
2022-04-14 19:19 ` Oleksandr Tyshchenko
2022-04-15 22:02 ` Stefano Stabellini
2022-04-15 22:02 ` Stefano Stabellini
2022-04-16 6:07 ` Christoph Hellwig
2022-04-16 6:07 ` Christoph Hellwig
2022-04-17 21:05 ` Oleksandr
2022-04-17 21:05 ` Oleksandr
2022-04-18 19:11 ` Stefano Stabellini
2022-04-18 19:11 ` Stefano Stabellini
2022-04-19 12:17 ` Oleksandr
2022-04-19 12:17 ` Oleksandr
2022-04-19 14:48 ` Juergen Gross
2022-04-19 14:48 ` Juergen Gross
2022-04-19 17:11 ` Oleksandr
2022-04-19 17:11 ` Oleksandr
2022-04-20 0:23 ` Stefano Stabellini
2022-04-20 0:23 ` Stefano Stabellini
2022-04-20 9:00 ` Oleksandr
2022-04-20 9:00 ` Oleksandr
2022-04-20 22:49 ` Stefano Stabellini
2022-04-20 22:49 ` Stefano Stabellini
2022-04-17 19:20 ` Oleksandr
2022-04-17 19:20 ` Oleksandr
2022-04-15 7:41 ` [RFC PATCH 0/6] virtio: Solution to restrict memory access under Xen using xen-virtio DMA ops layer Christoph Hellwig
2022-04-15 7:41 ` Christoph Hellwig
2022-04-15 7:41 ` Christoph Hellwig
2022-04-15 10:04 ` Oleksandr
2022-04-15 10:04 ` Oleksandr
2022-04-15 8:44 ` Michael S. Tsirkin
2022-04-15 8:44 ` Michael S. Tsirkin
2022-04-15 8:44 ` Michael S. Tsirkin
2022-04-15 15:29 ` Oleksandr
2022-04-15 15:29 ` Oleksandr
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=alpine.DEB.2.22.394.2204181156280.915916@ubuntu-linux-20-04-desktop \
--to=sstabellini@kernel.org \
--cc=boris.ostrovsky@oracle.com \
--cc=hch@infradead.org \
--cc=jgross@suse.com \
--cc=julien@xen.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux@armlinux.org.uk \
--cc=mst@redhat.com \
--cc=oleksandr_tyshchenko@epam.com \
--cc=olekstysh@gmail.com \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.