From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.9 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,NICE_REPLY_A,SPF_HELO_NONE, SPF_PASS,USER_AGENT_SANE_1 autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6D767C47082 for ; Fri, 4 Jun 2021 01:55:09 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 4D983613E9 for ; Fri, 4 Jun 2021 01:55:09 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230092AbhFDB4x (ORCPT ); Thu, 3 Jun 2021 21:56:53 -0400 Received: from mga03.intel.com ([134.134.136.65]:1994 "EHLO mga03.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229576AbhFDB4w (ORCPT ); Thu, 3 Jun 2021 21:56:52 -0400 IronPort-SDR: 3XnTYcmaQXOXeoxoe61ium6nHmJkVUFErW3Q4kNd4smIa/MZgi5XvM7jVEFDyFY/aO0tV0n6WL k4O9YqEpmUvA== X-IronPort-AV: E=McAfee;i="6200,9189,10004"; a="204229355" X-IronPort-AV: E=Sophos;i="5.83,246,1616482800"; d="scan'208";a="204229355" Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by orsmga103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 03 Jun 2021 18:54:58 -0700 IronPort-SDR: GIuUhVXRQGGXpdsR8TZ9byLZ0RpOG9Jow67XS70dt0XTNpfjTOwpdL3cfgXqwC33OJXkMLPV2G TVxuxMDYq99g== X-IronPort-AV: E=Sophos;i="5.83,246,1616482800"; d="scan'208";a="550918837" Received: from akleen-mobl1.amr.corp.intel.com (HELO [10.209.7.237]) ([10.209.7.237]) by fmsmga001-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 03 Jun 2021 18:54:56 -0700 Subject: Re: [PATCH v1 1/8] virtio: Force only split mode with protected guest To: Andy Lutomirski , mst@redhat.com Cc: Jason Wang , virtualization@lists.linux-foundation.org, hch@lst.de, m.szyprowski@samsung.com, robin.murphy@arm.com, iommu@lists.linux-foundation.org, the arch/x86 maintainers , sathyanarayanan.kuppuswamy@linux.intel.com, Josh Poimboeuf , Linux Kernel Mailing List References: <20210603004133.4079390-1-ak@linux.intel.com> <20210603004133.4079390-2-ak@linux.intel.com> <2b2dec75-a0c1-4013-ac49-a49f30d5ac3c@www.fastmail.com> <3159e1f4-77cd-e071-b6f2-a2bb83cfc69a@linux.intel.com> <884f34e0-fcd2-bb82-9e9e-4269823fa9b2@linux.intel.com> <308e7187-1ea7-49a7-1083-84cf8654f52a@kernel.org> From: Andi Kleen Message-ID: Date: Thu, 3 Jun 2021 18:54:54 -0700 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.10.2 MIME-Version: 1.0 In-Reply-To: <308e7187-1ea7-49a7-1083-84cf8654f52a@kernel.org> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Content-Language: en-US Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org > For most Linux drivers, a report that a misbehaving device can corrupt > host memory is a bug, not a feature. If a USB device can corrupt kernel > memory, that's a serious bug. If a USB-C device can corrupt kernel > memory, that's also a serious bug, although, sadly, we probably have > lots of these bugs. If a Firewire device can corrupt kernel memory, > news at 11. If a Bluetooth or WiFi peer can corrupt kernel memory, > people write sonnets about it and give it clever names. Why is virtio > special? Well for most cases it's pointless because they don't have any memory protection anyways. Why break compatibility if it does not buy you anything? Anyways if you want to enable the restricted mode for something else, it's easy to do. The cases where it matters seem to already work on it, like the user space virtio ring. My changes for boundary checking are enabled unconditionally anyways, as well as the other patchkits. > > This one: > > int arch_has_restricted_virtio_memory_access(void) > +{ > + return is_tdx_guest(); > +} > > I'm looking at a fairly recent kernel, and I don't see anything for s390 > wired up in vring_use_dma_api. It's not using vring_use_dma_api, but enforces the DMA API at virtio ring setup time, same as SEV/TDX. -Andi