From: "tip-bot2 for Tom Lendacky" <tip-bot2@linutronix.de>
To: linux-tip-commits@vger.kernel.org
Cc: kernel test robot <lkp@intel.com>,
Tom Lendacky <thomas.lendacky@amd.com>,
Borislav Petkov <bp@suse.de>,
x86@kernel.org, linux-kernel@vger.kernel.org
Subject: [tip: x86/seves] x86/virtio: Have SEV guests enforce restricted virtio memory access
Date: Mon, 08 Mar 2021 19:45:16 -0000 [thread overview]
Message-ID: <161523271617.398.12783069066955429974.tip-bot2@tip-bot2> (raw)
In-Reply-To: =?utf-8?q?=3Cb46e0211f77ca1831f11132f969d470a6ffc9267=2E16148?= =?utf-8?q?97610=2Egit=2Ethomas=2Elendacky=40amd=2Ecom=3E?=
The following commit has been merged into the x86/seves branch of tip:
Commit-ID: 229164175ff0c61ff581e6bf37fbfcb608b6e9bb
Gitweb: https://git.kernel.org/tip/229164175ff0c61ff581e6bf37fbfcb608b6e9bb
Author: Tom Lendacky <thomas.lendacky@amd.com>
AuthorDate: Thu, 04 Mar 2021 16:40:11 -06:00
Committer: Borislav Petkov <bp@suse.de>
CommitterDate: Mon, 08 Mar 2021 20:41:33 +01:00
x86/virtio: Have SEV guests enforce restricted virtio memory access
An SEV guest requires that virtio devices use the DMA API to allow the
hypervisor to successfully access guest memory as needed.
The VIRTIO_F_VERSION_1 and VIRTIO_F_ACCESS_PLATFORM features tell virtio
to use the DMA API. Add arch_has_restricted_virtio_memory_access() for
x86, to fail the device probe if these features have not been set for the
device when running as an SEV guest.
[ bp: Fix -Wmissing-prototypes warning
Reported-by: kernel test robot <lkp@intel.com> ]
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Link: https://lkml.kernel.org/r/b46e0211f77ca1831f11132f969d470a6ffc9267.1614897610.git.thomas.lendacky@amd.com
---
arch/x86/Kconfig | 1 +
arch/x86/mm/mem_encrypt.c | 6 ++++++
2 files changed, 7 insertions(+)
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index 2792879..e80e726 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -1518,6 +1518,7 @@ config AMD_MEM_ENCRYPT
select ARCH_USE_MEMREMAP_PROT
select ARCH_HAS_FORCE_DMA_UNENCRYPTED
select INSTRUCTION_DECODER
+ select ARCH_HAS_RESTRICTED_VIRTIO_MEMORY_ACCESS
help
Say yes to enable support for the encryption of system memory.
This requires an AMD processor that supports Secure Memory
diff --git a/arch/x86/mm/mem_encrypt.c b/arch/x86/mm/mem_encrypt.c
index 4b01f7d..f3eb53f 100644
--- a/arch/x86/mm/mem_encrypt.c
+++ b/arch/x86/mm/mem_encrypt.c
@@ -19,6 +19,7 @@
#include <linux/kernel.h>
#include <linux/bitops.h>
#include <linux/dma-mapping.h>
+#include <linux/virtio_config.h>
#include <asm/tlbflush.h>
#include <asm/fixmap.h>
@@ -484,3 +485,8 @@ void __init mem_encrypt_init(void)
print_mem_encrypt_feature_info();
}
+int arch_has_restricted_virtio_memory_access(void)
+{
+ return sev_active();
+}
+EXPORT_SYMBOL_GPL(arch_has_restricted_virtio_memory_access);
next reply other threads:[~2021-03-08 19:45 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-03-08 19:45 tip-bot2 for Tom Lendacky [this message]
-- strict thread matches above, loose matches on Subject: below --
2021-03-08 12:22 [tip: x86/seves] x86/virtio: Have SEV guests enforce restricted virtio memory access tip-bot2 for Tom Lendacky
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=161523271617.398.12783069066955429974.tip-bot2@tip-bot2 \
--to=tip-bot2@linutronix.de \
--cc=bp@suse.de \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-tip-commits@vger.kernel.org \
--cc=lkp@intel.com \
--cc=thomas.lendacky@amd.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).