From: Pierre Morel <pmorel@linux.ibm.com>
To: linux-kernel@vger.kernel.org
Cc: pasic@linux.ibm.com, borntraeger@de.ibm.com,
frankja@linux.ibm.com, mst@redhat.com, jasowang@redhat.com,
cohuck@redhat.com, kvm@vger.kernel.org,
linux-s390@vger.kernel.org,
virtualization@lists.linux-foundation.org,
thomas.lendacky@amd.com, david@gibson.dropbear.id.au,
linuxram@us.ibm.com, hca@linux.ibm.com, gor@linux.ibm.com
Subject: [PATCH v10 2/2] s390: virtio: PV needs VIRTIO I/O device protection
Date: Mon, 31 Aug 2020 11:09:46 +0200 [thread overview]
Message-ID: <1598864986-13875-3-git-send-email-pmorel@linux.ibm.com> (raw)
In-Reply-To: <1598864986-13875-1-git-send-email-pmorel@linux.ibm.com>
If protected virtualization is active on s390, VIRTIO has only retricted
access to the guest memory.
Define CONFIG_ARCH_HAS_RESTRICTED_VIRTIO_MEMORY_ACCESS and export
arch_has_restricted_virtio_memory_access to advertize VIRTIO if that's
the case, preventing a host error on access attempt.
Signed-off-by: Pierre Morel <pmorel@linux.ibm.com>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
---
arch/s390/Kconfig | 1 +
arch/s390/mm/init.c | 10 ++++++++++
2 files changed, 11 insertions(+)
diff --git a/arch/s390/Kconfig b/arch/s390/Kconfig
index 9cfd8de907cb..c12422c26389 100644
--- a/arch/s390/Kconfig
+++ b/arch/s390/Kconfig
@@ -820,6 +820,7 @@ menu "Virtualization"
config PROTECTED_VIRTUALIZATION_GUEST
def_bool n
prompt "Protected virtualization guest support"
+ select ARCH_HAS_RESTRICTED_VIRTIO_MEMORY_ACCESS
help
Select this option, if you want to be able to run this
kernel as a protected virtualization KVM guest.
diff --git a/arch/s390/mm/init.c b/arch/s390/mm/init.c
index 6dc7c3b60ef6..5f289ab1b0d2 100644
--- a/arch/s390/mm/init.c
+++ b/arch/s390/mm/init.c
@@ -161,6 +161,16 @@ bool force_dma_unencrypted(struct device *dev)
return is_prot_virt_guest();
}
+#ifdef CONFIG_ARCH_HAS_RESTRICTED_VIRTIO_MEMORY_ACCESS
+
+int arch_has_restricted_virtio_memory_access(void)
+{
+ return is_prot_virt_guest();
+}
+EXPORT_SYMBOL(arch_has_restricted_virtio_memory_access);
+
+#endif
+
/* protected virtualization */
static void pv_init(void)
{
--
2.25.1
WARNING: multiple messages have this Message-ID (diff)
From: Pierre Morel <pmorel@linux.ibm.com>
To: linux-kernel@vger.kernel.org
Cc: gor@linux.ibm.com, linux-s390@vger.kernel.org,
frankja@linux.ibm.com, kvm@vger.kernel.org, mst@redhat.com,
cohuck@redhat.com, linuxram@us.ibm.com,
virtualization@lists.linux-foundation.org, pasic@linux.ibm.com,
borntraeger@de.ibm.com, thomas.lendacky@amd.com,
hca@linux.ibm.com, david@gibson.dropbear.id.au
Subject: [PATCH v10 2/2] s390: virtio: PV needs VIRTIO I/O device protection
Date: Mon, 31 Aug 2020 11:09:46 +0200 [thread overview]
Message-ID: <1598864986-13875-3-git-send-email-pmorel@linux.ibm.com> (raw)
In-Reply-To: <1598864986-13875-1-git-send-email-pmorel@linux.ibm.com>
If protected virtualization is active on s390, VIRTIO has only retricted
access to the guest memory.
Define CONFIG_ARCH_HAS_RESTRICTED_VIRTIO_MEMORY_ACCESS and export
arch_has_restricted_virtio_memory_access to advertize VIRTIO if that's
the case, preventing a host error on access attempt.
Signed-off-by: Pierre Morel <pmorel@linux.ibm.com>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
---
arch/s390/Kconfig | 1 +
arch/s390/mm/init.c | 10 ++++++++++
2 files changed, 11 insertions(+)
diff --git a/arch/s390/Kconfig b/arch/s390/Kconfig
index 9cfd8de907cb..c12422c26389 100644
--- a/arch/s390/Kconfig
+++ b/arch/s390/Kconfig
@@ -820,6 +820,7 @@ menu "Virtualization"
config PROTECTED_VIRTUALIZATION_GUEST
def_bool n
prompt "Protected virtualization guest support"
+ select ARCH_HAS_RESTRICTED_VIRTIO_MEMORY_ACCESS
help
Select this option, if you want to be able to run this
kernel as a protected virtualization KVM guest.
diff --git a/arch/s390/mm/init.c b/arch/s390/mm/init.c
index 6dc7c3b60ef6..5f289ab1b0d2 100644
--- a/arch/s390/mm/init.c
+++ b/arch/s390/mm/init.c
@@ -161,6 +161,16 @@ bool force_dma_unencrypted(struct device *dev)
return is_prot_virt_guest();
}
+#ifdef CONFIG_ARCH_HAS_RESTRICTED_VIRTIO_MEMORY_ACCESS
+
+int arch_has_restricted_virtio_memory_access(void)
+{
+ return is_prot_virt_guest();
+}
+EXPORT_SYMBOL(arch_has_restricted_virtio_memory_access);
+
+#endif
+
/* protected virtualization */
static void pv_init(void)
{
--
2.25.1
_______________________________________________
Virtualization mailing list
Virtualization@lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/virtualization
next prev parent reply other threads:[~2020-08-31 9:10 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-08-31 9:09 [PATCH v10 0/2] s390: virtio: let arch validate VIRTIO features Pierre Morel
2020-08-31 9:09 ` Pierre Morel
2020-08-31 9:09 ` [PATCH v10 1/2] virtio: let arch advertise guest's memory access restrictions Pierre Morel
2020-08-31 9:09 ` Pierre Morel
2020-08-31 9:09 ` Pierre Morel [this message]
2020-08-31 9:09 ` [PATCH v10 2/2] s390: virtio: PV needs VIRTIO I/O device protection Pierre Morel
2020-08-31 12:11 ` kernel test robot
2020-08-31 12:11 ` kernel test robot
2020-08-31 12:11 ` kernel test robot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1598864986-13875-3-git-send-email-pmorel@linux.ibm.com \
--to=pmorel@linux.ibm.com \
--cc=borntraeger@de.ibm.com \
--cc=cohuck@redhat.com \
--cc=david@gibson.dropbear.id.au \
--cc=frankja@linux.ibm.com \
--cc=gor@linux.ibm.com \
--cc=hca@linux.ibm.com \
--cc=jasowang@redhat.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-s390@vger.kernel.org \
--cc=linuxram@us.ibm.com \
--cc=mst@redhat.com \
--cc=pasic@linux.ibm.com \
--cc=thomas.lendacky@amd.com \
--cc=virtualization@lists.linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.