From: Pierre Morel <pmorel@linux.ibm.com> To: linux-kernel@vger.kernel.org Cc: pasic@linux.ibm.com, borntraeger@de.ibm.com, frankja@linux.ibm.com, mst@redhat.com, jasowang@redhat.com, cohuck@redhat.com, kvm@vger.kernel.org, linux-s390@vger.kernel.org, virtualization@lists.linux-foundation.org, thomas.lendacky@amd.com, david@gibson.dropbear.id.au, linuxram@us.ibm.com, hca@linux.ibm.com, gor@linux.ibm.com Subject: [PATCH v10 2/2] s390: virtio: PV needs VIRTIO I/O device protection Date: Mon, 31 Aug 2020 11:09:46 +0200 [thread overview] Message-ID: <1598864986-13875-3-git-send-email-pmorel@linux.ibm.com> (raw) In-Reply-To: <1598864986-13875-1-git-send-email-pmorel@linux.ibm.com> If protected virtualization is active on s390, VIRTIO has only retricted access to the guest memory. Define CONFIG_ARCH_HAS_RESTRICTED_VIRTIO_MEMORY_ACCESS and export arch_has_restricted_virtio_memory_access to advertize VIRTIO if that's the case, preventing a host error on access attempt. Signed-off-by: Pierre Morel <pmorel@linux.ibm.com> Reviewed-by: Cornelia Huck <cohuck@redhat.com> --- arch/s390/Kconfig | 1 + arch/s390/mm/init.c | 10 ++++++++++ 2 files changed, 11 insertions(+) diff --git a/arch/s390/Kconfig b/arch/s390/Kconfig index 9cfd8de907cb..c12422c26389 100644 --- a/arch/s390/Kconfig +++ b/arch/s390/Kconfig @@ -820,6 +820,7 @@ menu "Virtualization" config PROTECTED_VIRTUALIZATION_GUEST def_bool n prompt "Protected virtualization guest support" + select ARCH_HAS_RESTRICTED_VIRTIO_MEMORY_ACCESS help Select this option, if you want to be able to run this kernel as a protected virtualization KVM guest. diff --git a/arch/s390/mm/init.c b/arch/s390/mm/init.c index 6dc7c3b60ef6..5f289ab1b0d2 100644 --- a/arch/s390/mm/init.c +++ b/arch/s390/mm/init.c @@ -161,6 +161,16 @@ bool force_dma_unencrypted(struct device *dev) return is_prot_virt_guest(); } +#ifdef CONFIG_ARCH_HAS_RESTRICTED_VIRTIO_MEMORY_ACCESS + +int arch_has_restricted_virtio_memory_access(void) +{ + return is_prot_virt_guest(); +} +EXPORT_SYMBOL(arch_has_restricted_virtio_memory_access); + +#endif + /* protected virtualization */ static void pv_init(void) { -- 2.25.1
WARNING: multiple messages have this Message-ID (diff)
From: Pierre Morel <pmorel@linux.ibm.com> To: linux-kernel@vger.kernel.org Cc: gor@linux.ibm.com, linux-s390@vger.kernel.org, frankja@linux.ibm.com, kvm@vger.kernel.org, mst@redhat.com, cohuck@redhat.com, linuxram@us.ibm.com, virtualization@lists.linux-foundation.org, pasic@linux.ibm.com, borntraeger@de.ibm.com, thomas.lendacky@amd.com, hca@linux.ibm.com, david@gibson.dropbear.id.au Subject: [PATCH v10 2/2] s390: virtio: PV needs VIRTIO I/O device protection Date: Mon, 31 Aug 2020 11:09:46 +0200 [thread overview] Message-ID: <1598864986-13875-3-git-send-email-pmorel@linux.ibm.com> (raw) In-Reply-To: <1598864986-13875-1-git-send-email-pmorel@linux.ibm.com> If protected virtualization is active on s390, VIRTIO has only retricted access to the guest memory. Define CONFIG_ARCH_HAS_RESTRICTED_VIRTIO_MEMORY_ACCESS and export arch_has_restricted_virtio_memory_access to advertize VIRTIO if that's the case, preventing a host error on access attempt. Signed-off-by: Pierre Morel <pmorel@linux.ibm.com> Reviewed-by: Cornelia Huck <cohuck@redhat.com> --- arch/s390/Kconfig | 1 + arch/s390/mm/init.c | 10 ++++++++++ 2 files changed, 11 insertions(+) diff --git a/arch/s390/Kconfig b/arch/s390/Kconfig index 9cfd8de907cb..c12422c26389 100644 --- a/arch/s390/Kconfig +++ b/arch/s390/Kconfig @@ -820,6 +820,7 @@ menu "Virtualization" config PROTECTED_VIRTUALIZATION_GUEST def_bool n prompt "Protected virtualization guest support" + select ARCH_HAS_RESTRICTED_VIRTIO_MEMORY_ACCESS help Select this option, if you want to be able to run this kernel as a protected virtualization KVM guest. diff --git a/arch/s390/mm/init.c b/arch/s390/mm/init.c index 6dc7c3b60ef6..5f289ab1b0d2 100644 --- a/arch/s390/mm/init.c +++ b/arch/s390/mm/init.c @@ -161,6 +161,16 @@ bool force_dma_unencrypted(struct device *dev) return is_prot_virt_guest(); } +#ifdef CONFIG_ARCH_HAS_RESTRICTED_VIRTIO_MEMORY_ACCESS + +int arch_has_restricted_virtio_memory_access(void) +{ + return is_prot_virt_guest(); +} +EXPORT_SYMBOL(arch_has_restricted_virtio_memory_access); + +#endif + /* protected virtualization */ static void pv_init(void) { -- 2.25.1 _______________________________________________ Virtualization mailing list Virtualization@lists.linux-foundation.org https://lists.linuxfoundation.org/mailman/listinfo/virtualization
next prev parent reply other threads:[~2020-08-31 9:10 UTC|newest] Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top 2020-08-31 9:09 [PATCH v10 0/2] s390: virtio: let arch validate VIRTIO features Pierre Morel 2020-08-31 9:09 ` Pierre Morel 2020-08-31 9:09 ` [PATCH v10 1/2] virtio: let arch advertise guest's memory access restrictions Pierre Morel 2020-08-31 9:09 ` Pierre Morel 2020-08-31 9:09 ` Pierre Morel [this message] 2020-08-31 9:09 ` [PATCH v10 2/2] s390: virtio: PV needs VIRTIO I/O device protection Pierre Morel 2020-08-31 12:11 ` kernel test robot 2020-08-31 12:11 ` kernel test robot 2020-08-31 12:11 ` kernel test robot
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=1598864986-13875-3-git-send-email-pmorel@linux.ibm.com \ --to=pmorel@linux.ibm.com \ --cc=borntraeger@de.ibm.com \ --cc=cohuck@redhat.com \ --cc=david@gibson.dropbear.id.au \ --cc=frankja@linux.ibm.com \ --cc=gor@linux.ibm.com \ --cc=hca@linux.ibm.com \ --cc=jasowang@redhat.com \ --cc=kvm@vger.kernel.org \ --cc=linux-kernel@vger.kernel.org \ --cc=linux-s390@vger.kernel.org \ --cc=linuxram@us.ibm.com \ --cc=mst@redhat.com \ --cc=pasic@linux.ibm.com \ --cc=thomas.lendacky@amd.com \ --cc=virtualization@lists.linux-foundation.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.