search for: force_dma_unencrypt

...> 1. Do all CPU families we care about (which are?) support IOMMU? Ex: > would it recognize an ARM thingie with SMMU? [1] In Message-ID: <6356ba7f-afab-75e1-05ff-4a22b88c610e at linux.ibm.com> (as answer to Jason) I modified the patch and propose to take care of this problem by using force_dma_unencrypted() inside virtio core instead of a S390 specific test. If we use force_dma_unencrypted(dev) to check if we must refuse a device without the VIRTIO_F_IOMMU_PLATFORM feature, we are safe: only architectures defining CONFIG_ARCH_HAS_FORCE_DMA_UNENCRYPTED will have to define force_dma_unencrypted(...

...ve the possibility to provide the device >> as argument and take actions depending it, this may answer Halil's >> concern. >> >> Regards, >> Pierre >> > > hum, in between I found another way which seems to me much better: > > We already have the force_dma_unencrypted() function available which > AFAIU is what we want for encrypted memory protection and is already > used by power and x86 SEV/SME in a way that seems AFAIU compatible > with our problem. > > Even DMA and IOMMU are different things, I think they should be used > together in o...

...ve the possibility to provide the device >> as argument and take actions depending it, this may answer Halil's >> concern. >> >> Regards, >> Pierre >> > > hum, in between I found another way which seems to me much better: > > We already have the force_dma_unencrypted() function available which > AFAIU is what we want for encrypted memory protection and is already > used by power and x86 SEV/SME in a way that seems AFAIU compatible > with our problem. > > Even DMA and IOMMU are different things, I think they should be used > together in o...

On Mon, 15 Jun 2020 11:01:55 +0800 Jason Wang <jasowang at redhat.com> wrote: > > hum, in between I found another way which seems to me much better: > > > > We already have the force_dma_unencrypted() function available which > > AFAIU is what we want for encrypted memory protection and is already > > used by power and x86 SEV/SME in a way that seems AFAIU compatible > > with our problem. > > > > Even DMA and IOMMU are different things, I think they should be...

...ude <asm/uv.h> > +#include <linux/virtio.h> arch/s390/mm/init.c including virtio.h looks a bit strange to me, but if Heiko and Vasily don't mind, neither do I. > > pgd_t swapper_pg_dir[PTRS_PER_PGD] __section(.bss..swapper_pg_dir); > > @@ -162,6 +163,11 @@ bool force_dma_unencrypted(struct device *dev) > return is_prot_virt_guest(); > } > > +int arch_needs_iommu_platform(struct virtio_device *dev) Maybe prefixing the name with virtio_ would help provide the proper context. > +{ > + return is_prot_virt_guest(); > +} > + > /* protected virtu...

...ude <asm/uv.h> > +#include <linux/virtio.h> arch/s390/mm/init.c including virtio.h looks a bit strange to me, but if Heiko and Vasily don't mind, neither do I. > > pgd_t swapper_pg_dir[PTRS_PER_PGD] __section(.bss..swapper_pg_dir); > > @@ -162,6 +163,11 @@ bool force_dma_unencrypted(struct device *dev) > return is_prot_virt_guest(); > } > > +int arch_needs_iommu_platform(struct virtio_device *dev) Maybe prefixing the name with virtio_ would help provide the proper context. > +{ > + return is_prot_virt_guest(); > +} > + > /* protected virtu...

On 2020-06-11 05:10, Jason Wang wrote: > > On 2020/6/10 ??9:11, Pierre Morel wrote: >> Protected Virtualisation protects the memory of the guest and >> do not allow a the host to access all of its memory. >> >> Let's refuse a VIRTIO device which does not use IOMMU >> protected access. >> >> Signed-off-by: Pierre Morel <pmorel at

On 2020-06-11 05:10, Jason Wang wrote: > > On 2020/6/10 ??9:11, Pierre Morel wrote: >> Protected Virtualisation protects the memory of the guest and >> do not allow a the host to access all of its memory. >> >> Let's refuse a VIRTIO device which does not use IOMMU >> protected access. >> >> Signed-off-by: Pierre Morel <pmorel at

...it.c > @@ -45,6 +45,7 @@ > #include <asm/kasan.h> > #include <asm/dma-mapping.h> > #include <asm/uv.h> > +#include <linux/virtio_config.h> > > pgd_t swapper_pg_dir[PTRS_PER_PGD] __section(.bss..swapper_pg_dir); > > @@ -161,6 +162,32 @@ bool force_dma_unencrypted(struct device *dev) > return is_prot_virt_guest(); > } > > +/* > + * arch_validate_virtio_features > + * @dev: the VIRTIO device being added > + * > + * Return an error if required features are missing on a guest running > + * with protected virtualization. > +...

...it.c > @@ -45,6 +45,7 @@ > #include <asm/kasan.h> > #include <asm/dma-mapping.h> > #include <asm/uv.h> > +#include <linux/virtio_config.h> > > pgd_t swapper_pg_dir[PTRS_PER_PGD] __section(.bss..swapper_pg_dir); > > @@ -161,6 +162,32 @@ bool force_dma_unencrypted(struct device *dev) > return is_prot_virt_guest(); > } > > +/* > + * arch_validate_virtio_features > + * @dev: the VIRTIO device being added > + * > + * Return an error if required features are missing on a guest running > + * with protected virtualization. > +...

...ude <asm/kasan.h> > > > #include <asm/dma-mapping.h> > > > #include <asm/uv.h> > > > +#include <linux/virtio_config.h> > > > pgd_t swapper_pg_dir[PTRS_PER_PGD] __section(.bss..swapper_pg_dir); > > > @@ -161,6 +162,33 @@ bool force_dma_unencrypted(struct device *dev) > > > return is_prot_virt_guest(); > > > } > > > +/* > > > + * arch_validate_virtio_features > > > + * @dev: the VIRTIO device being added > > > + * > > > + * Return an error if required features are missing o...

...ude <asm/kasan.h> > > > #include <asm/dma-mapping.h> > > > #include <asm/uv.h> > > > +#include <linux/virtio_config.h> > > > pgd_t swapper_pg_dir[PTRS_PER_PGD] __section(.bss..swapper_pg_dir); > > > @@ -161,6 +162,33 @@ bool force_dma_unencrypted(struct device *dev) > > > return is_prot_virt_guest(); > > > } > > > +/* > > > + * arch_validate_virtio_features > > > + * @dev: the VIRTIO device being added > > > + * > > > + * Return an error if required features are missing o...

An architecture protecting the guest memory against unauthorized host access may want to enforce VIRTIO I/O device protection through the use of VIRTIO_F_IOMMU_PLATFORM. Let's give a chance to the architecture to accept or not devices without VIRTIO_F_IOMMU_PLATFORM. Pierre Morel (1): s390: virtio: let arch accept devices without IOMMU feature arch/s390/mm/init.c | 6 ++++++

On Tue, 16 Jun 2020 12:52:50 +0200 Pierre Morel <pmorel at linux.ibm.com> wrote: > On 2020-06-16 11:52, Halil Pasic wrote: > > On Mon, 15 Jun 2020 14:39:24 +0200 > > Pierre Morel <pmorel at linux.ibm.com> wrote: > >> @@ -162,6 +163,11 @@ bool force_dma_unencrypted(struct device *dev) > >> return is_prot_virt_guest(); > >> } > >> > >> +int arch_needs_iommu_platform(struct virtio_device *dev) > > > > Maybe prefixing the name with virtio_ would help provide the > > proper context. > > T...

...it.c > @@ -45,6 +45,7 @@ > #include <asm/kasan.h> > #include <asm/dma-mapping.h> > #include <asm/uv.h> > +#include <linux/virtio_config.h> > > pgd_t swapper_pg_dir[PTRS_PER_PGD] __section(.bss..swapper_pg_dir); > > @@ -161,6 +162,33 @@ bool force_dma_unencrypted(struct device *dev) > return is_prot_virt_guest(); > } > > +/* > + * arch_validate_virtio_features > + * @dev: the VIRTIO device being added > + * > + * Return an error if required features are missing on a guest running > + * with protected virtualization. > +...

...it.c > @@ -45,6 +45,7 @@ > #include <asm/kasan.h> > #include <asm/dma-mapping.h> > #include <asm/uv.h> > +#include <linux/virtio_config.h> > > pgd_t swapper_pg_dir[PTRS_PER_PGD] __section(.bss..swapper_pg_dir); > > @@ -161,6 +162,33 @@ bool force_dma_unencrypted(struct device *dev) > return is_prot_virt_guest(); > } > > +/* > + * arch_validate_virtio_features > + * @dev: the VIRTIO device being added > + * > + * Return an error if required features are missing on a guest running > + * with protected virtualization. > +...

An architecture protecting the guest memory against unauthorized host access may want to enforce VIRTIO I/O device protection through the use of VIRTIO_F_IOMMU_PLATFORM. Let's give a chance to the architecture to accept or not devices without VIRTIO_F_IOMMU_PLATFORM. Pierre Morel (1): s390: virtio: let arch accept devices without IOMMU feature arch/s390/mm/init.c | 6 ++++++

...exible. > > With a function, we also have the possibility to provide the device as > argument and take actions depending it, this may answer Halil's concern. > > Regards, > Pierre > hum, in between I found another way which seems to me much better: We already have the force_dma_unencrypted() function available which AFAIU is what we want for encrypted memory protection and is already used by power and x86 SEV/SME in a way that seems AFAIU compatible with our problem. Even DMA and IOMMU are different things, I think they should be used together in our case. What do you think?...

...; >> +#include <linux/virtio.h> > > arch/s390/mm/init.c including virtio.h looks a bit strange to me, but > if Heiko and Vasily don't mind, neither do I. Do we have a better place to install the hook? I though that since it is related to memory management and that, since force_dma_unencrypted already is there, it would be a good place. However, kvm-s390 is another candidate. > >> >> pgd_t swapper_pg_dir[PTRS_PER_PGD] __section(.bss..swapper_pg_dir); >> >> @@ -162,6 +163,11 @@ bool force_dma_unencrypted(struct device *dev) >> return is_pro...

...390/mm/init.c > @@ -45,6 +45,7 @@ > #include <asm/kasan.h> > #include <asm/dma-mapping.h> > #include <asm/uv.h> > +#include <linux/virtio.h> > > pgd_t swapper_pg_dir[PTRS_PER_PGD] __section(.bss..swapper_pg_dir); > > @@ -161,6 +162,11 @@ bool force_dma_unencrypted(struct device *dev) > return is_prot_virt_guest(); > } > > +int arch_needs_virtio_iommu_platform(struct virtio_device *dev) > +{ > + return is_prot_virt_guest(); > +} > + > /* protected virtualization */ > static void pv_init(void) Can we please stop dumping r...