similar to: [PATCH] s390: protvirt: virtio: Refuse device without IOMMU

On 2020-06-12 11:21, Pierre Morel wrote: > > > On 2020-06-11 05:10, Jason Wang wrote: >> >> On 2020/6/10 ??9:11, Pierre Morel wrote: >>> Protected Virtualisation protects the memory of the guest and >>> do not allow a the host to access all of its memory. >>> >>> Let's refuse a VIRTIO device which does not use IOMMU >>>

On 2020/6/12 ??7:38, Pierre Morel wrote: > > > On 2020-06-12 11:21, Pierre Morel wrote: >> >> >> On 2020-06-11 05:10, Jason Wang wrote: >>> >>> On 2020/6/10 ??9:11, Pierre Morel wrote: >>>> Protected Virtualisation protects the memory of the guest and >>>> do not allow a the host to access all of its memory. >>>>

On 2020/6/12 ??7:38, Pierre Morel wrote: > > > On 2020-06-12 11:21, Pierre Morel wrote: >> >> >> On 2020-06-11 05:10, Jason Wang wrote: >>> >>> On 2020/6/10 ??9:11, Pierre Morel wrote: >>>> Protected Virtualisation protects the memory of the guest and >>>> do not allow a the host to access all of its memory. >>>>

On 2020-06-11 05:10, Jason Wang wrote: > > On 2020/6/10 ??9:11, Pierre Morel wrote: >> Protected Virtualisation protects the memory of the guest and >> do not allow a the host to access all of its memory. >> >> Let's refuse a VIRTIO device which does not use IOMMU >> protected access. >> >> Signed-off-by: Pierre Morel <pmorel at

On 2020-06-11 05:10, Jason Wang wrote: > > On 2020/6/10 ??9:11, Pierre Morel wrote: >> Protected Virtualisation protects the memory of the guest and >> do not allow a the host to access all of its memory. >> >> Let's refuse a VIRTIO device which does not use IOMMU >> protected access. >> >> Signed-off-by: Pierre Morel <pmorel at

On 2020-06-10 15:24, Cornelia Huck wrote: > On Wed, 10 Jun 2020 15:11:51 +0200 > Pierre Morel <pmorel at linux.ibm.com> wrote: > >> Protected Virtualisation protects the memory of the guest and >> do not allow a the host to access all of its memory. >> >> Let's refuse a VIRTIO device which does not use IOMMU >> protected access. >> >>

On 2020-06-10 15:24, Cornelia Huck wrote: > On Wed, 10 Jun 2020 15:11:51 +0200 > Pierre Morel <pmorel at linux.ibm.com> wrote: > >> Protected Virtualisation protects the memory of the guest and >> do not allow a the host to access all of its memory. >> >> Let's refuse a VIRTIO device which does not use IOMMU >> protected access. >> >>

On Mon, 15 Jun 2020 11:01:55 +0800 Jason Wang <jasowang at redhat.com> wrote: > > hum, in between I found another way which seems to me much better: > > > > We already have the force_dma_unencrypted() function available which > > AFAIU is what we want for encrypted memory protection and is already > > used by power and x86 SEV/SME in a way that seems AFAIU

Protected Virtualisation protects the memory of the guest and do not allow a the host to access all of its memory. Let's refuse a VIRTIO device which does not use IOMMU protected access. Signed-off-by: Pierre Morel <pmorel at linux.ibm.com> --- drivers/s390/virtio/virtio_ccw.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/drivers/s390/virtio/virtio_ccw.c

Protected Virtualisation protects the memory of the guest and do not allow a the host to access all of its memory. Let's refuse a VIRTIO device which does not use IOMMU protected access. Signed-off-by: Pierre Morel <pmorel at linux.ibm.com> --- drivers/s390/virtio/virtio_ccw.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/drivers/s390/virtio/virtio_ccw.c

On Wed, 10 Jun 2020 16:37:55 +0200 Pierre Morel <pmorel at linux.ibm.com> wrote: > On 2020-06-10 15:24, Cornelia Huck wrote: > > On Wed, 10 Jun 2020 15:11:51 +0200 > > Pierre Morel <pmorel at linux.ibm.com> wrote: > > > >> Protected Virtualisation protects the memory of the guest and > >> do not allow a the host to access all of its memory.

On Wed, 10 Jun 2020 15:11:51 +0200 Pierre Morel <pmorel at linux.ibm.com> wrote: > Protected Virtualisation protects the memory of the guest and > do not allow a the host to access all of its memory. > > Let's refuse a VIRTIO device which does not use IOMMU > protected access. > > Signed-off-by: Pierre Morel <pmorel at linux.ibm.com> > --- >

On 2020/6/10 ??9:11, Pierre Morel wrote: > Protected Virtualisation protects the memory of the guest and > do not allow a the host to access all of its memory. > > Let's refuse a VIRTIO device which does not use IOMMU > protected access. > > Signed-off-by: Pierre Morel <pmorel at linux.ibm.com> > --- > drivers/s390/virtio/virtio_ccw.c | 5 +++++ > 1 file

On 2020-06-16 11:52, Halil Pasic wrote: > On Mon, 15 Jun 2020 14:39:24 +0200 > Pierre Morel <pmorel at linux.ibm.com> wrote: > > I find the subject (commit short) sub optimal. The 'arch' is already > accepting devices 'without IOMMU feature'. What you are introducing is > the ability to reject. > >> An architecture protecting the guest memory

On 2020-06-17 13:22, Heiko Carstens wrote: > On Wed, Jun 17, 2020 at 12:43:57PM +0200, Pierre Morel wrote: >> An architecture protecting the guest memory against unauthorized host >> access may want to enforce VIRTIO I/O device protection through the >> use of VIRTIO_F_IOMMU_PLATFORM. >> >> Let's give a chance to the architecture to accept or not devices

On 2020-06-17 15:36, Tom Lendacky wrote: > On 6/17/20 5:43 AM, Pierre Morel wrote: >> An architecture protecting the guest memory against unauthorized host >> access may want to enforce VIRTIO I/O device protection through the >> use of VIRTIO_F_IOMMU_PLATFORM. >> >> Let's give a chance to the architecture to accept or not devices >> without

On 2020-07-09 10:57, Cornelia Huck wrote: > On Thu, 9 Jul 2020 10:39:19 +0200 > Pierre Morel <pmorel at linux.ibm.com> wrote: > >> If protected virtualization is active on s390, the virtio queues are >> not accessible to the host, unless VIRTIO_F_IOMMU_PLATFORM has been >> negotiated. Use the new arch_validate_virtio_features() interface to >> fail probe if

On 2020-06-16 08:55, Christian Borntraeger wrote: > > > On 15.06.20 14:39, Pierre Morel wrote: >> An architecture protecting the guest memory against unauthorized host >> access may want to enforce VIRTIO I/O device protection through the >> use of VIRTIO_F_IOMMU_PLATFORM. >> >> Let's give a chance to the architecture to accept or not devices >>

gentle ping. On 2020-07-15 13:51, Michael S. Tsirkin wrote: > On Wed, Jul 15, 2020 at 06:16:59PM +0800, Jason Wang wrote: >> >> On 2020/7/15 ??5:50, Michael S. Tsirkin wrote: >>> On Wed, Jul 15, 2020 at 10:31:09AM +0200, Pierre Morel wrote: >>>> If protected virtualization is active on s390, the virtio queues are >>>> not accessible to the host,

On Tue, 16 Jun 2020 12:52:50 +0200 Pierre Morel <pmorel at linux.ibm.com> wrote: > On 2020-06-16 11:52, Halil Pasic wrote: > > On Mon, 15 Jun 2020 14:39:24 +0200 > > Pierre Morel <pmorel at linux.ibm.com> wrote: > >> @@ -162,6 +163,11 @@ bool force_dma_unencrypted(struct device *dev) > >> return is_prot_virt_guest(); > >> } > >>