similar to: [PATCH v12 0/2] s390: virtio: let arch validate VIRTIO features

Hi all, The goal of the series is to give a chance to the architecture to validate VIRTIO device features. The tests are back to virtio_finalize_features. No more argument for the architecture callback which only reports if the architecture needs guest memory access restrictions for VIRTIO. I renamed the callback to arch_has_restricted_virtio_memory_access, the config option to

Hi all, The goal of the series is to give a chance to the architecture to validate VIRTIO device features. The tests are back to virtio_finalize_features. No more argument for the architecture callback which only reports if the architecture needs guest memory access restrictions for VIRTIO. I renamed the callback to arch_has_restricted_virtio_memory_access, the config option to

Hi all, The goal of the series is to give a chance to the architecture to validate VIRTIO device features. in this respin: The tests are back to virtio_finalize_features. No more argument for the architecture callback which only reports if the architecture needs guest memory access restrictions for VIRTIO. I renamed the callback to arch_has_restricted_virtio_memory_access, and the config

Hi all, The goal of the series is to give a chance to the architecture to validate VIRTIO device features. The tests are back to virtio_finalize_features. No more argument for the architecture callback which only reports if the architecture needs guest memory access restrictions for VIRTIO. I renamed the callback to arch_has_restricted_virtio_memory_access, and the config option to

Hi all, The goal of the series is to give a chance to the architecture to validate VIRTIO device features. in this respin: I use the original idea from Connie for an optional arch_has_restricted_memory_access. I renamed the callback accordingly, added the definition of ARCH_HAS_RESTRICTED_MEMORY_ACCESS inside the VIRTIO Kconfig and the selection in the PROTECTED_VIRTUALIZATION_GUEST config

Hi all, The goal of the series is to give a chance to the architecture to validate VIRTIO device features. in this respin: 1) I kept removed the ack from Jason as I reworked the patch @Jason, the nature and goal of the patch did not really changed please can I get back your acked-by with these changes? 2) Rewording for warning messages Regards, Pierre Pierre Morel (2):

Hi all, The goal of the series is to give a chance to the architecture to validate VIRTIO device features. in this respin: 1) I kept removed the ack from Jason as I reworked the patch @Jason, the nature and goal of the patch did not really changed please can I get back your acked-by with these changes? 2) Rewording for warning messages Regards, Pierre Pierre Morel (2):

Hi all, The goal of the series is to give a chance to the architecture to validate VIRTIO device features. in this respin: 1) I kept removed the ack from Jason as I reworked the patch @Jason, the nature and goal of the patch did not really changed please can I get back your acked-by with these changes? 2) I suppressed the unnecessary verbosity of the architecture specific

Hi all, I changed the patch subject to reflect the content, becoming more general. 1) I removed the ack from Christian and Jason even far as I understand they gave it for the functionality more than for the implementation. @Jason, @Christian, please can I get back your acked-by with these changes? 2) previous patch had another name: [PATCH v3 0/1] s390: virtio: let arch choose to

On Wed, 19 Aug 2020 18:23:17 +0200 Pierre Morel <pmorel at linux.ibm.com> wrote: > An architecture may restrict host access to guest memory. "e.g. IBM s390 Secure Execution or AMD SEV" Just to make clearer what you are referring to? > > Provide a new Kconfig entry the architecture can select, > CONFIG_ARCH_HAS_RESTRICTED_VIRTIO_MEMORY_ACCESS, when it provides >

On Wed, 19 Aug 2020 18:23:18 +0200 Pierre Morel <pmorel at linux.ibm.com> wrote: > If protected virtualization is active on s390, VIRTIO has retricted s/retricted/only restricted/ > access to the guest memory. > Define CONFIG_ARCH_HAS_RESTRICTED_VIRTIO_MEMORY_ACCESS and export > arch_has_restricted_virtio_memory_access to advertize VIRTIO if that's > the case,

An architecture protecting the guest memory against unauthorized host access may want to enforce VIRTIO I/O device protection through the use of VIRTIO_F_IOMMU_PLATFORM. Let's give a chance to the architecture to accept or not devices without VIRTIO_F_IOMMU_PLATFORM. Pierre Morel (1): s390: virtio: let arch accept devices without IOMMU feature arch/s390/mm/init.c | 6 ++++++

On Wed, Jul 15, 2020 at 06:16:59PM +0800, Jason Wang wrote: > > On 2020/7/15 ??5:50, Michael S. Tsirkin wrote: > > On Wed, Jul 15, 2020 at 10:31:09AM +0200, Pierre Morel wrote: > > > If protected virtualization is active on s390, the virtio queues are > > > not accessible to the host, unless VIRTIO_F_IOMMU_PLATFORM has been > > > negotiated. Use the new

On Wed, Jul 15, 2020 at 06:16:59PM +0800, Jason Wang wrote: > > On 2020/7/15 ??5:50, Michael S. Tsirkin wrote: > > On Wed, Jul 15, 2020 at 10:31:09AM +0200, Pierre Morel wrote: > > > If protected virtualization is active on s390, the virtio queues are > > > not accessible to the host, unless VIRTIO_F_IOMMU_PLATFORM has been > > > negotiated. Use the new

On Thu, 9 Jul 2020 10:39:19 +0200 Pierre Morel <pmorel at linux.ibm.com> wrote: > If protected virtualization is active on s390, the virtio queues are > not accessible to the host, unless VIRTIO_F_IOMMU_PLATFORM has been > negotiated. Use the new arch_validate_virtio_features() interface to > fail probe if that's not the case, preventing a host error on access > attempt

On Thu, 9 Jul 2020 10:39:19 +0200 Pierre Morel <pmorel at linux.ibm.com> wrote: > If protected virtualization is active on s390, the virtio queues are > not accessible to the host, unless VIRTIO_F_IOMMU_PLATFORM has been > negotiated. Use the new arch_validate_virtio_features() interface to > fail probe if that's not the case, preventing a host error on access > attempt

On Wed, Jul 15, 2020 at 10:31:09AM +0200, Pierre Morel wrote: > If protected virtualization is active on s390, the virtio queues are > not accessible to the host, unless VIRTIO_F_IOMMU_PLATFORM has been > negotiated. Use the new arch_validate_virtio_features() interface to > fail probe if that's not the case, preventing a host error on access > attempt. > > Signed-off-by:

On Wed, Jul 15, 2020 at 10:31:09AM +0200, Pierre Morel wrote: > If protected virtualization is active on s390, the virtio queues are > not accessible to the host, unless VIRTIO_F_IOMMU_PLATFORM has been > negotiated. Use the new arch_validate_virtio_features() interface to > fail probe if that's not the case, preventing a host error on access > attempt. > > Signed-off-by:

On 2020/6/12 ??7:38, Pierre Morel wrote: > > > On 2020-06-12 11:21, Pierre Morel wrote: >> >> >> On 2020-06-11 05:10, Jason Wang wrote: >>> >>> On 2020/6/10 ??9:11, Pierre Morel wrote: >>>> Protected Virtualisation protects the memory of the guest and >>>> do not allow a the host to access all of its memory. >>>>

On 2020/6/12 ??7:38, Pierre Morel wrote: > > > On 2020-06-12 11:21, Pierre Morel wrote: >> >> >> On 2020-06-11 05:10, Jason Wang wrote: >>> >>> On 2020/6/10 ??9:11, Pierre Morel wrote: >>>> Protected Virtualisation protects the memory of the guest and >>>> do not allow a the host to access all of its memory. >>>>