| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 15 Jul 2020 07:51:28 -0400
From: "Michael S. Tsirkin" <mst@...hat.com>
To: Jason Wang <jasowang@...hat.com>
Cc: Pierre Morel <pmorel@...ux.ibm.com>, linux-kernel@...r.kernel.org,
pasic@...ux.ibm.com, borntraeger@...ibm.com, frankja@...ux.ibm.com,
cohuck@...hat.com, kvm@...r.kernel.org, linux-s390@...r.kernel.org,
virtualization@...ts.linux-foundation.org, thomas.lendacky@....com,
david@...son.dropbear.id.au, linuxram@...ibm.com,
hca@...ux.ibm.com, gor@...ux.ibm.com
Subject: Re: [PATCH v7 2/2] s390: virtio: PV needs VIRTIO I/O device
protection
On Wed, Jul 15, 2020 at 06:16:59PM +0800, Jason Wang wrote:
>
> On 2020/7/15 下午5:50, Michael S. Tsirkin wrote:
> > On Wed, Jul 15, 2020 at 10:31:09AM +0200, Pierre Morel wrote:
> > > If protected virtualization is active on s390, the virtio queues are
> > > not accessible to the host, unless VIRTIO_F_IOMMU_PLATFORM has been
> > > negotiated. Use the new arch_validate_virtio_features() interface to
> > > fail probe if that's not the case, preventing a host error on access
> > > attempt.
> > >
> > > Signed-off-by: Pierre Morel <pmorel@...ux.ibm.com>
> > > Reviewed-by: Cornelia Huck <cohuck@...hat.com>
> > > Acked-by: Halil Pasic <pasic@...ux.ibm.com>
> > > Acked-by: Christian Borntraeger <borntraeger@...ibm.com>
> > > ---
> > > arch/s390/mm/init.c | 28 ++++++++++++++++++++++++++++
> > > 1 file changed, 28 insertions(+)
> > >
> > > diff --git a/arch/s390/mm/init.c b/arch/s390/mm/init.c
> > > index 6dc7c3b60ef6..d39af6554d4f 100644
> > > --- a/arch/s390/mm/init.c
> > > +++ b/arch/s390/mm/init.c
> > > @@ -45,6 +45,7 @@
> > > #include <asm/kasan.h>
> > > #include <asm/dma-mapping.h>
> > > #include <asm/uv.h>
> > > +#include <linux/virtio_config.h>
> > > pgd_t swapper_pg_dir[PTRS_PER_PGD] __section(.bss..swapper_pg_dir);
> > > @@ -161,6 +162,33 @@ bool force_dma_unencrypted(struct device *dev)
> > > return is_prot_virt_guest();
> > > }
> > > +/*
> > > + * arch_validate_virtio_features
> > > + * @dev: the VIRTIO device being added
> > > + *
> > > + * Return an error if required features are missing on a guest running
> > > + * with protected virtualization.
> > > + */
> > > +int arch_validate_virtio_features(struct virtio_device *dev)
> > > +{
> > > + if (!is_prot_virt_guest())
> > > + return 0;
> > > +
> > > + if (!virtio_has_feature(dev, VIRTIO_F_VERSION_1)) {
> > > + dev_warn(&dev->dev,
> > > + "legacy virtio not supported with protected virtualization\n");
> > > + return -ENODEV;
> > > + }
> > > +
> > > + if (!virtio_has_feature(dev, VIRTIO_F_IOMMU_PLATFORM)) {
> > > + dev_warn(&dev->dev,
> > > + "support for limited memory access required for protected virtualization\n");
> > > + return -ENODEV;
> > > + }
> > > +
> > > + return 0;
> > > +}
> > > +
> > > /* protected virtualization */
> > > static void pv_init(void)
> > > {
> > What bothers me here is that arch code depends on virtio now.
> > It works even with a modular virtio when functions are inline,
> > but it seems fragile: e.g. it breaks virtio as an out of tree module,
> > since layout of struct virtio_device can change.
>
>
> The code was only called from virtio.c so it should be fine.
>
> And my understanding is that we don't need to care about the kABI issue
> during upstream development?
>
> Thanks
No, but so far it has been convenient at least for me, for development,
to just be able to unload all of virtio and load a different version.
>
> >
> > I'm not sure what to do with this yet, will try to think about it
> > over the weekend. Thanks!
> >
> >
> > > --
> > > 2.25.1
Powered by blists - more mailing lists