| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20200716174603-mutt-send-email-mst@kernel.org>
Date: Thu, 16 Jul 2020 17:46:15 -0400
From: "Michael S. Tsirkin" <mst@...hat.com>
To: Christian Borntraeger <borntraeger@...ibm.com>
Cc: Jason Wang <jasowang@...hat.com>,
Pierre Morel <pmorel@...ux.ibm.com>,
linux-kernel@...r.kernel.org, pasic@...ux.ibm.com,
frankja@...ux.ibm.com, cohuck@...hat.com, kvm@...r.kernel.org,
linux-s390@...r.kernel.org,
virtualization@...ts.linux-foundation.org, thomas.lendacky@....com,
david@...son.dropbear.id.au, linuxram@...ibm.com,
hca@...ux.ibm.com, gor@...ux.ibm.com
Subject: Re: [PATCH v7 2/2] s390: virtio: PV needs VIRTIO I/O device
protection
On Thu, Jul 16, 2020 at 01:19:55PM +0200, Christian Borntraeger wrote:
>
>
> On 15.07.20 13:51, Michael S. Tsirkin wrote:
> > On Wed, Jul 15, 2020 at 06:16:59PM +0800, Jason Wang wrote:
> >>
> >> On 2020/7/15 下午5:50, Michael S. Tsirkin wrote:
> >>> On Wed, Jul 15, 2020 at 10:31:09AM +0200, Pierre Morel wrote:
> >>>> If protected virtualization is active on s390, the virtio queues are
> >>>> not accessible to the host, unless VIRTIO_F_IOMMU_PLATFORM has been
> >>>> negotiated. Use the new arch_validate_virtio_features() interface to
> >>>> fail probe if that's not the case, preventing a host error on access
> >>>> attempt.
> >>>>
> >>>> Signed-off-by: Pierre Morel <pmorel@...ux.ibm.com>
> >>>> Reviewed-by: Cornelia Huck <cohuck@...hat.com>
> >>>> Acked-by: Halil Pasic <pasic@...ux.ibm.com>
> >>>> Acked-by: Christian Borntraeger <borntraeger@...ibm.com>
> >>>> ---
> >>>> arch/s390/mm/init.c | 28 ++++++++++++++++++++++++++++
> >>>> 1 file changed, 28 insertions(+)
> >>>>
> >>>> diff --git a/arch/s390/mm/init.c b/arch/s390/mm/init.c
> >>>> index 6dc7c3b60ef6..d39af6554d4f 100644
> >>>> --- a/arch/s390/mm/init.c
> >>>> +++ b/arch/s390/mm/init.c
> >>>> @@ -45,6 +45,7 @@
> >>>> #include <asm/kasan.h>
> >>>> #include <asm/dma-mapping.h>
> >>>> #include <asm/uv.h>
> >>>> +#include <linux/virtio_config.h>
> >>>> pgd_t swapper_pg_dir[PTRS_PER_PGD] __section(.bss..swapper_pg_dir);
> >>>> @@ -161,6 +162,33 @@ bool force_dma_unencrypted(struct device *dev)
> >>>> return is_prot_virt_guest();
> >>>> }
> >>>> +/*
> >>>> + * arch_validate_virtio_features
> >>>> + * @dev: the VIRTIO device being added
> >>>> + *
> >>>> + * Return an error if required features are missing on a guest running
> >>>> + * with protected virtualization.
> >>>> + */
> >>>> +int arch_validate_virtio_features(struct virtio_device *dev)
> >>>> +{
> >>>> + if (!is_prot_virt_guest())
> >>>> + return 0;
> >>>> +
> >>>> + if (!virtio_has_feature(dev, VIRTIO_F_VERSION_1)) {
> >>>> + dev_warn(&dev->dev,
> >>>> + "legacy virtio not supported with protected virtualization\n");
> >>>> + return -ENODEV;
> >>>> + }
> >>>> +
> >>>> + if (!virtio_has_feature(dev, VIRTIO_F_IOMMU_PLATFORM)) {
> >>>> + dev_warn(&dev->dev,
> >>>> + "support for limited memory access required for protected virtualization\n");
> >>>> + return -ENODEV;
> >>>> + }
> >>>> +
> >>>> + return 0;
> >>>> +}
> >>>> +
> >>>> /* protected virtualization */
> >>>> static void pv_init(void)
> >>>> {
> >>> What bothers me here is that arch code depends on virtio now.
> >>> It works even with a modular virtio when functions are inline,
> >>> but it seems fragile: e.g. it breaks virtio as an out of tree module,
> >>> since layout of struct virtio_device can change.
> >>
>
> If you prefer that, we can simply create an arch/s390/kernel/virtio.c ?
How would that address the issues above?
Powered by blists - more mailing lists