| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 4 Apr 2022 13:43:44 -0400
From: Matthew Rosato <mjrosato@...ux.ibm.com>
To: linux-s390@...r.kernel.org
Cc: alex.williamson@...hat.com, cohuck@...hat.com,
schnelle@...ux.ibm.com, farman@...ux.ibm.com, pmorel@...ux.ibm.com,
borntraeger@...ux.ibm.com, hca@...ux.ibm.com, gor@...ux.ibm.com,
gerald.schaefer@...ux.ibm.com, agordeev@...ux.ibm.com,
svens@...ux.ibm.com, frankja@...ux.ibm.com, david@...hat.com,
imbrenda@...ux.ibm.com, vneethv@...ux.ibm.com,
oberpar@...ux.ibm.com, freude@...ux.ibm.com, thuth@...hat.com,
pasic@...ux.ibm.com, pbonzini@...hat.com, corbet@....net,
kvm@...r.kernel.org, linux-kernel@...r.kernel.org,
linux-doc@...r.kernel.org
Subject: [PATCH v5 16/21] KVM: vfio: add s390x hook to register KVM guest designation
At the time a KVM is associated with a vfio group, s390x zPCI devices
must register a special guest indication (GISA designation) to allow
for the use of interpretive execution facilities. This indication is
used to ensure that only the specified KVM can interact with the device.
Similarly, the indication must be removed once the KVM is no longer
associated with the device.
This patch adds an s390-specific hook to invoke a KVM registration routine
for each device associated with the iommu group; in reality, it will be a
NOP for all but zPCI devices on s390x.
Signed-off-by: Matthew Rosato <mjrosato@...ux.ibm.com>
---
virt/kvm/vfio.c | 35 ++++++++++++++++++++++++++++++++++-
1 file changed, 34 insertions(+), 1 deletion(-)
diff --git a/virt/kvm/vfio.c b/virt/kvm/vfio.c
index 8fcbc50221c2..2efe5be5a6ee 100644
--- a/virt/kvm/vfio.c
+++ b/virt/kvm/vfio.c
@@ -106,7 +106,7 @@ static bool kvm_vfio_group_is_coherent(struct vfio_group *vfio_group)
return ret > 0;
}
-#ifdef CONFIG_SPAPR_TCE_IOMMU
+#if defined(CONFIG_SPAPR_TCE_IOMMU) || defined(CONFIG_S390)
static int kvm_vfio_external_user_iommu_id(struct vfio_group *vfio_group)
{
int (*fn)(struct vfio_group *);
@@ -133,7 +133,9 @@ static struct iommu_group *kvm_vfio_group_get_iommu_group(
return iommu_group_get_by_id(group_id);
}
+#endif
+#ifdef CONFIG_SPAPR_TCE_IOMMU
static void kvm_spapr_tce_release_vfio_group(struct kvm *kvm,
struct vfio_group *vfio_group)
{
@@ -147,6 +149,24 @@ static void kvm_spapr_tce_release_vfio_group(struct kvm *kvm,
}
#endif
+#ifdef CONFIG_S390
+static int kvm_s390_register_kvm(struct vfio_group *vfio_group,
+ struct kvm *kvm)
+{
+ int rc;
+
+ struct iommu_group *grp = kvm_vfio_group_get_iommu_group(vfio_group);
+
+ if (WARN_ON_ONCE(!grp))
+ return -EPERM;
+
+ rc = iommu_group_for_each_dev(grp, kvm, kvm_s390_pci_register_kvm);
+ iommu_group_put(grp);
+
+ return rc;
+}
+#endif
+
/*
* Groups can use the same or different IOMMU domains. If the same then
* adding a new group may change the coherency of groups we've previously
@@ -223,6 +243,16 @@ static int kvm_vfio_set_group(struct kvm_device *dev, long attr, u64 arg)
return -ENOMEM;
}
+#ifdef CONFIG_S390
+ ret = kvm_s390_register_kvm(vfio_group, dev->kvm);
+ if (ret) {
+ kfree(kvg);
+ mutex_unlock(&kv->lock);
+ kvm_vfio_group_put_external_user(vfio_group);
+ return ret;
+ }
+#endif
+
list_add_tail(&kvg->node, &kv->group_list);
kvg->vfio_group = vfio_group;
@@ -258,6 +288,9 @@ static int kvm_vfio_set_group(struct kvm_device *dev, long attr, u64 arg)
#ifdef CONFIG_SPAPR_TCE_IOMMU
kvm_spapr_tce_release_vfio_group(dev->kvm,
kvg->vfio_group);
+#endif
+#ifdef CONFIG_S390
+ kvm_s390_register_kvm(vfio_group, NULL);
#endif
kvm_vfio_group_set_kvm(kvg->vfio_group, NULL);
kvm_vfio_group_put_external_user(kvg->vfio_group);
--
2.27.0
Powered by blists - more mailing lists