Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp734312pxj; Thu, 3 Jun 2021 18:56:41 -0700 (PDT) X-Google-Smtp-Source: ABdhPJy3b2IQ7XehuPh869bB7LvBDwxjZxv5i//M3KW9XiiCDy6tBjXfeRTZRMvJrq+S3dIVxeG6 X-Received: by 2002:a17:906:848:: with SMTP id f8mr1896979ejd.198.1622771800810; Thu, 03 Jun 2021 18:56:40 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1622771800; cv=none; d=google.com; s=arc-20160816; b=DEWIQfNJjno72TXjEHsgVPrleJS+9J6PeTf7k7W3/eNeFviRqTk9gIJPuqbKbfR6/t PuX7EIa8060/Q77OhtWT5R3pLSH9eY+DMPkw+2IdEHQ78kT/xaf34xVe4SeSGgIx5OmM CJtDPq0trv91/7zh0rpPTq75i98X4DR6SY9kvt8ECFBAbChdRG8pqD3he32aozNQvJqJ bU11Ibnn3iHui6Xv4GPmsLpGTAzeXZXfu9Ta1CZSggFybPHVKZQge3aoWlSq10j7UrC7 hTRjLN3mg1v0F2IcYWB3KwlicrLmTwS/1Bmyr586t2L44G0HA2rMJSDkYD+J1sJ0w3jL NXCQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-language:content-transfer-encoding :in-reply-to:mime-version:user-agent:date:message-id:from:references :cc:to:subject:ironport-sdr:ironport-sdr; bh=3zJ+oHx9PfzB/Ubzrwrz/IxVG8tV7aFpfcFnw9nmQr8=; b=YCCFjWG87DinFfRWCII26jUNMOFThFsmmclu63AlJVsHvoUD8/uHtlHvx6xdCEYhbS CoMe2hzOC2dyP67RAKloXFJXQ7AL/llmZAQvaCP9akDkqsHNgH4eHXUB4XJ5PZU5vNvd JEV4ifs7fHeun+Ubz6j/ZNy8mVHfXj+zLQSmisdyPLXyXBwDCgME5QIMWx0iQY452Tfb edk2AAfIPhg9tXSgvjXdn7a8Ha3s6bFwMbnRui25uN7RQoGoK/0eiJdhRisVZS82pQOk jVQiH6LdJYUiPMF3N4L7n3nqdNb41chH2qmSIiL6xONw9XKYuRkhB/tcb2dTkb7DBOMq Akpg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id s23si3567704edt.365.2021.06.03.18.56.17; Thu, 03 Jun 2021 18:56:40 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229764AbhFDB4w (ORCPT + 99 others); Thu, 3 Jun 2021 21:56:52 -0400 Received: from mga03.intel.com ([134.134.136.65]:1994 "EHLO mga03.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229576AbhFDB4w (ORCPT ); Thu, 3 Jun 2021 21:56:52 -0400 IronPort-SDR: 3XnTYcmaQXOXeoxoe61ium6nHmJkVUFErW3Q4kNd4smIa/MZgi5XvM7jVEFDyFY/aO0tV0n6WL k4O9YqEpmUvA== X-IronPort-AV: E=McAfee;i="6200,9189,10004"; a="204229355" X-IronPort-AV: E=Sophos;i="5.83,246,1616482800"; d="scan'208";a="204229355" Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by orsmga103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 03 Jun 2021 18:54:58 -0700 IronPort-SDR: GIuUhVXRQGGXpdsR8TZ9byLZ0RpOG9Jow67XS70dt0XTNpfjTOwpdL3cfgXqwC33OJXkMLPV2G TVxuxMDYq99g== X-IronPort-AV: E=Sophos;i="5.83,246,1616482800"; d="scan'208";a="550918837" Received: from akleen-mobl1.amr.corp.intel.com (HELO [10.209.7.237]) ([10.209.7.237]) by fmsmga001-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 03 Jun 2021 18:54:56 -0700 Subject: Re: [PATCH v1 1/8] virtio: Force only split mode with protected guest To: Andy Lutomirski , mst@redhat.com Cc: Jason Wang , virtualization@lists.linux-foundation.org, hch@lst.de, m.szyprowski@samsung.com, robin.murphy@arm.com, iommu@lists.linux-foundation.org, the arch/x86 maintainers , sathyanarayanan.kuppuswamy@linux.intel.com, Josh Poimboeuf , Linux Kernel Mailing List References: <20210603004133.4079390-1-ak@linux.intel.com> <20210603004133.4079390-2-ak@linux.intel.com> <2b2dec75-a0c1-4013-ac49-a49f30d5ac3c@www.fastmail.com> <3159e1f4-77cd-e071-b6f2-a2bb83cfc69a@linux.intel.com> <884f34e0-fcd2-bb82-9e9e-4269823fa9b2@linux.intel.com> <308e7187-1ea7-49a7-1083-84cf8654f52a@kernel.org> From: Andi Kleen Message-ID: Date: Thu, 3 Jun 2021 18:54:54 -0700 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.10.2 MIME-Version: 1.0 In-Reply-To: <308e7187-1ea7-49a7-1083-84cf8654f52a@kernel.org> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Content-Language: en-US Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org > For most Linux drivers, a report that a misbehaving device can corrupt > host memory is a bug, not a feature. If a USB device can corrupt kernel > memory, that's a serious bug. If a USB-C device can corrupt kernel > memory, that's also a serious bug, although, sadly, we probably have > lots of these bugs. If a Firewire device can corrupt kernel memory, > news at 11. If a Bluetooth or WiFi peer can corrupt kernel memory, > people write sonnets about it and give it clever names. Why is virtio > special? Well for most cases it's pointless because they don't have any memory protection anyways. Why break compatibility if it does not buy you anything? Anyways if you want to enable the restricted mode for something else, it's easy to do. The cases where it matters seem to already work on it, like the user space virtio ring. My changes for boundary checking are enabled unconditionally anyways, as well as the other patchkits. > > This one: > > int arch_has_restricted_virtio_memory_access(void) > +{ > + return is_tdx_guest(); > +} > > I'm looking at a fairly recent kernel, and I don't see anything for s390 > wired up in vring_use_dma_api. It's not using vring_use_dma_api, but enforces the DMA API at virtio ring setup time, same as SEV/TDX. -Andi