Received: by 2002:a05:6a10:5bc5:0:0:0:0 with SMTP id os5csp975559pxb; Wed, 27 Oct 2021 16:30:05 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwvt00E1t/h6/c78KDR0PUaIhweN0YUvfHCVqxJgjeaKTPwEN4bXlVBTRe0CHHLJLDESBvo X-Received: by 2002:a17:902:ce85:b0:13e:dfc0:139 with SMTP id f5-20020a170902ce8500b0013edfc00139mr538397plg.80.1635377404989; Wed, 27 Oct 2021 16:30:04 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1635377404; cv=none; d=google.com; s=arc-20160816; b=TbxLzZJWnsva5fCP1tyq1RZVsHbIv+0KfzpIBxO7XOuMbgH1IX6FGab383WLl/7Rh4 pnUV8QSPXH23Zri24LBNyZ0EBjJIgc7q3o1znm9lo5x1k6GAq86EgoFALeJ1uwg1qBv/ dtUJewrF3l1MshP44RpbRIA4DpNUPjCxGu0T/Y4XcYuqPWQn1F20SuKqXraWZ/qP1i8V e1LC0K5R0v/OyqytjEsaOHXXxl9NWF0cBE9Y+qmKbwh3/Wmtarfi3915ylmMCDti7o1H /QszZzMUZL6yYdvUxUks8bIAaCAYA0sK35fgr7M41SzMsi/yrILMmSNNCGsaugTYtzYr ZxHA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:from:subject:mime-version:message-id:date :dkim-signature; bh=uDDw3N5CBHxN32c5VspvkYKtdupefenssD38+djE0Js=; b=tHjUJ6e1tZz+HD0S44UvLBbIyR+AqXZPOaB8uajTNq7ysAsBzDNl9OU88qCn1rzs/T y7DauFCRo8gN1cqyUVoASYgKX0/Wb3+WJUrJeOlp1qqPBXgxAFrwTzjmXISY4J4hexet 8l4hS5yb3TTt+eHOlVXXoPd0XspvBWbtpNRFkdqj35SVyx1bm3sTLDMxe5TE1V0egrw9 afH3sUqQUpwRJVyFInGK8Y2Zi7TB/zhlbcn4e8g26XWNf4Nxx3MAi5v+A3AjcsM5xqWR Pn2nmuBQHpFpdxlMIDT2YfccBZi06pL1PEJQ2kxRiYl2l/jKPV3T7bxQYtdWk01wannU O3xQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=P4EX9mgT; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id mp9si1566547pjb.182.2021.10.27.16.29.52; Wed, 27 Oct 2021 16:30:04 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=P4EX9mgT; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229486AbhJ0XbQ (ORCPT + 99 others); Wed, 27 Oct 2021 19:31:16 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54930 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229437AbhJ0XbP (ORCPT ); Wed, 27 Oct 2021 19:31:15 -0400 Received: from mail-pl1-x64a.google.com (mail-pl1-x64a.google.com [IPv6:2607:f8b0:4864:20::64a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id EC0B1C061570 for ; Wed, 27 Oct 2021 16:28:49 -0700 (PDT) Received: by mail-pl1-x64a.google.com with SMTP id w4-20020a1709029a8400b00138e222b06aso1783600plp.12 for ; Wed, 27 Oct 2021 16:28:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:message-id:mime-version:subject:from:to:cc; bh=uDDw3N5CBHxN32c5VspvkYKtdupefenssD38+djE0Js=; b=P4EX9mgT725zotWLAJ/xneDIPXR7OXLeYE3WwQOc1ez7NAdyFSe2zdkFoV2RUn1ekO x/AM6panIleqYWTm/gdai2XwFoI86mCR4WlEusAdMmva5OqUUR6XcErRMtXXevGQsFIs 4Y4hog8D/58ddpF3SO0kNMp5ZqudZJQ2QKckK+BKEJlC0enHbIT5I7aVR5lsbogINcP/ PAoc5OCUeDqPs+ebz23t+sSvSm80ClDVgMhV4+6ADCl8bkDyp8hz5LF6PfY06jLlVZ3b 8j8NvTOHNkf7PLDMMsoNTNcVPrLwR5NmoPVleTYR1SSvmslc/G7lwrarOkzsCeyJW1RN Rcow== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:message-id:mime-version:subject:from:to:cc; bh=uDDw3N5CBHxN32c5VspvkYKtdupefenssD38+djE0Js=; b=oKsC0sxHTPu6nDhatk1V8tEBo/1P08kKeLxvXAi9Y5MnR7I975qeKIJM3zKt6myWtV SgPQKzZRvN5PaOaKO4RW57UoLGAqRxJfTx56SUVrb7KjMtn6rUTsZhZ+v9cGgEwOvMKY nJXfdVjA+XFWIeSUXYK8S1BbVuVjjzp9vOj9MWkGytZjH9DWdiPLP2NhD0eXb0Qa3p3N KujFM/L/OQ3WGZhzIfzadiW1HvQHtYYHn9U7DG45FUoBMSNL6sNiMtcbvGkMHk2sW442 M0CZTgJeDgKP9458ajvc08QK9YsisZXsOzNccMExpxiEMvz8BDb3gviGnGPEsdiIg7HU tLXA== X-Gm-Message-State: AOAM532uo+pcDowTxuI/ij3tPurIjyOGHk3H3lC0ld/V2XJQUZCFmMcM 0lQ+AK7U021iPsgM1chHZW5m67jwZijr1tVxYfxMMTywPOTb6ShEZb0CqjU/9H9tgwckm9sLgBb u4Ixz7xjzfDAw8sMSwORYEDDVq9+4P0j/i2Cknvp871irRzPFS0RMkA6x6B+OIuSDaeaXIzfxc4 qCD7UT X-Received: from nehir.kir.corp.google.com ([2620:15c:29:204:9e0:c169:7f1:2eaa]) (user=erdemaktas job=sendgmr) by 2002:a05:6a00:1897:b0:47c:3554:52eb with SMTP id x23-20020a056a00189700b0047c355452ebmr712483pfh.22.1635377329353; Wed, 27 Oct 2021 16:28:49 -0700 (PDT) Date: Wed, 27 Oct 2021 16:28:28 -0700 Message-Id: <20211027232828.2043569-1-erdemaktas@google.com> Mime-Version: 1.0 X-Mailer: git-send-email 2.33.0.1079.g6e70778dc9-goog Subject: [RFC] Add DMA_API support for Virtio devices earlier than VirtIO 1.0 From: Erdem Aktas To: linux-kernel@vger.kernel.org, virtualization@lists.linux-foundation.org Cc: Erdem Aktas , "Michael S. Tsirkin" , Jason Wang Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Enable DMA_API for any VirtIO device earlier than Virtio 1.0 which is the only way for those devices to be configured correctly when memory access is retricted. Virtio devices can use DMA_API to translate guest phsical addresses to device physical addresses if VIRTIO_F_ACCESS_PLATFORM feature is set while the device is being initialized. VIRTIO_F_ACCESS_PLATFORM feature is only supported in VirtIO 1.0 and later devices. This prevents any device using an earlier VirtIO version than Virtio 1.0 to be attached when memory access is restricted ie memory encryption features (AMD SEV [ES/SNP], Intel TDX, etc..) are enabled. Signed-off-by: Erdem Aktas --- I have tested the this patch using linux-stable.git head, 5.15.0-rc6 kernel and scsi disk with virtio 0.95 version with legacy VM and Confidential VM (AMD SEV). I want to get feedback if there is any risk or downside of enabling DMA_API on older virtio drivers when memory encrytion is enabled. drivers/virtio/virtio.c | 7 ++----- include/linux/virtio_config.h | 22 ++++++++++++++-------- 2 files changed, 16 insertions(+), 13 deletions(-) diff --git a/drivers/virtio/virtio.c b/drivers/virtio/virtio.c index 236081afe9a2..71115ba85d07 100644 --- a/drivers/virtio/virtio.c +++ b/drivers/virtio/virtio.c @@ -179,11 +179,8 @@ int virtio_finalize_features(struct virtio_device *dev) if (ret) { if (!virtio_has_feature(dev, VIRTIO_F_VERSION_1)) { dev_warn(&dev->dev, - "device must provide VIRTIO_F_VERSION_1\n"); - return -ENODEV; - } - - if (!virtio_has_feature(dev, VIRTIO_F_ACCESS_PLATFORM)) { + "device does not provide VIRTIO_F_VERSION_1 while restricted memory access is enabled!.\n"); + } else if (!virtio_has_feature(dev, VIRTIO_F_ACCESS_PLATFORM)) { dev_warn(&dev->dev, "device must provide VIRTIO_F_ACCESS_PLATFORM\n"); return -ENODEV; diff --git a/include/linux/virtio_config.h b/include/linux/virtio_config.h index 8519b3ae5d52..6eacb4d43318 100644 --- a/include/linux/virtio_config.h +++ b/include/linux/virtio_config.h @@ -170,6 +170,15 @@ static inline bool virtio_has_feature(const struct virtio_device *vdev, return __virtio_test_bit(vdev, fbit); } +#ifdef CONFIG_ARCH_HAS_RESTRICTED_VIRTIO_MEMORY_ACCESS +int arch_has_restricted_virtio_memory_access(void); +#else +static inline int arch_has_restricted_virtio_memory_access(void) +{ + return 0; +} +#endif /* CONFIG_ARCH_HAS_RESTRICTED_VIRTIO_MEMORY_ACCESS */ + /** * virtio_has_dma_quirk - determine whether this device has the DMA quirk * @vdev: the device @@ -180,6 +189,11 @@ static inline bool virtio_has_dma_quirk(const struct virtio_device *vdev) * Note the reverse polarity of the quirk feature (compared to most * other features), this is for compatibility with legacy systems. */ + if (!virtio_has_feature(vdev, VIRTIO_F_VERSION_1) && + arch_has_restricted_virtio_memory_access()) + return false; + + return !virtio_has_feature(vdev, VIRTIO_F_ACCESS_PLATFORM); } @@ -558,13 +572,5 @@ static inline void virtio_cwrite64(struct virtio_device *vdev, _r; \ }) -#ifdef CONFIG_ARCH_HAS_RESTRICTED_VIRTIO_MEMORY_ACCESS -int arch_has_restricted_virtio_memory_access(void); -#else -static inline int arch_has_restricted_virtio_memory_access(void) -{ - return 0; -} -#endif /* CONFIG_ARCH_HAS_RESTRICTED_VIRTIO_MEMORY_ACCESS */ #endif /* _LINUX_VIRTIO_CONFIG_H */ -- 2.30.2