On Mon, 6 Jul 2020 15:37:37 +0200
Pierre Morel <pmorel@xxxxxxxxxxxxx> wrote:
> On 2020-07-02 15:03, Pierre Morel wrote:
> >
> >
> > On 2020-06-29 18:05, Cornelia Huck wrote:
> >> On Mon, 29 Jun 2020 11:57:14 -0400
> >> "Michael S. Tsirkin" <mst@xxxxxxxxxx> wrote:
> >>
> >>> On Wed, Jun 17, 2020 at 12:43:57PM +0200, Pierre Morel wrote:
> >>>> An architecture protecting the guest memory against unauthorized host
> >>>> access may want to enforce VIRTIO I/O device protection through the
> >>>> use of VIRTIO_F_IOMMU_PLATFORM.
> >>>>
> >>>> Let's give a chance to the architecture to accept or not devices
> >>>> without VIRTIO_F_IOMMU_PLATFORM.
> >>>>
> >>>> Signed-off-by: Pierre Morel <pmorel@xxxxxxxxxxxxx>
> >>>> Acked-by: Jason Wang <jasowang@xxxxxxxxxx>
> >>>> Acked-by: Christian Borntraeger <borntraeger@xxxxxxxxxx>
> >>>> ---
> >>>> arch/s390/mm/init.c | 6 ++++++
> >>>> drivers/virtio/virtio.c | 22 ++++++++++++++++++++++
> >>>> include/linux/virtio.h | 2 ++
> >>>> 3 files changed, 30 insertions(+)
> >>
> >>>> @@ -179,6 +194,13 @@ int virtio_finalize_features(struct
> >>>> virtio_device *dev)
> >>>> if (!virtio_has_feature(dev, VIRTIO_F_VERSION_1))
> >>>> return 0;
> >>>> + if (arch_needs_virtio_iommu_platform(dev) &&
> >>>> + !virtio_has_feature(dev, VIRTIO_F_IOMMU_PLATFORM)) {
> >>>> + dev_warn(&dev->dev,
> >>>> + "virtio: device must provide VIRTIO_F_IOMMU_PLATFORM\n");
> >>>> + return -ENODEV;
> >>>> + }
> >>>> +
> >>>> virtio_add_status(dev, VIRTIO_CONFIG_S_FEATURES_OK);
> >>>> status = dev->config->get_status(dev);
> >>>> if (!(status & VIRTIO_CONFIG_S_FEATURES_OK)) {
> >>>
> >>> Well don't you need to check it *before* VIRTIO_F_VERSION_1, not after?
> >>
> >> But it's only available with VERSION_1 anyway, isn't it? So it probably
> >> also needs to fail when this feature is needed if VERSION_1 has not been
> >> negotiated, I think.
>
>
> would be something like:
>
> - if (!virtio_has_feature(dev, VIRTIO_F_VERSION_1))
> - return 0;
> + if (!virtio_has_feature(dev, VIRTIO_F_VERSION_1)) {
> + ret = arch_accept_virtio_features(dev);
> + if (ret)
> + dev_warn(&dev->dev,
> + "virtio: device must provide
> VIRTIO_F_VERSION_1\n");
> + return ret;
> + }
That looks wrong; I think we want to validate in all cases. What about:
ret = arch_accept_virtio_features(dev); // this can include checking for
// older or newer features
if (ret)
// assume that the arch callback moaned already
return ret;
if (!virtio_has_feature(dev, VIRTIO_F_VERSION_1))
return 0;
// do the virtio-1 only FEATURES_OK dance
>
>
> just a thought on the function name:
> It becomes more general than just IOMMU_PLATFORM related.
>
> What do you think of:
>
> arch_accept_virtio_features()
Or maybe arch_validate_virtio_features()?
>
> ?
>
> Regards,
> Pierre
>
>
