On Mon, 7 Sep 2020 11:39:07 +0200 Pierre Morel <pmorel@xxxxxxxxxxxxx> wrote: > If protected virtualization is active on s390, VIRTIO has only retricted > access to the guest memory. > Define CONFIG_ARCH_HAS_RESTRICTED_VIRTIO_MEMORY_ACCESS and export > arch_has_restricted_virtio_memory_access to advertize VIRTIO if that's > the case, preventing a host error on access attempt. The description is a little inaccurate, but I don't care hence the r-b. The function arch_has_restricted_virtio_memory_access() returning true can not prevent the host from attempting to access memory if it decides to do so. And as far as I know there was no host error on access attempt. The page gets exported, and the host will operate on the encrypted page. But in the end we do run into trouble, which is usually fatal for the guest (not the host). What we actually do here is the following. If we detect an ill configured device we fail it (device status field), because attempting to drive it is a recipe for disaster. > > Signed-off-by: Pierre Morel <pmorel@xxxxxxxxxxxxx> > Reviewed-by: Cornelia Huck <cohuck@xxxxxxxxxx> Reviewed-by: Halil Pasic <pasic@xxxxxxxxxxxxx>