On Mon, 29 Jun 2020 11:57:14 -0400 "Michael S. Tsirkin" <mst@xxxxxxxxxx> wrote: > On Wed, Jun 17, 2020 at 12:43:57PM +0200, Pierre Morel wrote: > > An architecture protecting the guest memory against unauthorized host > > access may want to enforce VIRTIO I/O device protection through the > > use of VIRTIO_F_IOMMU_PLATFORM. > > > > Let's give a chance to the architecture to accept or not devices > > without VIRTIO_F_IOMMU_PLATFORM. > > > > Signed-off-by: Pierre Morel <pmorel@xxxxxxxxxxxxx> > > Acked-by: Jason Wang <jasowang@xxxxxxxxxx> > > Acked-by: Christian Borntraeger <borntraeger@xxxxxxxxxx> > > --- > > arch/s390/mm/init.c | 6 ++++++ > > drivers/virtio/virtio.c | 22 ++++++++++++++++++++++ > > include/linux/virtio.h | 2 ++ > > 3 files changed, 30 insertions(+) > > @@ -179,6 +194,13 @@ int virtio_finalize_features(struct virtio_device *dev) > > if (!virtio_has_feature(dev, VIRTIO_F_VERSION_1)) > > return 0; > > > > + if (arch_needs_virtio_iommu_platform(dev) && > > + !virtio_has_feature(dev, VIRTIO_F_IOMMU_PLATFORM)) { > > + dev_warn(&dev->dev, > > + "virtio: device must provide VIRTIO_F_IOMMU_PLATFORM\n"); > > + return -ENODEV; > > + } > > + > > virtio_add_status(dev, VIRTIO_CONFIG_S_FEATURES_OK); > > status = dev->config->get_status(dev); > > if (!(status & VIRTIO_CONFIG_S_FEATURES_OK)) { > > Well don't you need to check it *before* VIRTIO_F_VERSION_1, not after? But it's only available with VERSION_1 anyway, isn't it? So it probably also needs to fail when this feature is needed if VERSION_1 has not been negotiated, I think.