On 2020/6/10 下午9:11, Pierre Morel wrote:
Protected Virtualisation protects the memory of the guest and
do not allow a the host to access all of its memory.
Let's refuse a VIRTIO device which does not use IOMMU
protected access.
Signed-off-by: Pierre Morel <pmorel@xxxxxxxxxxxxx>
---
drivers/s390/virtio/virtio_ccw.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/drivers/s390/virtio/virtio_ccw.c b/drivers/s390/virtio/virtio_ccw.c
index 5730572b52cd..06ffbc96587a 100644
--- a/drivers/s390/virtio/virtio_ccw.c
+++ b/drivers/s390/virtio/virtio_ccw.c
@@ -986,6 +986,11 @@ static void virtio_ccw_set_status(struct virtio_device *vdev, u8 status)
if (!ccw)
return;
+ /* Protected Virtualisation guest needs IOMMU */
+ if (is_prot_virt_guest() &&
+ !__virtio_test_bit(vdev, VIRTIO_F_IOMMU_PLATFORM))
+ status &= ~VIRTIO_CONFIG_S_FEATURES_OK;
+
/* Write the status to the host. */
vcdev->dma_area->status = status;
ccw->cmd_code = CCW_CMD_WRITE_STATUS;
I wonder whether we need move it to virtio core instead of ccw.
I think the other memory protection technologies may suffer from this as
well.
Thanks
_______________________________________________
Virtualization mailing list
Virtualization@xxxxxxxxxxxxxxxxxxxxxxxxxx
https://lists.linuxfoundation.org/mailman/listinfo/virtualization