[PATCH v9 1/2] virtio: let arch advertise guest's memory access restrictions

Pierre Morel Wed, 19 Aug 2020 09:24:20 -0700

An architecture may restrict host access to guest memory.

Provide a new Kconfig entry the architecture can select,
CONFIG_ARCH_HAS_RESTRICTED_VIRTIO_MEMORY_ACCESS, when it provides
the arch_has_restricted_virtio_memory_access callback to advertise
VIRTIO common code when the architecture restricts memory access
from the host.


Signed-off-by: Pierre Morel <pmo...@linux.ibm.com>
---
 drivers/virtio/Kconfig        |  6 ++++++
 drivers/virtio/virtio.c       | 15 +++++++++++++++
 include/linux/virtio_config.h |  9 +++++++++
 3 files changed, 30 insertions(+)

diff --git a/drivers/virtio/Kconfig b/drivers/virtio/Kconfig
index 5809e5f5b157..509f3b4d8ba1 100644
--- a/drivers/virtio/Kconfig
+++ b/drivers/virtio/Kconfig
@@ -6,6 +6,12 @@ config VIRTIO
          bus, such as CONFIG_VIRTIO_PCI, CONFIG_VIRTIO_MMIO, CONFIG_RPMSG
          or CONFIG_S390_GUEST.
 
+config ARCH_HAS_RESTRICTED_VIRTIO_MEMORY_ACCESS
+       bool
+       help
+         This option is selected by any architecture enforcing
+         VIRTIO_F_IOMMU_PLATFORM
+
 menuconfig VIRTIO_MENU
        bool "Virtio drivers"
        default y
diff --git a/drivers/virtio/virtio.c b/drivers/virtio/virtio.c
index a977e32a88f2..57ca41d77b09 100644
--- a/drivers/virtio/virtio.c
+++ b/drivers/virtio/virtio.c
@@ -176,6 +176,21 @@ int virtio_finalize_features(struct virtio_device *dev)
        if (ret)
                return ret;
 
+       ret = arch_has_restricted_virtio_memory_access();
+       if (ret) {
+               if (!virtio_has_feature(dev, VIRTIO_F_VERSION_1)) {
+                       dev_warn(&dev->dev,
+                                "device must provide VIRTIO_F_VERSION_1\n");
+                       return -ENODEV;
+               }
+
+               if (!virtio_has_feature(dev, VIRTIO_F_IOMMU_PLATFORM)) {
+                       dev_warn(&dev->dev,
+                                "device must provide 
VIRTIO_F_IOMMU_PLATFORM\n");
+                       return -ENODEV;
+               }
+       }
+
        if (!virtio_has_feature(dev, VIRTIO_F_VERSION_1))
                return 0;
 
diff --git a/include/linux/virtio_config.h b/include/linux/virtio_config.h
index bb4cc4910750..e380664642b4 100644
--- a/include/linux/virtio_config.h
+++ b/include/linux/virtio_config.h
@@ -459,4 +459,13 @@ static inline void virtio_cwrite64(struct virtio_device 
*vdev,
                _r;                                                     \
        })
 
+#ifdef CONFIG_ARCH_HAS_RESTRICTED_VIRTIO_MEMORY_ACCESS
+int arch_has_restricted_virtio_memory_access(void);
+#else
+static inline int arch_has_restricted_virtio_memory_access(void)
+{
+       return 0;
+}
+#endif /* CONFIG_ARCH_HAS_RESTRICTED_VIRTIO_MEMORY_ACCESS */
+
 #endif /* _LINUX_VIRTIO_CONFIG_H */
-- 
2.25.1

_______________________________________________
Virtualization mailing list
Virtualization@lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/virtualization

[PATCH v9 1/2] virtio: let arch advertise guest's memory access restrictions

Reply via email to