]>
Commit | Line | Data |
---|---|---|
4de9440f TL |
1 | From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 |
2 | From: Halil Pasic <pasic@linux.ibm.com> | |
3 | Date: Mon, 7 Feb 2022 12:28:57 +0100 | |
4 | Subject: [PATCH] virtio: fix the condition for iommu_platform not supported | |
5 | ||
6 | The commit 04ceb61a40 ("virtio: Fail if iommu_platform is requested, but | |
7 | unsupported") claims to fail the device hotplug when iommu_platform | |
8 | is requested, but not supported by the (vhost) device. On the first | |
9 | glance the condition for detecting that situation looks perfect, but | |
10 | because a certain peculiarity of virtio_platform it ain't. | |
11 | ||
12 | In fact the aforementioned commit introduces a regression. It breaks | |
13 | virtio-fs support for Secure Execution, and most likely also for AMD SEV | |
14 | or any other confidential guest scenario that relies encrypted guest | |
15 | memory. The same also applies to any other vhost device that does not | |
16 | support _F_ACCESS_PLATFORM. | |
17 | ||
18 | The peculiarity is that iommu_platform and _F_ACCESS_PLATFORM collates | |
19 | "device can not access all of the guest RAM" and "iova != gpa, thus | |
20 | device needs to translate iova". | |
21 | ||
22 | Confidential guest technologies currently rely on the device/hypervisor | |
23 | offering _F_ACCESS_PLATFORM, so that, after the feature has been | |
24 | negotiated, the guest grants access to the portions of memory the | |
25 | device needs to see. So in for confidential guests, generally, | |
26 | _F_ACCESS_PLATFORM is about the restricted access to memory, but not | |
27 | about the addresses used being something else than guest physical | |
28 | addresses. | |
29 | ||
30 | This is the very reason for which commit f7ef7e6e3b ("vhost: correctly | |
31 | turn on VIRTIO_F_IOMMU_PLATFORM") fences _F_ACCESS_PLATFORM from the | |
32 | vhost device that does not need it, because on the vhost interface it | |
33 | only means "I/O address translation is needed". | |
34 | ||
35 | This patch takes inspiration from f7ef7e6e3b ("vhost: correctly turn on | |
36 | VIRTIO_F_IOMMU_PLATFORM"), and uses the same condition for detecting the | |
37 | situation when _F_ACCESS_PLATFORM is requested, but no I/O translation | |
38 | by the device, and thus no device capability is needed. In this | |
39 | situation claiming that the device does not support iommu_plattform=on | |
40 | is counter-productive. So let us stop doing that! | |
41 | ||
42 | Signed-off-by: Halil Pasic <pasic@linux.ibm.com> | |
43 | Reported-by: Jakob Naucke <Jakob.Naucke@ibm.com> | |
44 | Fixes: 04ceb61a40 ("virtio: Fail if iommu_platform is requested, but | |
45 | unsupported") | |
46 | Acked-by: Cornelia Huck <cohuck@redhat.com> | |
47 | Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com> | |
48 | Tested-by: Daniel Henrique Barboza <danielhb413@gmail.com> | |
49 | Cc: Kevin Wolf <kwolf@redhat.com> | |
50 | Cc: qemu-stable@nongnu.org | |
51 | ||
52 | Message-Id: <20220207112857.607829-1-pasic@linux.ibm.com> | |
53 | Reviewed-by: Michael S. Tsirkin <mst@redhat.com> | |
54 | Signed-off-by: Michael S. Tsirkin <mst@redhat.com> | |
55 | Acked-by: Jason Wang <jasowang@redhat.com> | |
56 | (cherry picked from commit e65902a913bf31ba79a83a3bd3621108b85cf645) | |
57 | Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com> | |
58 | --- | |
59 | hw/virtio/virtio-bus.c | 12 +++++++----- | |
60 | 1 file changed, 7 insertions(+), 5 deletions(-) | |
61 | ||
62 | diff --git a/hw/virtio/virtio-bus.c b/hw/virtio/virtio-bus.c | |
63 | index d23db98c56..0f69d1c742 100644 | |
64 | --- a/hw/virtio/virtio-bus.c | |
65 | +++ b/hw/virtio/virtio-bus.c | |
66 | @@ -48,6 +48,7 @@ void virtio_bus_device_plugged(VirtIODevice *vdev, Error **errp) | |
67 | VirtioBusClass *klass = VIRTIO_BUS_GET_CLASS(bus); | |
68 | VirtioDeviceClass *vdc = VIRTIO_DEVICE_GET_CLASS(vdev); | |
69 | bool has_iommu = virtio_host_has_feature(vdev, VIRTIO_F_IOMMU_PLATFORM); | |
70 | + bool vdev_has_iommu; | |
71 | Error *local_err = NULL; | |
72 | ||
73 | DPRINTF("%s: plug device.\n", qbus->name); | |
74 | @@ -69,11 +70,6 @@ void virtio_bus_device_plugged(VirtIODevice *vdev, Error **errp) | |
75 | return; | |
76 | } | |
77 | ||
78 | - if (has_iommu && !virtio_host_has_feature(vdev, VIRTIO_F_IOMMU_PLATFORM)) { | |
79 | - error_setg(errp, "iommu_platform=true is not supported by the device"); | |
80 | - return; | |
81 | - } | |
82 | - | |
83 | if (klass->device_plugged != NULL) { | |
84 | klass->device_plugged(qbus->parent, &local_err); | |
85 | } | |
86 | @@ -82,9 +78,15 @@ void virtio_bus_device_plugged(VirtIODevice *vdev, Error **errp) | |
87 | return; | |
88 | } | |
89 | ||
90 | + vdev_has_iommu = virtio_host_has_feature(vdev, VIRTIO_F_IOMMU_PLATFORM); | |
91 | if (klass->get_dma_as != NULL && has_iommu) { | |
92 | virtio_add_feature(&vdev->host_features, VIRTIO_F_IOMMU_PLATFORM); | |
93 | vdev->dma_as = klass->get_dma_as(qbus->parent); | |
94 | + if (!vdev_has_iommu && vdev->dma_as != &address_space_memory) { | |
95 | + error_setg(errp, | |
96 | + "iommu_platform=true is not supported by the device"); | |
97 | + return; | |
98 | + } | |
99 | } else { | |
100 | vdev->dma_as = &address_space_memory; | |
101 | } |