[pve-qemu.git] / debian / patches / extra / 0017-virtio-fix-the-condition-for-iommu_platform-not-supp.patch

From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Halil Pasic <pasic@linux.ibm.com>
Date: Mon, 7 Feb 2022 12:28:57 +0100
Subject: [PATCH] virtio: fix the condition for iommu_platform not supported

The commit 04ceb61a40 ("virtio: Fail if iommu_platform is requested, but
unsupported") claims to fail the device hotplug when iommu_platform
is requested, but not supported by the (vhost) device. On the first
glance the condition for detecting that situation looks perfect, but
because a certain peculiarity of virtio_platform it ain't.

In fact the aforementioned commit introduces a regression. It breaks
virtio-fs support for Secure Execution, and most likely also for AMD SEV
or any other confidential guest scenario that relies encrypted guest
memory.  The same also applies to any other vhost device that does not
support _F_ACCESS_PLATFORM.

The peculiarity is that iommu_platform and _F_ACCESS_PLATFORM collates
"device can not access all of the guest RAM" and "iova != gpa, thus
device needs to translate iova".

Confidential guest technologies currently rely on the device/hypervisor
offering _F_ACCESS_PLATFORM, so that, after the feature has been
negotiated, the guest  grants access to the portions of memory the
device needs to see. So in for confidential guests, generally,
_F_ACCESS_PLATFORM is about the restricted access to memory, but not
about the addresses used being something else than guest physical
addresses.

This is the very reason for which commit f7ef7e6e3b ("vhost: correctly
turn on VIRTIO_F_IOMMU_PLATFORM") fences _F_ACCESS_PLATFORM from the
vhost device that does not need it, because on the vhost interface it
only means "I/O address translation is needed".

This patch takes inspiration from f7ef7e6e3b ("vhost: correctly turn on
VIRTIO_F_IOMMU_PLATFORM"), and uses the same condition for detecting the
situation when _F_ACCESS_PLATFORM is requested, but no I/O translation
by the device, and thus no device capability is needed. In this
situation claiming that the device does not support iommu_plattform=on
is counter-productive. So let us stop doing that!

Signed-off-by: Halil Pasic <pasic@linux.ibm.com>
Reported-by: Jakob Naucke <Jakob.Naucke@ibm.com>
Fixes: 04ceb61a40 ("virtio: Fail if iommu_platform is requested, but
unsupported")
Acked-by: Cornelia Huck <cohuck@redhat.com>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Tested-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Cc: Kevin Wolf <kwolf@redhat.com>
Cc: qemu-stable@nongnu.org

Message-Id: <20220207112857.607829-1-pasic@linux.ibm.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Acked-by: Jason Wang <jasowang@redhat.com>
(cherry picked from commit e65902a913bf31ba79a83a3bd3621108b85cf645)
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
---
 hw/virtio/virtio-bus.c | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/hw/virtio/virtio-bus.c b/hw/virtio/virtio-bus.c
index d23db98c56..0f69d1c742 100644
--- a/hw/virtio/virtio-bus.c
+++ b/hw/virtio/virtio-bus.c
@@ -48,6 +48,7 @@ void virtio_bus_device_plugged(VirtIODevice *vdev, Error **errp)
     VirtioBusClass *klass = VIRTIO_BUS_GET_CLASS(bus);
     VirtioDeviceClass *vdc = VIRTIO_DEVICE_GET_CLASS(vdev);
     bool has_iommu = virtio_host_has_feature(vdev, VIRTIO_F_IOMMU_PLATFORM);
+    bool vdev_has_iommu;
     Error *local_err = NULL;
 
     DPRINTF("%s: plug device.\n", qbus->name);
@@ -69,11 +70,6 @@ void virtio_bus_device_plugged(VirtIODevice *vdev, Error **errp)
         return;
     }
 
-    if (has_iommu && !virtio_host_has_feature(vdev, VIRTIO_F_IOMMU_PLATFORM)) {
-        error_setg(errp, "iommu_platform=true is not supported by the device");
-        return;
-    }
-
     if (klass->device_plugged != NULL) {
         klass->device_plugged(qbus->parent, &local_err);
     }
@@ -82,9 +78,15 @@ void virtio_bus_device_plugged(VirtIODevice *vdev, Error **errp)
         return;
     }
 
+    vdev_has_iommu = virtio_host_has_feature(vdev, VIRTIO_F_IOMMU_PLATFORM);
     if (klass->get_dma_as != NULL && has_iommu) {
         virtio_add_feature(&vdev->host_features, VIRTIO_F_IOMMU_PLATFORM);
         vdev->dma_as = klass->get_dma_as(qbus->parent);
+        if (!vdev_has_iommu && vdev->dma_as != &address_space_memory) {
+            error_setg(errp,
+                       "iommu_platform=true is not supported by the device");
+            return;
+        }
     } else {
         vdev->dma_as = &address_space_memory;
     }
Commit	Line	Data
4de9440f TL	1	From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
	2	From: Halil Pasic <pasic@linux.ibm.com>
	3	Date: Mon, 7 Feb 2022 12:28:57 +0100
	4	Subject: [PATCH] virtio: fix the condition for iommu_platform not supported
	5
	6	The commit 04ceb61a40 ("virtio: Fail if iommu_platform is requested, but
	7	unsupported") claims to fail the device hotplug when iommu_platform
	8	is requested, but not supported by the (vhost) device. On the first
	9	glance the condition for detecting that situation looks perfect, but
	10	because a certain peculiarity of virtio_platform it ain't.
	11
	12	In fact the aforementioned commit introduces a regression. It breaks
	13	virtio-fs support for Secure Execution, and most likely also for AMD SEV
	14	or any other confidential guest scenario that relies encrypted guest
	15	memory. The same also applies to any other vhost device that does not
	16	support _F_ACCESS_PLATFORM.
	17
	18	The peculiarity is that iommu_platform and _F_ACCESS_PLATFORM collates
	19	"device can not access all of the guest RAM" and "iova != gpa, thus
	20	device needs to translate iova".
	21
	22	Confidential guest technologies currently rely on the device/hypervisor
	23	offering _F_ACCESS_PLATFORM, so that, after the feature has been
	24	negotiated, the guest grants access to the portions of memory the
	25	device needs to see. So in for confidential guests, generally,
	26	_F_ACCESS_PLATFORM is about the restricted access to memory, but not
	27	about the addresses used being something else than guest physical
	28	addresses.
	29
	30	This is the very reason for which commit f7ef7e6e3b ("vhost: correctly
	31	turn on VIRTIO_F_IOMMU_PLATFORM") fences _F_ACCESS_PLATFORM from the
	32	vhost device that does not need it, because on the vhost interface it
	33	only means "I/O address translation is needed".
	34
	35	This patch takes inspiration from f7ef7e6e3b ("vhost: correctly turn on
	36	VIRTIO_F_IOMMU_PLATFORM"), and uses the same condition for detecting the
	37	situation when _F_ACCESS_PLATFORM is requested, but no I/O translation
	38	by the device, and thus no device capability is needed. In this
	39	situation claiming that the device does not support iommu_plattform=on
	40	is counter-productive. So let us stop doing that!
	41
	42	Signed-off-by: Halil Pasic <pasic@linux.ibm.com>
	43	Reported-by: Jakob Naucke <Jakob.Naucke@ibm.com>
	44	Fixes: 04ceb61a40 ("virtio: Fail if iommu_platform is requested, but
	45	unsupported")
	46	Acked-by: Cornelia Huck <cohuck@redhat.com>
	47	Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
	48	Tested-by: Daniel Henrique Barboza <danielhb413@gmail.com>
	49	Cc: Kevin Wolf <kwolf@redhat.com>
	50	Cc: qemu-stable@nongnu.org
	51
	52	Message-Id: <20220207112857.607829-1-pasic@linux.ibm.com>
	53	Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
	54	Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
	55	Acked-by: Jason Wang <jasowang@redhat.com>
	56	(cherry picked from commit e65902a913bf31ba79a83a3bd3621108b85cf645)
	57	Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
	58	---
	59	hw/virtio/virtio-bus.c \| 12 +++++++-----
	60	1 file changed, 7 insertions(+), 5 deletions(-)
	61
	62	diff --git a/hw/virtio/virtio-bus.c b/hw/virtio/virtio-bus.c
	63	index d23db98c56..0f69d1c742 100644
	64	--- a/hw/virtio/virtio-bus.c
65	+++ b/hw/virtio/virtio-bus.c
66	@@ -48,6 +48,7 @@ void virtio_bus_device_plugged(VirtIODevice vdev, Error *errp)
67	VirtioBusClass *klass = VIRTIO_BUS_GET_CLASS(bus);
68	VirtioDeviceClass *vdc = VIRTIO_DEVICE_GET_CLASS(vdev);
69	bool has_iommu = virtio_host_has_feature(vdev, VIRTIO_F_IOMMU_PLATFORM);
70	+ bool vdev_has_iommu;
71	Error *local_err = NULL;
72
73	DPRINTF("%s: plug device.\n", qbus->name);
74	@@ -69,11 +70,6 @@ void virtio_bus_device_plugged(VirtIODevice vdev, Error *errp)
75	return;
76	}
77
78	- if (has_iommu && !virtio_host_has_feature(vdev, VIRTIO_F_IOMMU_PLATFORM)) {
79	- error_setg(errp, "iommu_platform=true is not supported by the device");
80	- return;
81	- }
82	-
83	if (klass->device_plugged != NULL) {
84	klass->device_plugged(qbus->parent, &local_err);
85	}
86	@@ -82,9 +78,15 @@ void virtio_bus_device_plugged(VirtIODevice vdev, Error *errp)
87	return;
88	}
89
90	+ vdev_has_iommu = virtio_host_has_feature(vdev, VIRTIO_F_IOMMU_PLATFORM);
91	if (klass->get_dma_as != NULL && has_iommu) {
92	virtio_add_feature(&vdev->host_features, VIRTIO_F_IOMMU_PLATFORM);
93	vdev->dma_as = klass->get_dma_as(qbus->parent);
94	+ if (!vdev_has_iommu && vdev->dma_as != &address_space_memory) {
95	+ error_setg(errp,
96	+ "iommu_platform=true is not supported by the device");
97	+ return;
98	+ }
99	} else {
100	vdev->dma_as = &address_space_memory;
101	}