From nobody Tue May 13 07:23:48 2025 Delivered-To: importer2@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer2=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1646693506017619.7588197272388; Mon, 7 Mar 2022 14:51:46 -0800 (PST) Received: from localhost ([::1]:37670 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1nRMCe-0001tr-RQ for importer2@patchew.org; Mon, 07 Mar 2022 17:51:44 -0500 Received: from eggs.gnu.org ([209.51.188.92]:52626) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nRM6K-00065r-Ro for qemu-devel@nongnu.org; Mon, 07 Mar 2022 17:45:13 -0500 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]:53079) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nRM6J-0005OX-21 for qemu-devel@nongnu.org; Mon, 07 Mar 2022 17:45:12 -0500 Received: from mail-wr1-f72.google.com (mail-wr1-f72.google.com [209.85.221.72]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-114-gUiQ5TKJPfqHCDoOzekFXg-1; Mon, 07 Mar 2022 17:45:09 -0500 Received: by mail-wr1-f72.google.com with SMTP id f14-20020adfc98e000000b001e8593b40b0so4952676wrh.14 for ; Mon, 07 Mar 2022 14:45:08 -0800 (PST) Received: from redhat.com ([2.55.138.228]) by smtp.gmail.com with ESMTPSA id f13-20020adff8cd000000b001f03439743fsm12359207wrq.75.2022.03.07.14.45.05 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 07 Mar 2022 14:45:06 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1646693110; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=TX6EjlT2hSkO078tNRAKGmtPlKuyy6GjReGhr8QOnJA=; b=dmNra4NOtrq5pJZDU0+5FulxZR4GMWqnL/31Tp7ItpMKdUhIRCBQkqBAklSPrpEur9+Sfz 1scagH+ZP0E2vCksFtJq5QUGZPc26a0u3/mp2qAW5bPHjKdljIRWEE19E/DRBZ1X9L7g+a RxT1sRMoO3U3uiccrBEPXWl4hFaIODU= X-MC-Unique: gUiQ5TKJPfqHCDoOzekFXg-1 X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=TX6EjlT2hSkO078tNRAKGmtPlKuyy6GjReGhr8QOnJA=; b=AhZMnAOR5us/VwVz+1BV6FHSsuHt/2z4cr9ENbATMe4+ViJmDt7Tiv+pn3mk1VF9R4 D0K0iefdsPMDyt5JDIen12m7vOkeWqVY/czJD/m+5p7EebXKiwza05f9BotcOdid9Qm9 BqFgrjpGdKp0iN/zrLFu78ohZlfB8EFCHhxvbOAcACxA4Q2WTHUM0dZlz9KbJY1QrU0c 9HjvRD8OcbQVhG5IKHG+CR09QBjrTQKf0ZN1ADMDGQETzOxEGmsO85iSxcykvkXq1AH3 HcLxM6nyyfyV/6eIcsmTlAKt0YCBmz/cX1qsbsyinimzENL9URm2F15Aq4xs75SrhjJA ZQWA== X-Gm-Message-State: AOAM533SfeHKp7uqJlxxzKWCAZOeJZQrIKjZqTwrUzbxGMEUJfX3Th1v RYqXqob8K121zveg/es6SdZLzW8kLu3PL21liMqBXiTqixGTV1BzHDT+8NvviKi2KAo+VKfwh8U fpdO5gUHK+BMN6M4o1VPHUWnTO3n5H0myRSfy1K7XVzw4M5IM2lf7aXpFJAyI X-Received: by 2002:a1c:6a08:0:b0:388:73a2:1548 with SMTP id f8-20020a1c6a08000000b0038873a21548mr949288wmc.163.1646693107515; Mon, 07 Mar 2022 14:45:07 -0800 (PST) X-Google-Smtp-Source: ABdhPJy0uDADHhQppZXFTt7jzomXpiia16xpO73+dka978+o11fP7duhSgjDZTsvE01fmXzu2cLyDQ== X-Received: by 2002:a1c:6a08:0:b0:388:73a2:1548 with SMTP id f8-20020a1c6a08000000b0038873a21548mr949258wmc.163.1646693107199; Mon, 07 Mar 2022 14:45:07 -0800 (PST) Date: Mon, 7 Mar 2022 17:45:04 -0500 From: "Michael S. Tsirkin" To: qemu-devel@nongnu.org Subject: [PULL v4 11/47] virtio: fix the condition for iommu_platform not supported Message-ID: <20220307224357.682101-12-mst@redhat.com> References: <20220307224357.682101-1-mst@redhat.com> MIME-Version: 1.0 In-Reply-To: <20220307224357.682101-1-mst@redhat.com> X-Mailer: git-send-email 2.27.0.106.g8ac3dc51b1 X-Mutt-Fcc: =sent Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=mst@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Disposition: inline Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer2=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.133.124; envelope-from=mst@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -21 X-Spam_score: -2.2 X-Spam_bar: -- X-Spam_report: (-2.2 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.082, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Kevin Wolf , Peter Maydell , Daniel Henrique Barboza , Jason Wang , Cornelia Huck , qemu-stable@nongnu.org, Halil Pasic , Jakob Naucke Errors-To: qemu-devel-bounces+importer2=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1646693506293100002 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Halil Pasic The commit 04ceb61a40 ("virtio: Fail if iommu_platform is requested, but unsupported") claims to fail the device hotplug when iommu_platform is requested, but not supported by the (vhost) device. On the first glance the condition for detecting that situation looks perfect, but because a certain peculiarity of virtio_platform it ain't. In fact the aforementioned commit introduces a regression. It breaks virtio-fs support for Secure Execution, and most likely also for AMD SEV or any other confidential guest scenario that relies encrypted guest memory. The same also applies to any other vhost device that does not support _F_ACCESS_PLATFORM. The peculiarity is that iommu_platform and _F_ACCESS_PLATFORM collates "device can not access all of the guest RAM" and "iova !=3D gpa, thus device needs to translate iova". Confidential guest technologies currently rely on the device/hypervisor offering _F_ACCESS_PLATFORM, so that, after the feature has been negotiated, the guest grants access to the portions of memory the device needs to see. So in for confidential guests, generally, _F_ACCESS_PLATFORM is about the restricted access to memory, but not about the addresses used being something else than guest physical addresses. This is the very reason for which commit f7ef7e6e3b ("vhost: correctly turn on VIRTIO_F_IOMMU_PLATFORM") fences _F_ACCESS_PLATFORM from the vhost device that does not need it, because on the vhost interface it only means "I/O address translation is needed". This patch takes inspiration from f7ef7e6e3b ("vhost: correctly turn on VIRTIO_F_IOMMU_PLATFORM"), and uses the same condition for detecting the situation when _F_ACCESS_PLATFORM is requested, but no I/O translation by the device, and thus no device capability is needed. In this situation claiming that the device does not support iommu_plattform=3Don is counter-productive. So let us stop doing that! Signed-off-by: Halil Pasic Reported-by: Jakob Naucke Fixes: 04ceb61a40 ("virtio: Fail if iommu_platform is requested, but unsupported") Acked-by: Cornelia Huck Reviewed-by: Daniel Henrique Barboza Tested-by: Daniel Henrique Barboza Cc: Kevin Wolf Cc: qemu-stable@nongnu.org Message-Id: <20220207112857.607829-1-pasic@linux.ibm.com> Reviewed-by: Michael S. Tsirkin Signed-off-by: Michael S. Tsirkin Acked-by: Jason Wang --- hw/virtio/virtio-bus.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/hw/virtio/virtio-bus.c b/hw/virtio/virtio-bus.c index d23db98c56..0f69d1c742 100644 --- a/hw/virtio/virtio-bus.c +++ b/hw/virtio/virtio-bus.c @@ -48,6 +48,7 @@ void virtio_bus_device_plugged(VirtIODevice *vdev, Error = **errp) VirtioBusClass *klass =3D VIRTIO_BUS_GET_CLASS(bus); VirtioDeviceClass *vdc =3D VIRTIO_DEVICE_GET_CLASS(vdev); bool has_iommu =3D virtio_host_has_feature(vdev, VIRTIO_F_IOMMU_PLATFO= RM); + bool vdev_has_iommu; Error *local_err =3D NULL; =20 DPRINTF("%s: plug device.\n", qbus->name); @@ -69,11 +70,6 @@ void virtio_bus_device_plugged(VirtIODevice *vdev, Error= **errp) return; } =20 - if (has_iommu && !virtio_host_has_feature(vdev, VIRTIO_F_IOMMU_PLATFOR= M)) { - error_setg(errp, "iommu_platform=3Dtrue is not supported by the de= vice"); - return; - } - if (klass->device_plugged !=3D NULL) { klass->device_plugged(qbus->parent, &local_err); } @@ -82,9 +78,15 @@ void virtio_bus_device_plugged(VirtIODevice *vdev, Error= **errp) return; } =20 + vdev_has_iommu =3D virtio_host_has_feature(vdev, VIRTIO_F_IOMMU_PLATFO= RM); if (klass->get_dma_as !=3D NULL && has_iommu) { virtio_add_feature(&vdev->host_features, VIRTIO_F_IOMMU_PLATFORM); vdev->dma_as =3D klass->get_dma_as(qbus->parent); + if (!vdev_has_iommu && vdev->dma_as !=3D &address_space_memory) { + error_setg(errp, + "iommu_platform=3Dtrue is not supported by the devi= ce"); + return; + } } else { vdev->dma_as =3D &address_space_memory; } --=20 MST