[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [for-5.2 v4 10/10] s390: Recognize host-trust-limitation option
From: |
Halil Pasic |
Subject: |
Re: [for-5.2 v4 10/10] s390: Recognize host-trust-limitation option |
Date: |
Mon, 7 Sep 2020 17:22:53 +0200 |
On Fri, 24 Jul 2020 12:57:44 +1000
David Gibson <david@gibson.dropbear.id.au> wrote:
> At least some s390 cpu models support "Protected Virtualization" (PV),
> a mechanism to protect guests from eavesdropping by a compromised
> hypervisor.
>
> This is similar in function to other mechanisms like AMD's SEV and
> POWER's PEF, which are controlled bythe "host-trust-limitation"
> machine option. s390 is a slightly special case, because we already
> supported PV, simply by using a CPU model with the required feature
> (S390_FEAT_UNPACK).
>
> To integrate this with the option used by other platforms, we
> implement the following compromise:
>
> - When the host-trust-limitation option is set, s390 will recognize
> it, verify that the CPU can support PV (failing if not) and set
> virtio default options necessary for encrypted or protected guests,
> as on other platforms. i.e. if host-trust-limitation is set, we
> will either create a guest capable of entering PV mode, or fail
> outright
Shouldn't we also fail outright if the virtio features are not PV
compatible (invalid configuration)?
I would like to see something like follows as a part of this series.
----------------------------8<--------------------------
From: Halil Pasic <pasic@linux.ibm.com>
Date: Mon, 7 Sep 2020 15:00:17 +0200
Subject: [PATCH] virtio: handle host trust limitation
If host_trust_limitation_enabled() returns true, then emulated virtio
devices must offer VIRTIO_F_ACCESS_PLATFORM, because the device is not
capable of accessing all of the guest memory. Otherwise we are in
violation of the virtio specification.
Let's fail realize if we detect that VIRTIO_F_ACCESS_PLATFORM feature is
obligatory but missing.
Signed-off-by: Halil Pasic <pasic@linux.ibm.com>
---
hw/virtio/virtio.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c
index 5bd2a2f621..19b4b0a37a 100644
--- a/hw/virtio/virtio.c
+++ b/hw/virtio/virtio.c
@@ -27,6 +27,7 @@
#include "hw/virtio/virtio-access.h"
#include "sysemu/dma.h"
#include "sysemu/runstate.h"
+#include "exec/host-trust-limitation.h"
/*
* The alignment to use between consumer and producer parts of vring.
@@ -3618,6 +3619,12 @@ static void virtio_device_realize(DeviceState *dev,
Error **errp)
/* Devices should either use vmsd or the load/save methods */
assert(!vdc->vmsd || !vdc->load);
+ if (host_trust_limitation_enabled(MACHINE(qdev_get_machine()))
+ && !virtio_host_has_feature(vdev, VIRTIO_F_IOMMU_PLATFORM)) {
+ error_setg(&err, "devices without VIRTIO_F_ACCESS_PLATFORM are not
compatible with host trust imitation");
+ error_propagate(errp, err);
+ return;
+ }
if (vdc->realize != NULL) {
vdc->realize(dev, &err);
if (err != NULL) {
--
2.21.0
- Re: [for-5.2 v4 10/10] s390: Recognize host-trust-limitation option,
Halil Pasic <=