From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id D2506C6FD18 for ; Wed, 19 Apr 2023 22:19:38 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 302A890002E; Wed, 19 Apr 2023 18:19:15 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 2B242900003; Wed, 19 Apr 2023 18:19:15 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 179E490002E; Wed, 19 Apr 2023 18:19:15 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id 0277F900003 for ; Wed, 19 Apr 2023 18:19:15 -0400 (EDT) Received: from smtpin17.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay04.hostedemail.com (Postfix) with ESMTP id D44DB1A034E for ; Wed, 19 Apr 2023 22:19:14 +0000 (UTC) X-FDA: 80699557428.17.F458649 Received: from mail-pf1-f177.google.com (mail-pf1-f177.google.com [209.85.210.177]) by imf09.hostedemail.com (Postfix) with ESMTP id 13824140010 for ; Wed, 19 Apr 2023 22:19:12 +0000 (UTC) Authentication-Results: imf09.hostedemail.com; dkim=pass header.d=rivosinc-com.20221208.gappssmtp.com header.s=20221208 header.b=c21zAYv4; spf=pass (imf09.hostedemail.com: domain of atishp@rivosinc.com designates 209.85.210.177 as permitted sender) smtp.mailfrom=atishp@rivosinc.com; dmarc=none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1681942753; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=ecSGlantlLzvA0G9VPQY9TXgG8EZEn7xksLEzRIVmIY=; b=XjQipm/N23jn9qCcOCudgTCjjEV/Zhb/NZ5tRy17v/gySOERAFccAQMwJe5FOis0y8DtcK TFmrXrqYag7Gc9TUemoXVTnN23ihMHtOnQj9y7RPEwhjzgfz2sBFwPn0jS2UKM3Kv11jw1 pdrMidDfRHUJfUeR1DBaYHSllfHk8gc= ARC-Authentication-Results: i=1; imf09.hostedemail.com; dkim=pass header.d=rivosinc-com.20221208.gappssmtp.com header.s=20221208 header.b=c21zAYv4; spf=pass (imf09.hostedemail.com: domain of atishp@rivosinc.com designates 209.85.210.177 as permitted sender) smtp.mailfrom=atishp@rivosinc.com; dmarc=none ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1681942753; a=rsa-sha256; cv=none; b=tY5sVOH79lcdAuxt4NlugDfpkZNtEw+O8KOqJrW35rjYThIwEZFpeyYVyxRMNNvefGpUGR hYIWZPiAeKaYkq/iF5zZT/gNAak3rDX1TNIQnB/6GCFkyp3sD1KTt1PGPKFb+JPeAG/ppm jsnc63CZA1cZOlEgkFN/C1pfoasJI7c= Received: by mail-pf1-f177.google.com with SMTP id d2e1a72fcca58-63d4595d60fso2918209b3a.0 for ; Wed, 19 Apr 2023 15:19:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rivosinc-com.20221208.gappssmtp.com; s=20221208; t=1681942752; x=1684534752; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=ecSGlantlLzvA0G9VPQY9TXgG8EZEn7xksLEzRIVmIY=; b=c21zAYv4W/8efVpj9s/CrAgsnyC7GRoXBj+SQ9uvGvmMRjbXi9C/l4ApXeL/28qOSL J5ZZ+TVmCUP3cqWaEnHlrNG9d5s4uDtI+r8DS5GpmAI6Te5+PPhg0JPesMsJ6QkBBUKM i2T5E7+u0KUNpPzwSPIgIDhWBA0x55J8INy/+9T5mEzV2Ub7rIt7zSh4bB9QChjdbp48 Ndc6bow+xP/wEEVhqSShIWQJsWlE7p19+1r0llK0omkaJDYaHRCgD+bcV/3pj1FMTVTV cqaMAtAzWTd3lG4iAZAgavUNbrYuLSPh85yDNfwJPgtXxhKdv5Whjg+e3B66BtLz82q2 i0eg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1681942752; x=1684534752; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=ecSGlantlLzvA0G9VPQY9TXgG8EZEn7xksLEzRIVmIY=; b=MIBiR27ZBIZInK/jFslzipOtjQKydZ8q89uvO7YDoQFZChha5Jvx5wDWWneOlZZXeZ ohoJKGAgjmzUxcUMyw1yIXUalW1MM0If13KS0W7ZVECgfhUdgzgKvKB7NXTYBmG3j9k3 zuRiJGreqcpsB6IFHYb4cLZs3hety/lx7xSfeRIFmRiLi1hnKz8q6NflToPa+lUrbDK9 FvvPYiQ1cOA+dBm1t24Gd4d4GlgamjDSlSkv9GeuLR56lMGfnfwyQf0NDvjjcmP0ZDPh O9gNvnrpqxugNIHRgdczHzhki5DClxTxzqvYJdXYZvknK8YLpUly1G4R74ljIoa8rKTQ +LhQ== X-Gm-Message-State: AAQBX9fpi3iimPVyYz0C0gKaJhxoQFbzlV/81BEDGb/hHn72Qngccxms JFhbJY+9fCLQd9CghQ4dMlaxDA== X-Google-Smtp-Source: AKy350YKfPHbIymM6qmHQFNTIkUnRhQSV2hEDBlfRu6z0TKA3ibQ947LdlZE55huq5S43nAipp/NMA== X-Received: by 2002:a17:903:22c7:b0:1a6:3737:750c with SMTP id y7-20020a17090322c700b001a63737750cmr4095049plg.21.1681942751934; Wed, 19 Apr 2023 15:19:11 -0700 (PDT) Received: from atishp.ba.rivosinc.com ([66.220.2.162]) by smtp.gmail.com with ESMTPSA id jn11-20020a170903050b00b00196807b5189sm11619190plb.292.2023.04.19.15.19.09 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 19 Apr 2023 15:19:11 -0700 (PDT) From: Atish Patra To: linux-kernel@vger.kernel.org Cc: Rajnesh Kanwal , Alexandre Ghiti , Andrew Jones , Andrew Morton , Anup Patel , Atish Patra , =?UTF-8?q?Bj=C3=B6rn=20T=C3=B6pel?= , Suzuki K Poulose , Will Deacon , Marc Zyngier , Sean Christopherson , linux-coco@lists.linux.dev, Dylan Reid , abrestic@rivosinc.com, Samuel Ortiz , Christoph Hellwig , Conor Dooley , Greg Kroah-Hartman , Guo Ren , Heiko Stuebner , Jiri Slaby , kvm-riscv@lists.infradead.org, kvm@vger.kernel.org, linux-mm@kvack.org, linux-riscv@lists.infradead.org, Mayuresh Chitale , Palmer Dabbelt , Paolo Bonzini , Paul Walmsley , Uladzislau Rezki Subject: [RFC 46/48] riscv/virtio: Have CoVE guests enforce restricted virtio memory access. Date: Wed, 19 Apr 2023 15:17:14 -0700 Message-Id: <20230419221716.3603068-47-atishp@rivosinc.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20230419221716.3603068-1-atishp@rivosinc.com> References: <20230419221716.3603068-1-atishp@rivosinc.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Rspamd-Server: rspam07 X-Rspamd-Queue-Id: 13824140010 X-Rspam-User: X-Stat-Signature: 9a7odascd7m96j839zxt7dyqqy7z68ha X-HE-Tag: 1681942752-326203 X-HE-Meta: U2FsdGVkX1/WIdI1Fcx6elXw/erlNVM9G0CiRsN6Y3XvLNGJCe7PaGD90sT2JgNRZ7y+bFQj+C3d737NA93XyOHQerSOciVpdo/q9m9l854mvUW6tXg39sLb6yNI/1AuBMUkF/reJqaRTGwHvKJR3s+TZTspMMWw9XI7eYPLI0kTAmnqeKDlLO6jRkJvORYUVFvDTyy6WUaX+OzXuM4cS3QefRfLlEM9Q3QU/K6SlQ6LGo0u5aSGReTEil9DcAiqpJS9BLAGYaXvQEGe0FtJh1ckaXq9T3FHcW4iRkEERSDS7AXyUepe3Py7vJ4VyfU8BWgL45unz+S7roBAGYUBGlh2Ce9m4X0IyUUuuDfSX3nAprtTVy0MJKQqhKNeJRrMqFV1ImqW5yau8SvZ4vYnxrhKbjPGMeph5gIhdTYqm8hjif7ZZ0X4OZfvzS/2AXGnz79n8/AGpvP6BeT3V6BpQ9Y2ZT9CIJF3P0JobQ2Jw06mOUJ/WIdG79ccfATJ3qYZfTeGsPluv25OxoKB+I4vZHxgomiwhkZJUCsEJrs4xqg2GNnKeo+92w6Li/BiD+Q/GKZYdO0Ukqq0J8ssdH7fzC1/LgWEJxqOsTQgdH9hDhI6PGiWfKpSTIc+EYuVCzT4mQ6CcQ/pC5BQ3GkFAaG5qRCkdxy8rBkdgJ9bfrGOpmsTAg3adlyhJFYcVw82Yr95zDWICSz3BDEERzaqPlQRi993/7Rtp8devViA5XUbn8cAH762BErB69aems7Y/LXtxb0C3QatYUd4DvFiLeP4TAhRuSjDMzk4SYWIQIGqX8jQug6i63O3qvRZPhpk9pZ/VhcO169sHxnRaLiL4o+b1K9m8KpsX4AGO7Jp0yyUL6mG8SwOhhwDIViZM4tjJc/Y1i3vdWjpbuIx93YgPrUx6E7E8VlrpWNLeiLDP0GrBSl7EJeoDnzVjZ5ceGgEYlt05+HCXanIopxPvHmkbCf kPk6pbsW IIpuhasPEByVCIO8Th606DGSF7WWGdioSVLoUswc+RWxsivMFnIcDq4Cbkt0iiJtXTpMKesX6lfEsXObEc8QJsO9eh6BidFC8XC4oAlf9d66Q6hSRE2KpEn0LgP3TN7kxgvN8dyezwda2GwlWI49u88aG0v1f2aN2TCIY2u92gT68ruGbtX0zlwuZvuOVb2HqB1xdNtDIGtfMVgxwlp5evS2WacZldvMgBH6Ag8kZNjrIm0IFRgwJ0kumK2WGuLWD0tzY1AjzhQWvr2GgIk7uHry/tTbb7zc933rAk3UqYw6vQdovaZtag+gKqgvuast/KbqNfqfNjFqfGCjkIDh0EZYlTjZYKw81jSAjr4/Wb6KdRnyHFyni3sgKISqDBE7x4sZXbUtAkQVytYLofJMGFuVthlv1KPRUiZ1k0T6GOZ0UBLXK/40SH+3VYBNKmhmCBiHlkKqNHpbbVBEypO6IuaK0VZ8h6UBtVl7eJW4m6jiTfTIUYkhHyooxUw== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: From: Rajnesh Kanwal CoVE guest requires that virtio devices use the DMA API to allow the hypervisor to successfully access guest memory as needed. The VIRTIO_F_VERSION_1 and VIRTIO_F_ACCESS_PLATFORM features tell virtio to use the DMA API. Force to check for these features to fail the device probe if these features have not been set when running as an TEE guest. Signed-off-by: Rajnesh Kanwal --- arch/riscv/mm/mem_encrypt.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/arch/riscv/mm/mem_encrypt.c b/arch/riscv/mm/mem_encrypt.c index 8207a5c..8523c50 100644 --- a/arch/riscv/mm/mem_encrypt.c +++ b/arch/riscv/mm/mem_encrypt.c @@ -10,6 +10,7 @@ #include #include #include +#include #include /* Override for DMA direct allocation check - ARCH_HAS_FORCE_DMA_UNENCRYPTED */ @@ -54,4 +55,7 @@ void __init mem_encrypt_init(void) /* Call into SWIOTLB to update the SWIOTLB DMA buffers */ swiotlb_update_mem_attributes(); + + /* Set restricted memory access for virtio. */ + virtio_set_mem_acc_cb(virtio_require_restricted_mem_acc); } -- 2.25.1