[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH V1 3/6] xen/virtio: Add option to restrict memory access under Xen

To: Oleksandr <olekstysh@xxxxxxxxx>, Christoph Hellwig <hch@xxxxxxxxxxxxx>
From: Boris Ostrovsky <boris.ostrovsky@xxxxxxxxxx>
Date: Sun, 24 Apr 2022 14:08:36 -0400
Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=oracle.com; dmarc=pass action=none header.from=oracle.com; dkim=pass header.d=oracle.com; arc=none
Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=nzMJntI2rKxWeSgLPQUl3FmXqyfq27Cgh/lYk/ng5Y8=; b=YuWE2kJ158yKTscZXnsMUgXhu4+4Q7mBUU5d+xDqLoKhk16mleeN2zpv1BCN2efKlC1e/jCiwI5VsObRhKLNCAGecoThkqfz/a+vythFNy0ztpP5fe0rBgNJNbewxY1pcOOZPKEEehbUHxA1bzGA50TDfzCY9P32TwAgOdBpV30lhCvyheaTZGwITdkkOVp+wBHY82GFW5A1c9i2BRk7GJyh6x2yNT/zvtL7LtmqqZkuUdjU3whkcCrvcDo2KRLrXbHVXVGDr+H5BeWunY/jpBsa+Gdkwa76aBn8khQY0gnbTn7W+qc+SIjQgFB/7swg+7JVCZ/3inau94OzlNBUUA==
Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ip+SE4F1s59zOyY2jyPVw0Rx78IxPnsaKF80baCnVmDjD4v75FYc7euk04vWHaGtr6Oz4cK4jwkX20IaeNXUmEtLkU0BjLqcq0ey5u5xag7VjrH/OyzOuJ1U62IRJRyp7uFwy9h37V0mMngf8tSIpfuNsbBexswM1dIDpGRz98I/puNjXskoyzJ6iqTfxTFRfWQmJDQFWirb1q00pgG8DoAeflfKNIdiShEUmV8QXPTew9SBxzi5c1daHpZbV1NxUJHiLMcEYSq3pWjD0BXeD5DEerYbVeh9JcW8VNE24OY4k/jZDin7NAShzRZPl9UtYpUP7yiVtRRotz1tLaNSIQ==
Cc: xen-devel@xxxxxxxxxxxxxxxxxxxx, x86@xxxxxxxxxx, linux-kernel@xxxxxxxxxxxxxxx, linux-arm-kernel@xxxxxxxxxxxxxxxxxxx, Juergen Gross <jgross@xxxxxxxx>, Dave Hansen <dave.hansen@xxxxxxxxxxxxxxx>, Andy Lutomirski <luto@xxxxxxxxxx>, Peter Zijlstra <peterz@xxxxxxxxxxxxx>, Thomas Gleixner <tglx@xxxxxxxxxxxxx>, Ingo Molnar <mingo@xxxxxxxxxx>, Borislav Petkov <bp@xxxxxxxxx>, "H. Peter Anvin" <hpa@xxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Oleksandr Tyshchenko <oleksandr_tyshchenko@xxxxxxxx>, "Michael S. Tsirkin" <mst@xxxxxxxxxx>
Delivery-date: Sun, 24 Apr 2022 18:11:08 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>


On 4/24/22 12:53 PM, Oleksandr wrote:


On 23.04.22 19:40, Christoph Hellwig wrote:

+
+#ifdef CONFIG_ARCH_HAS_RESTRICTED_VIRTIO_MEMORY_ACCESS
+int arch_has_restricted_virtio_memory_access(void)
+{
+    return (xen_has_restricted_virtio_memory_access() ||
+            cc_platform_has(CC_ATTR_GUEST_MEM_ENCRYPT));
+}

So instead of hardcoding Xen here, this seems like a candidate for
another cc_platform_has flag.



I have a limited knowledge of x86 and Xen on x86.

Would the Xen specific bits fit into Confidential Computing Platform checks? I 
will let Juergen/Boris comment on this.


This is unrelated to confidential so I don't think we can add another CC_ flag.


Would arch/x86/kernel/cpu/hypervisor.c be a better home for this?


-boris

Follow-Ups:
- Re: [PATCH V1 3/6] xen/virtio: Add option to restrict memory access under Xen
  - From: Juergen Gross

References:
- [PATCH V1 0/6] virtio: Solution to restrict memory access under Xen using xen-grant DMA-mapping layer
  - From: Oleksandr Tyshchenko
- [PATCH V1 3/6] xen/virtio: Add option to restrict memory access under Xen
  - From: Oleksandr Tyshchenko
- Re: [PATCH V1 3/6] xen/virtio: Add option to restrict memory access under Xen
  - From: Christoph Hellwig
- Re: [PATCH V1 3/6] xen/virtio: Add option to restrict memory access under Xen
  - From: Oleksandr

Prev by Date: [ovmf test] 169683: regressions - FAIL
Next by Date: [ovmf test] 169684: regressions - FAIL
Previous by thread: Re: [PATCH V1 3/6] xen/virtio: Add option to restrict memory access under Xen
Next by thread: Re: [PATCH V1 3/6] xen/virtio: Add option to restrict memory access under Xen
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.