Xen project Mailing List

Re: CONFIG_XEN_VIRTIO{_FORCE_GRANT} interferes with nested virt

From: Marek Marczykowski-Górecki <marmarek@xxxxxxxxxxxxxxxxxxxxxx>

Date: Wed, 5 Oct 2022 15:25:48 +0200

Cc: xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>

Delivery-date: Wed, 05 Oct 2022 13:25:59 +0000

Feedback-id: i1568416f:Fastmail

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On Wed, Oct 05, 2022 at 02:57:01PM +0200, Juergen Gross wrote: > On 05.10.22 14:41, Marek Marczykowski-Górecki wrote: > > Hi, > > > > When booting Xen with Linux dom0 nested under KVM, > > CONFIG_XEN_VIRTIO_FORCE_GRANT=y makes it unable to use virtio devices > > provided by L0 hypervisor (KVM with qemu). With PV dom0, grants are > > required for virtio even if just CONFIG_XEN_VIRTIO is enabled. > > > > This is probably uncommon corner case, but one that has bitten me in my > > CI setup... I think Xen should set smarter > > virtio_require_restricted_mem_acc(), that enforces it only for devices > > really provided by another Xen VM (not by the "outer host"), but I'm not > > sure how that could be done. Any ideas? > > > > It should be possible to add a boot parameter for that purpose. Using it > would open a security hole, though (basically like all PCI passthrough to > PV guests). What about excluding just dom0? At least currently, there is no way for dom0 to see virtio devices provided by another Xen domU. Something like this: ---8<--- diff --git a/arch/x86/xen/enlighten_pv.c b/arch/x86/xen/enlighten_pv.c index 9b1a58dda935..6ac32b0b3720 100644 --- a/arch/x86/xen/enlighten_pv.c +++ b/arch/x86/xen/enlighten_pv.c @@ -111,7 +111,7 @@ static DEFINE_PER_CPU(struct tls_descs, shadow_tls_desc); static void __init xen_pv_init_platform(void) { /* PV guests can't operate virtio devices without grants. */ - if (IS_ENABLED(CONFIG_XEN_VIRTIO)) + if (IS_ENABLED(CONFIG_XEN_VIRTIO) && !xen_initial_domain()) virtio_set_mem_acc_cb(virtio_require_restricted_mem_acc); populate_extra_pte(fix_to_virt(FIX_PARAVIRT_BOOTMAP)); ---8<--- This BTW raises also a question what will happen on Xen nested inside Xen, when L0 will provide virtio devices to L1. Grants set by L1 dom0 wouldn't work on L0, no? Or maybe this is solved already for pv-shim case? -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab

Attachment: signature.asc
Description: PGP signature

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.