From c731ffdf9faee74e9522dff06e61cda817902088 Mon Sep 17 00:00:00 2001

From: Halil Pasic <pasic@linux.ibm.com>

Date: Mon, 7 Feb 2022 12:28:57 +0100

Subject: [PATCH 1/2] virtio: fix the condition for iommu_platform not

 supported

MIME-Version: 1.0

Content-Type: text/plain; charset=UTF-8

Content-Transfer-Encoding: 8bit

RH-Author: Dr. David Alan Gilbert <dgilbert@redhat.com>

RH-MergeRequest: 224: virtiofs on s390 secure execution

RH-Bugzilla: 2116302

RH-Acked-by: Thomas Huth <thuth@redhat.com>

RH-Acked-by: Cornelia Huck <cohuck@redhat.com>

RH-Acked-by: Cédric Le Goater <None>

RH-Commit: [1/2] d7edc7e3905a04644c9ff44b0d36122c72068e08

The commit 04ceb61a40 ("virtio: Fail if iommu_platform is requested, but

unsupported") claims to fail the device hotplug when iommu_platform

is requested, but not supported by the (vhost) device. On the first

glance the condition for detecting that situation looks perfect, but

because a certain peculiarity of virtio_platform it ain't.

In fact the aforementioned commit introduces a regression. It breaks

virtio-fs support for Secure Execution, and most likely also for AMD SEV

or any other confidential guest scenario that relies encrypted guest

memory.  The same also applies to any other vhost device that does not

support _F_ACCESS_PLATFORM.

The peculiarity is that iommu_platform and _F_ACCESS_PLATFORM collates

"device can not access all of the guest RAM" and "iova != gpa, thus

device needs to translate iova".

Confidential guest technologies currently rely on the device/hypervisor

offering _F_ACCESS_PLATFORM, so that, after the feature has been

negotiated, the guest  grants access to the portions of memory the

device needs to see. So in for confidential guests, generally,

_F_ACCESS_PLATFORM is about the restricted access to memory, but not

about the addresses used being something else than guest physical

addresses.

This is the very reason for which commit f7ef7e6e3b ("vhost: correctly

turn on VIRTIO_F_IOMMU_PLATFORM") fences _F_ACCESS_PLATFORM from the

vhost device that does not need it, because on the vhost interface it

only means "I/O address translation is needed".

This patch takes inspiration from f7ef7e6e3b ("vhost: correctly turn on

VIRTIO_F_IOMMU_PLATFORM"), and uses the same condition for detecting the

situation when _F_ACCESS_PLATFORM is requested, but no I/O translation

by the device, and thus no device capability is needed. In this

situation claiming that the device does not support iommu_plattform=on

is counter-productive. So let us stop doing that!

Signed-off-by: Halil Pasic <pasic@linux.ibm.com>

Reported-by: Jakob Naucke <Jakob.Naucke@ibm.com>

Fixes: 04ceb61a40 ("virtio: Fail if iommu_platform is requested, but

unsupported")

Acked-by: Cornelia Huck <cohuck@redhat.com>

Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>

Tested-by: Daniel Henrique Barboza <danielhb413@gmail.com>

Cc: Kevin Wolf <kwolf@redhat.com>

Cc: qemu-stable@nongnu.org

Message-Id: <20220207112857.607829-1-pasic@linux.ibm.com>

Reviewed-by: Michael S. Tsirkin <mst@redhat.com>

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

Acked-by: Jason Wang <jasowang@redhat.com>

(cherry picked from commit e65902a913bf31ba79a83a3bd3621108b85cf645)

---

 hw/virtio/virtio-bus.c | 12 +++++++-----

 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/hw/virtio/virtio-bus.c b/hw/virtio/virtio-bus.c

index d23db98c56..0f69d1c742 100644

--- a/hw/virtio/virtio-bus.c

+++ b/hw/virtio/virtio-bus.c

@@ -48,6 +48,7 @@ void virtio_bus_device_plugged(VirtIODevice *vdev, Error **errp)

     VirtioBusClass *klass = VIRTIO_BUS_GET_CLASS(bus);

     VirtioDeviceClass *vdc = VIRTIO_DEVICE_GET_CLASS(vdev);

     bool has_iommu = virtio_host_has_feature(vdev, VIRTIO_F_IOMMU_PLATFORM);

+    bool vdev_has_iommu;

     Error *local_err = NULL;

     DPRINTF("%s: plug device.\n", qbus->name);

@@ -69,11 +70,6 @@ void virtio_bus_device_plugged(VirtIODevice *vdev, Error **errp)

         return;

     }

-    if (has_iommu && !virtio_host_has_feature(vdev, VIRTIO_F_IOMMU_PLATFORM)) {

-        error_setg(errp, "iommu_platform=true is not supported by the device");

-        return;

-    }

-

     if (klass->device_plugged != NULL) {

         klass->device_plugged(qbus->parent, &local_err);

     }

@@ -82,9 +78,15 @@ void virtio_bus_device_plugged(VirtIODevice *vdev, Error **errp)

         return;

     }

+    vdev_has_iommu = virtio_host_has_feature(vdev, VIRTIO_F_IOMMU_PLATFORM);

     if (klass->get_dma_as != NULL && has_iommu) {

         virtio_add_feature(&vdev->host_features, VIRTIO_F_IOMMU_PLATFORM);

         vdev->dma_as = klass->get_dma_as(qbus->parent);

+        if (!vdev_has_iommu && vdev->dma_as != &address_space_memory) {

+            error_setg(errp,

+                       "iommu_platform=true is not supported by the device");

+            return;

+        }

     } else {

         vdev->dma_as = &address_space_memory;

     }

-- 

2.37.3