Commit 251e90e7 authored by Juergen Gross's avatar Juergen Gross
Browse files

xen: don't require virtio with grants for non-PV guests 



Commit fa1f5742 ("xen/virtio: Enable restricted memory access using
Xen grant mappings") introduced a new requirement for using virtio
devices: the backend now needs to support the VIRTIO_F_ACCESS_PLATFORM
feature.

This is an undue requirement for non-PV guests, as those can be operated
with existing backends without any problem, as long as those backends
are running in dom0.

Per default allow virtio devices without grant support for non-PV
guests.

On Arm require VIRTIO_F_ACCESS_PLATFORM for devices having been listed
in the device tree to use grants.

Add a new config item to always force use of grants for virtio.

Fixes: fa1f5742 ("xen/virtio: Enable restricted memory access using Xen grant mappings")
Reported-by: default avatarViresh Kumar <viresh.kumar@linaro.org>
Signed-off-by: default avatarJuergen Gross <jgross@suse.com>
Reviewed-by: default avatarOleksandr Tyshchenko <oleksandr_tyshchenko@epam.com>
Tested-by: Oleksandr Tyshchenko <oleksandr_tyshchenko@epam.com> # Arm64 guest using Xen
Reviewed-by: default avatarStefano Stabellini <sstabellini@kernel.org>
Link: https://lore.kernel.org/r/20220622063838.8854-4-jgross@suse.com


Signed-off-by: default avatarJuergen Gross <jgross@suse.com>
parent a870544c

arch/arm/xen/enlighten.c

+3 −1
Original line number Diff line number Diff line
@@ -34,6 +34,7 @@ 
#include <linux/timekeeping.h>

#include <linux/timekeeper_internal.h>

#include <linux/acpi.h>

#include <linux/virtio_anchor.h>



#include <linux/mm.h>
@@ -443,7 +444,8 @@ static int __init xen_guest_init(void) 
	if (!xen_domain())

		return 0;



	xen_set_restricted_virtio_memory_access();

	if (IS_ENABLED(CONFIG_XEN_VIRTIO))

		virtio_set_mem_acc_cb(xen_virtio_mem_acc);



	if (!acpi_disabled)

		xen_acpi_guest_init();

arch/x86/xen/enlighten_hvm.c

+3 −1
Original line number Diff line number Diff line
@@ -4,6 +4,7 @@ 
#include <linux/cpu.h>

#include <linux/kexec.h>

#include <linux/memblock.h>

#include <linux/virtio_anchor.h>



#include <xen/features.h>

#include <xen/events.h>
@@ -195,7 +196,8 @@ static void __init xen_hvm_guest_init(void) 
	if (xen_pv_domain())

		return;



	xen_set_restricted_virtio_memory_access();

	if (IS_ENABLED(CONFIG_XEN_VIRTIO_FORCE_GRANT))

		virtio_set_mem_acc_cb(virtio_require_restricted_mem_acc);



	init_hvm_pv_info();

arch/x86/xen/enlighten_pv.c

+4 −1
Original line number Diff line number Diff line
@@ -31,6 +31,7 @@ 
#include <linux/gfp.h>

#include <linux/edd.h>

#include <linux/reboot.h>

#include <linux/virtio_anchor.h>



#include <xen/xen.h>

#include <xen/events.h>
@@ -109,7 +110,9 @@ static DEFINE_PER_CPU(struct tls_descs, shadow_tls_desc); 


static void __init xen_pv_init_platform(void)

{

	xen_set_restricted_virtio_memory_access();

	/* PV guests can't operate virtio devices without grants. */

	if (IS_ENABLED(CONFIG_XEN_VIRTIO))

		virtio_set_mem_acc_cb(virtio_require_restricted_mem_acc);



	populate_extra_pte(fix_to_virt(FIX_PARAVIRT_BOOTMAP));

drivers/xen/Kconfig

+9 −0
Original line number Diff line number Diff line
@@ -355,4 +355,13 @@ config XEN_VIRTIO 


	  If in doubt, say n.



config XEN_VIRTIO_FORCE_GRANT

	bool "Require Xen virtio support to use grants"

	depends on XEN_VIRTIO

	help

	  Require virtio for Xen guests to use grant mappings.

	  This will avoid the need to give the backend the right to map all

	  of the guest memory. This will need support on the backend side

	  (e.g. qemu or kernel, depending on the virtio device types used).



endmenu

drivers/xen/grant-dma-ops.c

+10 −0
Original line number Diff line number Diff line
@@ -12,6 +12,8 @@ 
#include <linux/of.h>

#include <linux/pfn.h>

#include <linux/xarray.h>

#include <linux/virtio_anchor.h>

#include <linux/virtio.h>

#include <xen/xen.h>

#include <xen/xen-ops.h>

#include <xen/grant_table.h>
@@ -287,6 +289,14 @@ bool xen_is_grant_dma_device(struct device *dev) 
	return has_iommu;

}



bool xen_virtio_mem_acc(struct virtio_device *dev)

{

	if (IS_ENABLED(CONFIG_XEN_VIRTIO_FORCE_GRANT))

		return true;



	return xen_is_grant_dma_device(dev->dev.parent);

}



void xen_grant_setup_dma_ops(struct device *dev)

{

	struct xen_grant_dma_data *data;