* [PATCH 2/5] vfio: introduce the VFIO_DMA_MAP_FLAG_NOEXEC flag [not found] ` <1413205748-6300-1-git-send-email-a.motakis-lrHrjnjw1UfHK3s98zE1ajGjJy/sRE9J@public.gmane.org> @ 2014-10-13 13:09 ` Antonios Motakis [not found] ` <1413205748-6300-3-git-send-email-a.motakis-lrHrjnjw1UfHK3s98zE1ajGjJy/sRE9J@public.gmane.org> 2014-10-20 21:37 ` Andy Lutomirski 0 siblings, 2 replies; 5+ messages in thread From: Antonios Motakis @ 2014-10-13 13:09 UTC (permalink / raw) To: kvmarm-FPEHb7Xf0XXUo1n7N8X6UoWGPAHP3yOg, iommu-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA, alex.williamson-H+wXaHxf7aLQT0dZR+AlfA Cc: open list:VFIO DRIVER, eric.auger-QSEj5FYQhm4dnm+yROfE0A, marc.zyngier-5wv7dgnIgG8, open list:ABI/API, will.deacon-5wv7dgnIgG8, open list, Antonios Motakis, tech-lrHrjnjw1UfHK3s98zE1ajGjJy/sRE9J, christoffer.dall-QSEj5FYQhm4dnm+yROfE0A We introduce the VFIO_DMA_MAP_FLAG_NOEXEC flag to the VFIO dma map call, and expose its availability via the capability VFIO_DMA_NOEXEC_IOMMU. This way the user can control whether the XN flag will be set on the requested mappings. The IOMMU_NOEXEC flag needs to be available for all the IOMMUs of the container used. Signed-off-by: Antonios Motakis <a.motakis-lrHrjnjw1UfHK3s98zE1ajGjJy/sRE9J@public.gmane.org> --- include/uapi/linux/vfio.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/include/uapi/linux/vfio.h b/include/uapi/linux/vfio.h index 6612974..111b5e8 100644 --- a/include/uapi/linux/vfio.h +++ b/include/uapi/linux/vfio.h @@ -29,6 +29,7 @@ * capability is subject to change as groups are added or removed. */ #define VFIO_DMA_CC_IOMMU 4 +#define VFIO_DMA_NOEXEC_IOMMU 5 /* Check if EEH is supported */ #define VFIO_EEH 5 @@ -401,6 +402,7 @@ struct vfio_iommu_type1_dma_map { __u32 flags; #define VFIO_DMA_MAP_FLAG_READ (1 << 0) /* readable from device */ #define VFIO_DMA_MAP_FLAG_WRITE (1 << 1) /* writable from device */ +#define VFIO_DMA_MAP_FLAG_NOEXEC (1 << 2) /* not executable from device */ __u64 vaddr; /* Process virtual address */ __u64 iova; /* IO virtual address */ __u64 size; /* Size of mapping (bytes) */ -- 2.1.1 ^ permalink raw reply related [flat|nested] 5+ messages in thread
[parent not found: <1413205748-6300-3-git-send-email-a.motakis-lrHrjnjw1UfHK3s98zE1ajGjJy/sRE9J@public.gmane.org>]
* Re: [PATCH 2/5] vfio: introduce the VFIO_DMA_MAP_FLAG_NOEXEC flag [not found] ` <1413205748-6300-3-git-send-email-a.motakis-lrHrjnjw1UfHK3s98zE1ajGjJy/sRE9J@public.gmane.org> @ 2014-10-20 21:29 ` Alex Williamson 2014-10-21 12:17 ` Antonios Motakis 0 siblings, 1 reply; 5+ messages in thread From: Alex Williamson @ 2014-10-20 21:29 UTC (permalink / raw) To: Antonios Motakis Cc: open list:VFIO DRIVER, eric.auger-QSEj5FYQhm4dnm+yROfE0A, marc.zyngier-5wv7dgnIgG8, open list:ABI/API, will.deacon-5wv7dgnIgG8, open list, iommu-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA, tech-lrHrjnjw1UfHK3s98zE1ajGjJy/sRE9J, kvmarm-FPEHb7Xf0XXUo1n7N8X6UoWGPAHP3yOg, christoffer.dall-QSEj5FYQhm4dnm+yROfE0A On Mon, 2014-10-13 at 15:09 +0200, Antonios Motakis wrote: > We introduce the VFIO_DMA_MAP_FLAG_NOEXEC flag to the VFIO dma map call, > and expose its availability via the capability VFIO_DMA_NOEXEC_IOMMU. > This way the user can control whether the XN flag will be set on the > requested mappings. The IOMMU_NOEXEC flag needs to be available for all > the IOMMUs of the container used. > > Signed-off-by: Antonios Motakis <a.motakis-lrHrjnjw1UfHK3s98zE1ajGjJy/sRE9J@public.gmane.org> > --- > include/uapi/linux/vfio.h | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/include/uapi/linux/vfio.h b/include/uapi/linux/vfio.h > index 6612974..111b5e8 100644 > --- a/include/uapi/linux/vfio.h > +++ b/include/uapi/linux/vfio.h > @@ -29,6 +29,7 @@ > * capability is subject to change as groups are added or removed. > */ > #define VFIO_DMA_CC_IOMMU 4 > +#define VFIO_DMA_NOEXEC_IOMMU 5 > > /* Check if EEH is supported */ > #define VFIO_EEH 5 ^^ 5 is still already used. Feel free to convert to enum so we stop making this mistake. > @@ -401,6 +402,7 @@ struct vfio_iommu_type1_dma_map { > __u32 flags; > #define VFIO_DMA_MAP_FLAG_READ (1 << 0) /* readable from device */ > #define VFIO_DMA_MAP_FLAG_WRITE (1 << 1) /* writable from device */ > +#define VFIO_DMA_MAP_FLAG_NOEXEC (1 << 2) /* not executable from device */ > __u64 vaddr; /* Process virtual address */ > __u64 iova; /* IO virtual address */ > __u64 size; /* Size of mapping (bytes) */ ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH 2/5] vfio: introduce the VFIO_DMA_MAP_FLAG_NOEXEC flag 2014-10-20 21:29 ` Alex Williamson @ 2014-10-21 12:17 ` Antonios Motakis 0 siblings, 0 replies; 5+ messages in thread From: Antonios Motakis @ 2014-10-21 12:17 UTC (permalink / raw) To: Alex Williamson Cc: kvm-arm, Linux IOMMU, Will Deacon, VirtualOpenSystems Technical Team, Christoffer Dall, Eric Auger, Kim Phillips, Marc Zyngier, open list:VFIO DRIVER, open list:ABI/API, open list On Mon, Oct 20, 2014 at 11:29 PM, Alex Williamson <alex.williamson@redhat.com> wrote: > On Mon, 2014-10-13 at 15:09 +0200, Antonios Motakis wrote: >> We introduce the VFIO_DMA_MAP_FLAG_NOEXEC flag to the VFIO dma map call, >> and expose its availability via the capability VFIO_DMA_NOEXEC_IOMMU. >> This way the user can control whether the XN flag will be set on the >> requested mappings. The IOMMU_NOEXEC flag needs to be available for all >> the IOMMUs of the container used. >> >> Signed-off-by: Antonios Motakis <a.motakis@virtualopensystems.com> >> --- >> include/uapi/linux/vfio.h | 2 ++ >> 1 file changed, 2 insertions(+) >> >> diff --git a/include/uapi/linux/vfio.h b/include/uapi/linux/vfio.h >> index 6612974..111b5e8 100644 >> --- a/include/uapi/linux/vfio.h >> +++ b/include/uapi/linux/vfio.h >> @@ -29,6 +29,7 @@ >> * capability is subject to change as groups are added or removed. >> */ >> #define VFIO_DMA_CC_IOMMU 4 >> +#define VFIO_DMA_NOEXEC_IOMMU 5 >> >> /* Check if EEH is supported */ >> #define VFIO_EEH 5 > ^^ > 5 is still already used. Feel free to convert to enum so we stop making > this mistake. Oops :) will do. > >> @@ -401,6 +402,7 @@ struct vfio_iommu_type1_dma_map { >> __u32 flags; >> #define VFIO_DMA_MAP_FLAG_READ (1 << 0) /* readable from device */ >> #define VFIO_DMA_MAP_FLAG_WRITE (1 << 1) /* writable from device */ >> +#define VFIO_DMA_MAP_FLAG_NOEXEC (1 << 2) /* not executable from device */ >> __u64 vaddr; /* Process virtual address */ >> __u64 iova; /* IO virtual address */ >> __u64 size; /* Size of mapping (bytes) */ > > > -- Antonios Motakis Virtual Open Systems ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH 2/5] vfio: introduce the VFIO_DMA_MAP_FLAG_NOEXEC flag 2014-10-13 13:09 ` [PATCH 2/5] vfio: introduce the VFIO_DMA_MAP_FLAG_NOEXEC flag Antonios Motakis [not found] ` <1413205748-6300-3-git-send-email-a.motakis-lrHrjnjw1UfHK3s98zE1ajGjJy/sRE9J@public.gmane.org> @ 2014-10-20 21:37 ` Andy Lutomirski [not found] ` <CALCETrWzxjpKrou6J63_T75x=ZEGWCGbc4KEWT_AMvzSQNn1eg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org> 1 sibling, 1 reply; 5+ messages in thread From: Andy Lutomirski @ 2014-10-20 21:37 UTC (permalink / raw) To: Antonios Motakis Cc: kvmarm, iommu, Alex Williamson, Will Deacon, tech, christoffer.dall, eric.auger, kim.phillips, marc.zyngier, open list:VFIO DRIVER, open list:ABI/API, open list On Mon, Oct 13, 2014 at 6:09 AM, Antonios Motakis <a.motakis@virtualopensystems.com> wrote: > We introduce the VFIO_DMA_MAP_FLAG_NOEXEC flag to the VFIO dma map call, > and expose its availability via the capability VFIO_DMA_NOEXEC_IOMMU. > This way the user can control whether the XN flag will be set on the > requested mappings. The IOMMU_NOEXEC flag needs to be available for all > the IOMMUs of the container used. Since you sent this to the linux-api list, I'll bite: what's the XN flag? I know what PROT_EXEC does when you mmap something, and I presume that vfio is mmappable, but I don't actually have any clue what this patch does. I assume that this does not have anything to do with a non-CPU DMA master executing code in main memory, because that makes rather little sense. (Or maybe it really does, in which case: weird.) --Andy ^ permalink raw reply [flat|nested] 5+ messages in thread
[parent not found: <CALCETrWzxjpKrou6J63_T75x=ZEGWCGbc4KEWT_AMvzSQNn1eg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>]
* Re: [PATCH 2/5] vfio: introduce the VFIO_DMA_MAP_FLAG_NOEXEC flag [not found] ` <CALCETrWzxjpKrou6J63_T75x=ZEGWCGbc4KEWT_AMvzSQNn1eg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org> @ 2014-10-21 12:23 ` Antonios Motakis 0 siblings, 0 replies; 5+ messages in thread From: Antonios Motakis @ 2014-10-21 12:23 UTC (permalink / raw) To: Andy Lutomirski Cc: open list:VFIO DRIVER, Eric Auger, Marc Zyngier, open list:ABI/API, Will Deacon, open list, Linux IOMMU, VirtualOpenSystems Technical Team, kvm-arm, Christoffer Dall On Mon, Oct 20, 2014 at 11:37 PM, Andy Lutomirski <luto-kltTT9wpgjJwATOyAt5JVQ@public.gmane.org> wrote: > On Mon, Oct 13, 2014 at 6:09 AM, Antonios Motakis > <a.motakis-lrHrjnjw1UfHK3s98zE1ajGjJy/sRE9J@public.gmane.org> wrote: >> We introduce the VFIO_DMA_MAP_FLAG_NOEXEC flag to the VFIO dma map call, >> and expose its availability via the capability VFIO_DMA_NOEXEC_IOMMU. >> This way the user can control whether the XN flag will be set on the >> requested mappings. The IOMMU_NOEXEC flag needs to be available for all >> the IOMMUs of the container used. > > Since you sent this to the linux-api list, I'll bite: what's the XN > flag? I know what PROT_EXEC does when you mmap something, and I > presume that vfio is mmappable, but I don't actually have any clue > what this patch does. > > I assume that this does not have anything to do with a non-CPU DMA > master executing code in main memory, because that makes rather little > sense. (Or maybe it really does, in which case: weird.) It does actually. For example, the ARM PL330 DMA controller will fetch from memory code with DMA instructions, and it will respect this flag. It is not code that can be executed on the CPU of course, but it is executable on the DMAC. > > --Andy -- Antonios Motakis Virtual Open Systems ^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2014-10-21 12:23 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <1413205748-6300-1-git-send-email-a.motakis@virtualopensystems.com>
[not found] ` <1413205748-6300-1-git-send-email-a.motakis-lrHrjnjw1UfHK3s98zE1ajGjJy/sRE9J@public.gmane.org>
2014-10-13 13:09 ` [PATCH 2/5] vfio: introduce the VFIO_DMA_MAP_FLAG_NOEXEC flag Antonios Motakis
[not found] ` <1413205748-6300-3-git-send-email-a.motakis-lrHrjnjw1UfHK3s98zE1ajGjJy/sRE9J@public.gmane.org>
2014-10-20 21:29 ` Alex Williamson
2014-10-21 12:17 ` Antonios Motakis
2014-10-20 21:37 ` Andy Lutomirski
[not found] ` <CALCETrWzxjpKrou6J63_T75x=ZEGWCGbc4KEWT_AMvzSQNn1eg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-10-21 12:23 ` Antonios Motakis
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).