From: Antonios Motakis <a.motakis-lrHrjnjw1UfHK3s98zE1ajGjJy/sRE9J@public.gmane.org>
To: alex.williamson-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org,
kvmarm-FPEHb7Xf0XXUo1n7N8X6UoWGPAHP3yOg@public.gmane.org,
iommu-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org
Cc: kvm-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
eric.auger-QSEj5FYQhm4dnm+yROfE0A@public.gmane.org,
open list <linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
will.deacon-5wv7dgnIgG8@public.gmane.org,
a.rigo-lrHrjnjw1UfHK3s98zE1ajGjJy/sRE9J@public.gmane.org,
stuart.yoder-KZfg59tc24xl57MIdRCFDg@public.gmane.org,
Antonios Motakis
<a.motakis-lrHrjnjw1UfHK3s98zE1ajGjJy/sRE9J@public.gmane.org>,
tech-lrHrjnjw1UfHK3s98zE1ajGjJy/sRE9J@public.gmane.org,
christoffer.dall-QSEj5FYQhm4dnm+yROfE0A@public.gmane.org
Subject: [RFC PATCH v6 07/20] vfio/iommu_type1: implement the VFIO_DMA_MAP_FLAG_NOEXEC flag
Date: Thu, 5 Jun 2014 19:03:15 +0200 [thread overview]
Message-ID: <1401987808-23596-8-git-send-email-a.motakis@virtualopensystems.com> (raw)
In-Reply-To: <1401987808-23596-1-git-send-email-a.motakis-lrHrjnjw1UfHK3s98zE1ajGjJy/sRE9J@public.gmane.org>
Some IOMMU drivers, such as the ARM SMMU driver, make available the
IOMMU_NOEXEC flag, to set the page tables for a device as XN (execute never).
This affects devices such as the ARM PL330 DMA Controller, which respects
this flag and will refuse to fetch DMA instructions from memory where the
XN flag has been set.
Signed-off-by: Antonios Motakis <a.motakis-lrHrjnjw1UfHK3s98zE1ajGjJy/sRE9J@public.gmane.org>
---
drivers/vfio/vfio_iommu_type1.c | 30 +++++++++++++++++++++++++++++-
1 file changed, 29 insertions(+), 1 deletion(-)
diff --git a/drivers/vfio/vfio_iommu_type1.c b/drivers/vfio/vfio_iommu_type1.c
index 6673e7b..e2566fd 100644
--- a/drivers/vfio/vfio_iommu_type1.c
+++ b/drivers/vfio/vfio_iommu_type1.c
@@ -80,6 +80,24 @@ struct vfio_group {
struct list_head next;
};
+static int vfio_domains_have_cap_noexec(struct vfio_iommu *iommu)
+{
+ struct vfio_domain *d;
+ int ret = 1;
+
+ mutex_lock(&iommu->lock);
+ list_for_each_entry(d, &iommu->domain_list, next) {
+ if (!iommu_domain_has_cap(d->domain, IOMMU_CAP_NOEXEC)) {
+ ret = 0;
+ break;
+ }
+ }
+ mutex_unlock(&iommu->lock);
+
+ return ret;
+}
+
+
/*
* This code handles mapping and unmapping of user data buffers
* into DMA'ble space using the IOMMU
@@ -542,6 +560,11 @@ static int vfio_dma_do_map(struct vfio_iommu *iommu,
prot |= IOMMU_WRITE;
if (map->flags & VFIO_DMA_MAP_FLAG_READ)
prot |= IOMMU_READ;
+ if (map->flags & VFIO_DMA_MAP_FLAG_NOEXEC) {
+ if (!vfio_domains_have_cap_noexec(iommu))
+ return -EINVAL;
+ prot |= IOMMU_NOEXEC;
+ }
if (!prot)
return -EINVAL; /* No READ/WRITE? */
@@ -899,6 +922,10 @@ static long vfio_iommu_type1_ioctl(void *iommu_data,
if (!iommu)
return 0;
return vfio_domains_have_iommu_cache(iommu);
+ case VFIO_IOMMU_PROT_NOEXEC:
+ if (!iommu)
+ return 0;
+ return vfio_domains_have_cap_noexec(iommu);
default:
return 0;
}
@@ -922,7 +949,8 @@ static long vfio_iommu_type1_ioctl(void *iommu_data,
} else if (cmd == VFIO_IOMMU_MAP_DMA) {
struct vfio_iommu_type1_dma_map map;
uint32_t mask = VFIO_DMA_MAP_FLAG_READ |
- VFIO_DMA_MAP_FLAG_WRITE;
+ VFIO_DMA_MAP_FLAG_WRITE |
+ VFIO_DMA_MAP_FLAG_NOEXEC;
minsz = offsetofend(struct vfio_iommu_type1_dma_map, size);
--
1.8.3.2
next prev parent reply other threads:[~2014-06-05 17:03 UTC|newest]
Thread overview: 55+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-06-05 17:03 [RFC PATCH v6 00/20] VFIO support for platform devices on ARM Antonios Motakis
[not found] ` <1401987808-23596-1-git-send-email-a.motakis-lrHrjnjw1UfHK3s98zE1ajGjJy/sRE9J@public.gmane.org>
2014-06-05 17:03 ` [RFC PATCH v6 01/20] iommu/arm-smmu: change IOMMU_EXEC to IOMMU_NOEXEC Antonios Motakis
2014-06-16 15:04 ` Will Deacon
2014-06-05 17:03 ` [RFC PATCH v6 02/20] iommu: add capability IOMMU_CAP_NOEXEC Antonios Motakis
[not found] ` <1401987808-23596-3-git-send-email-a.motakis-lrHrjnjw1UfHK3s98zE1ajGjJy/sRE9J@public.gmane.org>
2014-06-05 20:03 ` Alex Williamson
[not found] ` <1401998627.9207.227.camel-85EaTFmN5p//9pzu0YdTqQ@public.gmane.org>
2014-06-06 16:35 ` Antonios Motakis
2014-06-05 17:03 ` [RFC PATCH v6 03/20] iommu/arm-smmu: add IOMMU_CAP_NOEXEC to the ARM SMMU driver Antonios Motakis
[not found] ` <1401987808-23596-4-git-send-email-a.motakis-lrHrjnjw1UfHK3s98zE1ajGjJy/sRE9J@public.gmane.org>
2014-06-16 15:04 ` Will Deacon
[not found] ` <20140616150451.GP16758-5wv7dgnIgG8@public.gmane.org>
2014-06-16 15:25 ` Alex Williamson
[not found] ` <1402932328.3707.36.camel-85EaTFmN5p//9pzu0YdTqQ@public.gmane.org>
2014-06-16 15:30 ` Will Deacon
2014-06-05 17:03 ` [RFC PATCH v6 04/20] iommu/arm-smmu: add capability IOMMU_CAP_INTR_REMAP Antonios Motakis
[not found] ` <1401987808-23596-5-git-send-email-a.motakis-lrHrjnjw1UfHK3s98zE1ajGjJy/sRE9J@public.gmane.org>
2014-06-05 18:31 ` Varun Sethi
2014-06-08 10:31 ` Christoffer Dall
2014-06-16 14:53 ` Joerg Roedel
[not found] ` <20140616145344.GD18986-zLv9SwRftAIdnm+yROfE0A@public.gmane.org>
2014-06-16 15:13 ` Will Deacon
[not found] ` <20140616151329.GQ16758-5wv7dgnIgG8@public.gmane.org>
2014-06-16 15:21 ` Joerg Roedel
[not found] ` <20140616152157.GB31771-zLv9SwRftAIdnm+yROfE0A@public.gmane.org>
2014-06-16 15:25 ` Will Deacon
[not found] ` <20140616152526.GR16758-5wv7dgnIgG8@public.gmane.org>
2014-06-16 15:38 ` Joerg Roedel
2014-06-26 18:08 ` Chalamarla, Tirumalesh
2014-06-26 18:15 ` Chalamarla, Tirumalesh
2014-06-26 18:41 ` Chalamarla, Tirumalesh
[not found] ` <b085e02e72dc424d9624c3e810951087-Rl8gF8DaO8QN+Mk3fGG+YBQPvRvOrrxkXA4E9RH9d+qIuWR1G4zioA@public.gmane.org>
2014-06-26 19:00 ` Alex Williamson
2014-06-26 19:10 ` Chalamarla, Tirumalesh
[not found] ` <ec8dbbcb991e4d73b73f4b4f98342445-Rl8gF8DaO8QN+Mk3fGG+YBQPvRvOrrxkXA4E9RH9d+qIuWR1G4zioA@public.gmane.org>
2014-06-26 19:36 ` Alex Williamson
[not found] ` <1403811384.31091.151.camel-85EaTFmN5p//9pzu0YdTqQ@public.gmane.org>
2014-06-27 8:47 ` Will Deacon
2014-06-27 21:57 ` Chalamarla, Tirumalesh
[not found] ` <2645e3a22f5e4ae9994c0ee8fa327cb4-Rl8gF8DaO8QN+Mk3fGG+YBQPvRvOrrxkXA4E9RH9d+qIuWR1G4zioA@public.gmane.org>
2014-06-28 7:05 ` Marc Zyngier
2014-06-16 15:30 ` Alex Williamson
2014-06-05 17:03 ` [RFC PATCH v6 05/20] vfio/iommu_type1: support for platform bus devices on ARM Antonios Motakis
2014-06-05 17:03 ` [RFC PATCH v6 06/20] vfio: introduce the VFIO_DMA_MAP_FLAG_NOEXEC flag Antonios Motakis
2014-06-05 17:03 ` Antonios Motakis [this message]
[not found] ` <1401987808-23596-8-git-send-email-a.motakis-lrHrjnjw1UfHK3s98zE1ajGjJy/sRE9J@public.gmane.org>
2014-06-05 20:48 ` [RFC PATCH v6 07/20] vfio/iommu_type1: implement " Alex Williamson
2014-06-05 17:03 ` [RFC PATCH v6 08/20] driver core: platform: add device binding path 'driver_override' Antonios Motakis
2014-06-05 17:03 ` [RFC PATCH v6 09/20] vfio/platform: initial skeleton of VFIO support for platform devices Antonios Motakis
2014-06-05 17:03 ` [RFC PATCH v6 10/20] vfio/platform: return info for device and its memory mapped IO regions Antonios Motakis
[not found] ` <1401987808-23596-11-git-send-email-a.motakis-lrHrjnjw1UfHK3s98zE1ajGjJy/sRE9J@public.gmane.org>
2014-06-05 21:14 ` Alex Williamson
[not found] ` <1402002841.9207.260.camel-85EaTFmN5p//9pzu0YdTqQ@public.gmane.org>
2014-06-06 16:39 ` Antonios Motakis
2014-06-05 17:03 ` [RFC PATCH v6 11/20] vfio/platform: read and write support for the device fd Antonios Motakis
2014-06-05 17:03 ` [RFC PATCH v6 13/20] vfio/platform: return IRQ info Antonios Motakis
2014-06-05 17:03 ` [RFC PATCH v6 14/20] vfio/platform: initial interrupts support Antonios Motakis
[not found] ` <1401987808-23596-15-git-send-email-a.motakis-lrHrjnjw1UfHK3s98zE1ajGjJy/sRE9J@public.gmane.org>
2014-06-08 10:09 ` Christoffer Dall
2014-09-02 16:07 ` Antonios Motakis
2014-06-05 17:03 ` [RFC PATCH v6 15/20] vfio/platform: support for maskable and automasked interrupts Antonios Motakis
[not found] ` <1401987808-23596-16-git-send-email-a.motakis-lrHrjnjw1UfHK3s98zE1ajGjJy/sRE9J@public.gmane.org>
2014-06-08 10:17 ` Christoffer Dall
2014-09-02 16:06 ` Antonios Motakis
[not found] ` <CAG8rG2z02JPE+D-Bo1puuMPCR=wETciLaBgKT+i1XKQ55U-kYg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-09-10 10:13 ` Christoffer Dall
2014-09-11 17:20 ` Antonios Motakis
2014-06-05 17:03 ` [RFC PATCH v6 16/20] vfio: move eventfd support code for VFIO_PCI to a sepparate file Antonios Motakis
2014-06-05 17:03 ` [RFC PATCH v6 17/20] vfio: add local lock in virqfd instead of depending on VFIO PCI Antonios Motakis
[not found] ` <1401987808-23596-18-git-send-email-a.motakis-lrHrjnjw1UfHK3s98zE1ajGjJy/sRE9J@public.gmane.org>
2014-06-05 22:19 ` Alex Williamson
[not found] ` <1402006750.9207.267.camel-85EaTFmN5p//9pzu0YdTqQ@public.gmane.org>
2014-06-06 16:57 ` Antonios Motakis
2014-06-05 17:03 ` [RFC PATCH v6 18/20] vfio: pass an opaque pointer on virqfd initialization Antonios Motakis
2014-06-05 17:03 ` [RFC PATCH v6 19/20] vfio: initialize the virqfd workqueue in VFIO generic code Antonios Motakis
2014-06-05 17:03 ` [RFC PATCH v6 20/20] vfio/platform: implement IRQ masking/unmasking via an eventfd Antonios Motakis
2014-06-05 17:03 ` [RFC PATCH v6 12/20] vfio/platform: support MMAP of MMIO regions Antonios Motakis
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1401987808-23596-8-git-send-email-a.motakis@virtualopensystems.com \
--to=a.motakis-lrhrjnjw1ufhk3s98ze1ajgjjy/sre9j@public.gmane.org \
--cc=a.rigo-lrHrjnjw1UfHK3s98zE1ajGjJy/sRE9J@public.gmane.org \
--cc=alex.williamson-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=christoffer.dall-QSEj5FYQhm4dnm+yROfE0A@public.gmane.org \
--cc=eric.auger-QSEj5FYQhm4dnm+yROfE0A@public.gmane.org \
--cc=iommu-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org \
--cc=kvm-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=kvmarm-FPEHb7Xf0XXUo1n7N8X6UoWGPAHP3yOg@public.gmane.org \
--cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=stuart.yoder-KZfg59tc24xl57MIdRCFDg@public.gmane.org \
--cc=tech-lrHrjnjw1UfHK3s98zE1ajGjJy/sRE9J@public.gmane.org \
--cc=will.deacon-5wv7dgnIgG8@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).