From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:36543)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <gwshan@linux.vnet.ibm.com>) id 1X6f52-0007CM-Nk
	for qemu-devel@nongnu.org; Mon, 14 Jul 2014 08:10:13 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <gwshan@linux.vnet.ibm.com>) id 1X6f4t-0006nv-H1
	for qemu-devel@nongnu.org; Mon, 14 Jul 2014 08:10:04 -0400
Received: from e28smtp04.in.ibm.com ([122.248.162.4]:41064)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <gwshan@linux.vnet.ibm.com>) id 1X6f4s-0006mx-S1
	for qemu-devel@nongnu.org; Mon, 14 Jul 2014 08:09:55 -0400
Received: from /spool/local
	by e28smtp04.in.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use
	Only! Violators will be prosecuted
	for <qemu-devel@nongnu.org> from <gwshan@linux.vnet.ibm.com>;
	Mon, 14 Jul 2014 17:39:51 +0530
Received: from d28relay02.in.ibm.com (d28relay02.in.ibm.com [9.184.220.59])
	by d28dlp01.in.ibm.com (Postfix) with ESMTP id C97BAE0053
	for <qemu-devel@nongnu.org>; Mon, 14 Jul 2014 17:41:19 +0530 (IST)
Received: from d28av01.in.ibm.com (d28av01.in.ibm.com [9.184.220.63])
	by d28relay02.in.ibm.com (8.13.8/8.13.8/NCO v10.0) with ESMTP id
	s6ECBRAv58654930
	for <qemu-devel@nongnu.org>; Mon, 14 Jul 2014 17:41:27 +0530
Received: from d28av01.in.ibm.com (localhost [127.0.0.1])
	by d28av01.in.ibm.com (8.14.4/8.14.4/NCO v10.0 AVout) with ESMTP id
	s6EC9l81014323
	for <qemu-devel@nongnu.org>; Mon, 14 Jul 2014 17:39:48 +0530
From: Gavin Shan <gwshan@linux.vnet.ibm.com>
Date: Mon, 14 Jul 2014 22:09:43 +1000
Message-Id: <1405339783-4501-1-git-send-email-gwshan@linux.vnet.ibm.com>
Subject: [Qemu-devel] [PATCH] sPAPR/IOMMU: Fix TCE entry permission
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org
Cc: aik@ozlabs.ru, alex.williamson@redhat.com, agraf@suse.de, Gavin Shan <gwshan@linux.vnet.ibm.com>

The permission of TCE entry should exclude physical base address.
Otherwise, unmapping TCE entry can be interpreted to mapping TCE
entry wrongly for VFIO devices.

Signed-off-by: Gavin Shan <gwshan@linux.vnet.ibm.com>
---
 hw/misc/vfio.c       | 2 +-
 hw/ppc/spapr_iommu.c | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/hw/misc/vfio.c b/hw/misc/vfio.c
index f9426ef..75ccceb 100644
--- a/hw/misc/vfio.c
+++ b/hw/misc/vfio.c
@@ -2316,7 +2316,7 @@ static void vfio_iommu_map_notify(Notifier *n, void *data)
         return;
     }
 
-    if (iotlb->perm != IOMMU_NONE) {
+    if ((iotlb->perm & IOMMU_RW) != IOMMU_NONE) {
         vaddr = memory_region_get_ram_ptr(mr) + xlat;
 
         ret = vfio_dma_map(container, iotlb->iova,
diff --git a/hw/ppc/spapr_iommu.c b/hw/ppc/spapr_iommu.c
index e603ac1..e223374 100644
--- a/hw/ppc/spapr_iommu.c
+++ b/hw/ppc/spapr_iommu.c
@@ -81,7 +81,7 @@ static IOMMUTLBEntry spapr_tce_translate_iommu(MemoryRegion *iommu, hwaddr addr)
         ret.iova = addr & page_mask;
         ret.translated_addr = tce & page_mask;
         ret.addr_mask = ~page_mask;
-        ret.perm = tce;
+        ret.perm = tce & IOMMU_RW;
     }
     trace_spapr_iommu_xlate(tcet->liobn, addr, ret.iova, ret.perm,
                             ret.addr_mask);
@@ -225,7 +225,7 @@ static target_ulong put_tce_emu(sPAPRTCETable *tcet, target_ulong ioba,
     entry.iova = ioba & page_mask;
     entry.translated_addr = tce & page_mask;
     entry.addr_mask = ~page_mask;
-    entry.perm = tce;
+    entry.perm = tce & IOMMU_RW;
     memory_region_notify_iommu(&tcet->iommu, entry);
 
     return H_SUCCESS;
-- 
1.8.3.2