From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:54863)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <agraf@suse.de>) id 1X73Vy-0002bE-ME
	for qemu-devel@nongnu.org; Tue, 15 Jul 2014 10:15:37 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <agraf@suse.de>) id 1X73Vr-0002A7-JN
	for qemu-devel@nongnu.org; Tue, 15 Jul 2014 10:15:30 -0400
From: Alexander Graf <agraf@suse.de>
Date: Tue, 15 Jul 2014 16:15:21 +0200
Message-Id: <1405433721-28419-6-git-send-email-agraf@suse.de>
In-Reply-To: <1405433721-28419-1-git-send-email-agraf@suse.de>
References: <1405433721-28419-1-git-send-email-agraf@suse.de>
Subject: [Qemu-devel] [PULL 5/5] sPAPR/IOMMU: Fix TCE entry permission
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-ppc@nongnu.org
Cc: Peter Maydell <peter.maydell@linaro.org>, qemu-devel@nongnu.org, Gavin Shan <gwshan@linux.vnet.ibm.com>

From: Gavin Shan <gwshan@linux.vnet.ibm.com>

The permission of TCE entry should exclude physical base address.
Otherwise, unmapping TCE entry can be interpreted to mapping TCE
entry wrongly for VFIO devices.

Signed-off-by: Gavin Shan <gwshan@linux.vnet.ibm.com>
Acked-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
---
 hw/misc/vfio.c       | 2 +-
 hw/ppc/spapr_iommu.c | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/hw/misc/vfio.c b/hw/misc/vfio.c
index aef4c9c..0b9eba0 100644
--- a/hw/misc/vfio.c
+++ b/hw/misc/vfio.c
@@ -2489,7 +2489,7 @@ static void vfio_iommu_map_notify(Notifier *n, void *data)
         return;
     }
 
-    if (iotlb->perm != IOMMU_NONE) {
+    if ((iotlb->perm & IOMMU_RW) != IOMMU_NONE) {
         vaddr = memory_region_get_ram_ptr(mr) + xlat;
 
         ret = vfio_dma_map(container, iotlb->iova,
diff --git a/hw/ppc/spapr_iommu.c b/hw/ppc/spapr_iommu.c
index 698ae60..f6e32a4 100644
--- a/hw/ppc/spapr_iommu.c
+++ b/hw/ppc/spapr_iommu.c
@@ -81,7 +81,7 @@ static IOMMUTLBEntry spapr_tce_translate_iommu(MemoryRegion *iommu, hwaddr addr)
         ret.iova = addr & page_mask;
         ret.translated_addr = tce & page_mask;
         ret.addr_mask = ~page_mask;
-        ret.perm = tce;
+        ret.perm = tce & IOMMU_RW;
     }
     trace_spapr_iommu_xlate(tcet->liobn, addr, ret.iova, ret.perm,
                             ret.addr_mask);
@@ -223,7 +223,7 @@ static target_ulong put_tce_emu(sPAPRTCETable *tcet, target_ulong ioba,
     entry.iova = ioba & page_mask;
     entry.translated_addr = tce & page_mask;
     entry.addr_mask = ~page_mask;
-    entry.perm = tce;
+    entry.perm = tce & IOMMU_RW;
     memory_region_notify_iommu(&tcet->iommu, entry);
 
     return H_SUCCESS;
-- 
1.8.1.4