From: Anthony Liguori <anthony@codemonkey.ws>
To: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Cc: Kevin Wolf <kwolf@redhat.com>,
Paolo Bonzini <pbonzini@redhat.com>,
"Michael S. Tsirkin" <mst@redhat.com>,
qemu-devel@nongnu.org, David Gibson <david@gibson.dropbear.id.au>
Subject: Re: [Qemu-devel] [PATCH 05/13] iommu: Make sglists and dma_bdrv helpers use new universal DMA helpers
Date: Wed, 20 Jun 2012 16:21:14 -0500 [thread overview]
Message-ID: <4FE23ECA.9030204@codemonkey.ws> (raw)
In-Reply-To: <1340087992-2399-6-git-send-email-benh@kernel.crashing.org>
On 06/19/2012 01:39 AM, Benjamin Herrenschmidt wrote:
> From: David Gibson<david@gibson.dropbear.id.au>
>
> dma-helpers.c contains a number of helper functions for doing
> scatter/gather DMA, and various block device related DMA. Currently,
> these directly access guest memory using cpu_physical_memory_*(),
> assuming no IOMMU translation.
>
> This patch updates this code to use the new universal DMA helper
> functions. qemu_sglist_init() now takes a DMAContext * to describe
> the DMA address space in which the scatter/gather will take place.
>
> We minimally update the callers qemu_sglist_init() to pass NULL
> (i.e. no translation, same as current behaviour). Some of those
> callers should pass something else in some cases to allow proper IOMMU
> translation in future, but that will be fixed in later patches.
>
> Cc: Kevin Wolf<kwolf@redhat.com>
> Cc: Michael S. Tsirkin<mst@redhat.com>
> Cc: Paolo Bonzini<pbonzini@redhat.com>
>
> Signed-off-by: David Gibson<david@gibson.dropbear.id.au>
> Signed-off-by: Benjamin Herrenschmidt<benh@kernel.crashing.org>
> ---
> dma-helpers.c | 24 ++++++++++++------------
> dma.h | 3 ++-
> hw/ide/ahci.c | 3 ++-
> hw/ide/macio.c | 4 ++--
> hw/pci.h | 2 +-
> 5 files changed, 19 insertions(+), 17 deletions(-)
>
> diff --git a/dma-helpers.c b/dma-helpers.c
> index 7971a89..2dc4691 100644
> --- a/dma-helpers.c
> +++ b/dma-helpers.c
> @@ -10,12 +10,13 @@
> #include "dma.h"
> #include "trace.h"
>
> -void qemu_sglist_init(QEMUSGList *qsg, int alloc_hint)
> +void qemu_sglist_init(QEMUSGList *qsg, int alloc_hint, DMAContext *dma)
> {
> qsg->sg = g_malloc(alloc_hint * sizeof(ScatterGatherEntry));
> qsg->nsg = 0;
> qsg->nalloc = alloc_hint;
> qsg->size = 0;
> + qsg->dma = dma;
> }
>
> void qemu_sglist_add(QEMUSGList *qsg, dma_addr_t base, dma_addr_t len)
> @@ -74,10 +75,9 @@ static void dma_bdrv_unmap(DMAAIOCB *dbs)
> int i;
>
> for (i = 0; i< dbs->iov.niov; ++i) {
> - cpu_physical_memory_unmap(dbs->iov.iov[i].iov_base,
> - dbs->iov.iov[i].iov_len,
> - dbs->dir != DMA_DIRECTION_TO_DEVICE,
> - dbs->iov.iov[i].iov_len);
> + dma_memory_unmap(dbs->sg->dma, dbs->iov.iov[i].iov_base,
> + dbs->iov.iov[i].iov_len, dbs->dir,
> + dbs->iov.iov[i].iov_len);
> }
> qemu_iovec_reset(&dbs->iov);
> }
> @@ -106,7 +106,7 @@ static void dma_complete(DMAAIOCB *dbs, int ret)
> static void dma_bdrv_cb(void *opaque, int ret)
> {
> DMAAIOCB *dbs = (DMAAIOCB *)opaque;
> - target_phys_addr_t cur_addr, cur_len;
> + dma_addr_t cur_addr, cur_len;
> void *mem;
>
> trace_dma_bdrv_cb(dbs, ret);
> @@ -123,8 +123,7 @@ static void dma_bdrv_cb(void *opaque, int ret)
> while (dbs->sg_cur_index< dbs->sg->nsg) {
> cur_addr = dbs->sg->sg[dbs->sg_cur_index].base + dbs->sg_cur_byte;
> cur_len = dbs->sg->sg[dbs->sg_cur_index].len - dbs->sg_cur_byte;
> - mem = cpu_physical_memory_map(cur_addr,&cur_len,
> - dbs->dir != DMA_DIRECTION_TO_DEVICE);
> + mem = dma_memory_map(dbs->sg->dma, cur_addr,&cur_len, dbs->dir);
> if (!mem)
> break;
> qemu_iovec_add(&dbs->iov, mem, cur_len);
> @@ -209,7 +208,8 @@ BlockDriverAIOCB *dma_bdrv_write(BlockDriverState *bs,
> }
>
>
> -static uint64_t dma_buf_rw(uint8_t *ptr, int32_t len, QEMUSGList *sg, bool to_dev)
> +static uint64_t dma_buf_rw(uint8_t *ptr, int32_t len, QEMUSGList *sg,
> + DMADirection dir)
> {
> uint64_t resid;
> int sg_cur_index;
> @@ -220,7 +220,7 @@ static uint64_t dma_buf_rw(uint8_t *ptr, int32_t len, QEMUSGList *sg, bool to_de
> while (len> 0) {
> ScatterGatherEntry entry = sg->sg[sg_cur_index++];
> int32_t xfer = MIN(len, entry.len);
> - cpu_physical_memory_rw(entry.base, ptr, xfer, !to_dev);
> + dma_memory_rw(sg->dma, entry.base, ptr, xfer, dir);
Again, you return an error but ignore it now.
In the very least, on error you should scrub the passed in buffer to avoid
leaking data to the guest.
You can imagine a malicious guest programming the IOMMU with invalid mappings
and then doing DMA operations in order to read memory from the host QEMU process.
Regards,
Anthony Liguori
next prev parent reply other threads:[~2012-06-20 21:21 UTC|newest]
Thread overview: 63+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-06-19 6:39 [Qemu-devel] [PATCH 00/13] iommu series Benjamin Herrenschmidt
2012-06-19 6:39 ` [Qemu-devel] [PATCH 01/13] Better support for dma_addr_t variables Benjamin Herrenschmidt
2012-06-20 21:14 ` Anthony Liguori
2012-06-20 21:29 ` Benjamin Herrenschmidt
2012-06-21 1:44 ` David Gibson
2012-06-20 22:26 ` Peter Maydell
2012-06-20 22:59 ` Anthony Liguori
2012-06-21 7:54 ` Peter Maydell
2012-06-22 1:58 ` Benjamin Herrenschmidt
2012-06-19 6:39 ` [Qemu-devel] [PATCH 02/13] Implement cpu_physical_memory_set() Benjamin Herrenschmidt
2012-06-20 21:15 ` Anthony Liguori
2012-06-20 21:30 ` Benjamin Herrenschmidt
2012-06-20 21:37 ` Anthony Liguori
2012-06-21 1:45 ` David Gibson
2012-06-21 1:46 ` David Gibson
2012-06-21 2:50 ` Benjamin Herrenschmidt
2012-06-22 1:58 ` Benjamin Herrenschmidt
2012-06-19 6:39 ` [Qemu-devel] [PATCH 03/13] iommu: Add universal DMA helper functions Benjamin Herrenschmidt
2012-06-20 21:16 ` Anthony Liguori
2012-06-20 21:32 ` Michael S. Tsirkin
2012-06-20 21:38 ` Anthony Liguori
2012-06-20 21:42 ` Michael S. Tsirkin
2012-06-20 21:46 ` Anthony Liguori
2012-06-20 22:00 ` Michael S. Tsirkin
2012-06-20 21:33 ` Benjamin Herrenschmidt
2012-06-20 21:40 ` Michael S. Tsirkin
2012-06-20 22:01 ` Anthony Liguori
2012-06-21 1:48 ` David Gibson
2012-06-22 2:02 ` Benjamin Herrenschmidt
2012-06-19 6:39 ` [Qemu-devel] [PATCH 04/13] usb-ohci: Use " Benjamin Herrenschmidt
2012-06-20 21:18 ` Anthony Liguori
2012-06-20 21:36 ` Benjamin Herrenschmidt
2012-06-20 21:40 ` Anthony Liguori
2012-06-20 22:02 ` Benjamin Herrenschmidt
2012-06-21 7:33 ` Michael S. Tsirkin
2012-06-21 12:55 ` Anthony Liguori
2012-06-21 14:10 ` Michael S. Tsirkin
2012-06-22 2:28 ` Benjamin Herrenschmidt
2012-06-21 6:43 ` Gerd Hoffmann
2012-06-19 6:39 ` [Qemu-devel] [PATCH 05/13] iommu: Make sglists and dma_bdrv helpers use new universal DMA helpers Benjamin Herrenschmidt
2012-06-20 21:21 ` Anthony Liguori [this message]
2012-06-20 21:37 ` Benjamin Herrenschmidt
2012-06-19 6:39 ` [Qemu-devel] [PATCH 06/13] ide/ahci: Use universal DMA helper functions Benjamin Herrenschmidt
2012-06-19 6:39 ` [Qemu-devel] [PATCH 07/13] usb: Convert usb_packet_{map, unmap} to universal DMA helpers Benjamin Herrenschmidt
2012-06-19 13:42 ` Gerd Hoffmann
2012-06-19 20:23 ` Benjamin Herrenschmidt
2012-06-20 3:14 ` David Gibson
2012-06-20 3:52 ` Benjamin Herrenschmidt
2012-06-21 1:42 ` David Gibson
2012-06-20 6:25 ` Gerd Hoffmann
2012-06-20 9:25 ` Benjamin Herrenschmidt
2012-06-20 9:54 ` Gerd Hoffmann
2012-06-19 6:39 ` [Qemu-devel] [PATCH 08/13] iommu: Introduce IOMMU emulation infrastructure Benjamin Herrenschmidt
2012-06-19 6:39 ` [Qemu-devel] [PATCH 09/13] iommu: Add facility to cancel in-use dma memory maps Benjamin Herrenschmidt
2012-06-20 21:25 ` Anthony Liguori
2012-06-20 21:52 ` Benjamin Herrenschmidt
2012-06-22 3:18 ` Benjamin Herrenschmidt
2012-06-19 6:39 ` [Qemu-devel] [PATCH 10/13] pseries: Convert sPAPR TCEs to use generic IOMMU infrastructure Benjamin Herrenschmidt
2012-06-19 6:39 ` [Qemu-devel] [PATCH 11/13] iommu: Allow PCI to use " Benjamin Herrenschmidt
2012-06-19 6:39 ` [Qemu-devel] [PATCH 12/13] pseries: Implement IOMMU and DMA for PAPR PCI devices Benjamin Herrenschmidt
2012-06-19 6:39 ` [Qemu-devel] [PATCH 13/13] Add a memory barrier to DMA functions Benjamin Herrenschmidt
2012-06-20 21:12 ` [Qemu-devel] [PATCH 00/13] iommu series Anthony Liguori
-- strict thread matches above, loose matches on Subject: below --
2012-05-10 4:48 [Qemu-devel] [PATCH 00/13] IOMMU infrastructure Benjamin Herrenschmidt
2012-05-10 4:48 ` [Qemu-devel] [PATCH 05/13] iommu: Make sglists and dma_bdrv helpers use new universal DMA helpers Benjamin Herrenschmidt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4FE23ECA.9030204@codemonkey.ws \
--to=anthony@codemonkey.ws \
--cc=benh@kernel.crashing.org \
--cc=david@gibson.dropbear.id.au \
--cc=kwolf@redhat.com \
--cc=mst@redhat.com \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).