From: John Johnson <john.g.johnson@oracle.com>
To: qemu-devel@nongnu.org
Subject: [PATCH v1 19/24] vfio-user: secure DMA support
Date: Tue, 8 Nov 2022 15:13:41 -0800 [thread overview]
Message-ID: <f01a4df56f967ab0ecb32087165c3cbd7167f384.1667542066.git.john.g.johnson@oracle.com> (raw)
In-Reply-To: <cover.1667542066.git.john.g.johnson@oracle.com>
In-Reply-To: <cover.1667542066.git.john.g.johnson@oracle.com>
Secure DMA forces the remote process to use DMA r/w messages
instead of directly mapping guest memeory.
Signed-off-by: John G Johnson <john.g.johnson@oracle.com>
Signed-off-by: Elena Ufimtseva <elena.ufimtseva@oracle.com>
Signed-off-by: Jagannathan Raman <jag.raman@oracle.com>
---
hw/vfio/pci.c | 4 ++++
hw/vfio/pci.h | 1 +
hw/vfio/user.c | 2 +-
hw/vfio/user.h | 1 +
4 files changed, 7 insertions(+), 1 deletion(-)
diff --git a/hw/vfio/pci.c b/hw/vfio/pci.c
index 53e3bb8..ce6776b 100644
--- a/hw/vfio/pci.c
+++ b/hw/vfio/pci.c
@@ -3610,6 +3610,9 @@ static void vfio_user_pci_realize(PCIDevice *pdev, Error **errp)
vbasedev->proxy = proxy;
vfio_user_set_handler(vbasedev, vfio_user_pci_process_req, vdev);
+ if (udev->secure_dma) {
+ proxy->flags |= VFIO_PROXY_SECURE;
+ }
if (udev->send_queued) {
proxy->flags |= VFIO_PROXY_FORCE_QUEUED;
}
@@ -3718,6 +3721,7 @@ static void vfio_user_instance_finalize(Object *obj)
static Property vfio_user_pci_dev_properties[] = {
DEFINE_PROP_STRING("socket", VFIOUserPCIDevice, sock_name),
+ DEFINE_PROP_BOOL("secure-dma", VFIOUserPCIDevice, secure_dma, false),
DEFINE_PROP_BOOL("x-send-queued", VFIOUserPCIDevice, send_queued, false),
DEFINE_PROP_BOOL("x-no-posted-writes", VFIOUserPCIDevice, no_post, false),
DEFINE_PROP_END_OF_LIST(),
diff --git a/hw/vfio/pci.h b/hw/vfio/pci.h
index c04fa58..c4b8e5c 100644
--- a/hw/vfio/pci.h
+++ b/hw/vfio/pci.h
@@ -196,6 +196,7 @@ OBJECT_DECLARE_SIMPLE_TYPE(VFIOUserPCIDevice, VFIO_USER_PCI)
struct VFIOUserPCIDevice {
VFIOPCIDevice device;
char *sock_name;
+ bool secure_dma; /* disable shared mem for DMA */
bool send_queued; /* all sends are queued */
bool no_post; /* all regions write are sync */
};
diff --git a/hw/vfio/user.c b/hw/vfio/user.c
index d62fe05..0c5493e 100644
--- a/hw/vfio/user.c
+++ b/hw/vfio/user.c
@@ -1627,7 +1627,7 @@ static int vfio_user_io_dma_map(VFIOContainer *container, MemoryRegion *mr,
* map->vaddr enters as a QEMU process address
* make it either a file offset for mapped areas or 0
*/
- if (fd != -1) {
+ if (fd != -1 && (container->proxy->flags & VFIO_PROXY_SECURE) == 0) {
void *addr = (void *)(uintptr_t)map->vaddr;
map->vaddr = qemu_ram_block_host_offset(mr->ram_block, addr);
diff --git a/hw/vfio/user.h b/hw/vfio/user.h
index 19b8a29..6bd9fd3 100644
--- a/hw/vfio/user.h
+++ b/hw/vfio/user.h
@@ -83,6 +83,7 @@ typedef struct VFIOProxy {
/* VFIOProxy flags */
#define VFIO_PROXY_CLIENT 0x1
+#define VFIO_PROXY_SECURE 0x2
#define VFIO_PROXY_FORCE_QUEUED 0x4
#define VFIO_PROXY_NO_POST 0x8
--
1.8.3.1
next prev parent reply other threads:[~2022-11-08 23:05 UTC|newest]
Thread overview: 82+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-11-08 23:13 [PATCH v1 00/24] vfio-user client John Johnson
2022-11-08 23:13 ` [PATCH v1 01/24] vfio-user: introduce vfio-user protocol specification John Johnson
2022-11-08 23:13 ` [PATCH v1 02/24] vfio-user: add VFIO base abstract class John Johnson
2022-12-09 13:54 ` John Levon
2022-12-09 16:04 ` Cédric Le Goater
2022-12-12 20:30 ` John Johnson
2022-11-08 23:13 ` [PATCH v1 03/24] vfio-user: add container IO ops vector John Johnson
2022-12-09 14:10 ` John Levon
2022-12-09 16:10 ` Cédric Le Goater
2022-12-12 9:40 ` Philippe Mathieu-Daudé
2022-11-08 23:13 ` [PATCH v1 04/24] vfio-user: add region cache John Johnson
2022-12-09 14:15 ` John Levon
2022-12-12 7:44 ` Cédric Le Goater
2022-12-12 11:42 ` Philippe Mathieu-Daudé
2023-02-02 5:21 ` John Johnson
2022-11-08 23:13 ` [PATCH v1 05/24] vfio-user: add device IO ops vector John Johnson
2022-12-09 14:43 ` John Levon
2022-12-12 7:59 ` Cédric Le Goater
2022-11-08 23:13 ` [PATCH v1 06/24] vfio-user: Define type vfio_user_pci_dev_info John Johnson
2022-12-09 15:23 ` John Levon
2022-12-12 9:01 ` Cédric Le Goater
2022-12-12 11:03 ` John Levon
2022-12-12 11:46 ` Philippe Mathieu-Daudé
2022-12-12 20:44 ` John Johnson
2022-12-12 21:32 ` John Johnson
2022-11-08 23:13 ` [PATCH v1 07/24] vfio-user: connect vfio proxy to remote server John Johnson
2022-12-09 15:23 ` John Levon
2022-12-12 16:24 ` Cédric Le Goater
2022-11-08 23:13 ` [PATCH v1 08/24] vfio-user: define socket receive functions John Johnson
2022-12-09 15:34 ` John Levon
2022-12-13 10:45 ` Cédric Le Goater
2022-11-08 23:13 ` [PATCH v1 09/24] vfio-user: define socket send functions John Johnson
2022-12-09 15:52 ` John Levon
2022-12-13 13:48 ` Cédric Le Goater
2023-02-02 5:21 ` John Johnson
2022-11-08 23:13 ` [PATCH v1 10/24] vfio-user: get device info John Johnson
2022-12-09 15:57 ` John Levon
2022-12-12 20:28 ` John Johnson
2022-12-13 14:06 ` Cédric Le Goater
2022-11-08 23:13 ` [PATCH v1 11/24] vfio-user: get region info John Johnson
2022-12-09 17:04 ` John Levon
2022-12-13 15:15 ` Cédric Le Goater
2022-11-08 23:13 ` [PATCH v1 12/24] vfio-user: region read/write John Johnson
2022-12-09 17:11 ` John Levon
2022-12-13 16:13 ` Cédric Le Goater
2022-11-08 23:13 ` [PATCH v1 13/24] vfio-user: pci_user_realize PCI setup John Johnson
2022-12-09 17:22 ` John Levon
2022-12-13 16:13 ` Cédric Le Goater
2022-11-08 23:13 ` [PATCH v1 14/24] vfio-user: get and set IRQs John Johnson
2022-12-09 17:29 ` John Levon
2022-12-12 20:28 ` John Johnson
2022-12-13 16:39 ` Cédric Le Goater
2022-12-13 23:10 ` John Johnson
2023-02-02 5:21 ` John Johnson
2022-11-08 23:13 ` [PATCH v1 15/24] vfio-user: forward msix BAR accesses to server John Johnson
2022-12-09 17:45 ` John Levon
2022-12-14 17:00 ` Cédric Le Goater
2022-11-08 23:13 ` [PATCH v1 16/24] vfio-user: proxy container connect/disconnect John Johnson
2022-12-09 17:54 ` John Levon
2022-12-14 17:59 ` Cédric Le Goater
2022-11-08 23:13 ` [PATCH v1 17/24] vfio-user: dma map/unmap operations John Johnson
2022-12-15 12:39 ` Cédric Le Goater
2022-11-08 23:13 ` [PATCH v1 18/24] vfio-user: add dma_unmap_all John Johnson
2022-12-09 17:58 ` John Levon
2022-11-08 23:13 ` John Johnson [this message]
2022-12-09 18:01 ` [PATCH v1 19/24] vfio-user: secure DMA support John Levon
2022-12-12 20:31 ` John Johnson
2022-11-08 23:13 ` [PATCH v1 20/24] vfio-user: dma read/write operations John Johnson
2022-12-09 18:11 ` John Levon
2022-11-08 23:13 ` [PATCH v1 21/24] vfio-user: pci reset John Johnson
2022-12-09 18:13 ` John Levon
2022-11-08 23:13 ` [PATCH v1 22/24] vfio-user: add 'x-msg-timeout' option that specifies msg wait times John Johnson
2022-12-09 18:14 ` John Levon
2022-12-15 12:56 ` Cédric Le Goater
2022-12-16 4:22 ` John Johnson
2022-11-08 23:13 ` [PATCH v1 23/24] vfio-user: add coalesced posted writes John Johnson
2022-12-09 18:16 ` John Levon
2022-11-08 23:13 ` [PATCH v1 24/24] vfio-user: add trace points John Johnson
2022-12-15 12:59 ` Cédric Le Goater
2022-12-12 9:41 ` [PATCH v1 00/24] vfio-user client Philippe Mathieu-Daudé
2022-12-16 11:31 ` Cédric Le Goater
2023-02-02 5:20 ` John Johnson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=f01a4df56f967ab0ecb32087165c3cbd7167f384.1667542066.git.john.g.johnson@oracle.com \
--to=john.g.johnson@oracle.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.