[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[RFC v4 17/21] vfio-user: secure DMA support
|
From: |
John Johnson |
|
Subject: |
[RFC v4 17/21] vfio-user: secure DMA support |
|
Date: |
Tue, 11 Jan 2022 16:43:53 -0800 |
Secure DMA forces the remote process to use DMA r/w messages
instead of directly mapping guest memeory.
Signed-off-by: John G Johnson <john.g.johnson@oracle.com>
Signed-off-by: Elena Ufimtseva <elena.ufimtseva@oracle.com>
Signed-off-by: Jagannathan Raman <jag.raman@oracle.com>
---
hw/vfio/pci.h | 1 +
hw/vfio/user.h | 1 +
hw/vfio/pci.c | 4 ++++
hw/vfio/user.c | 2 +-
4 files changed, 7 insertions(+), 1 deletion(-)
diff --git a/hw/vfio/pci.h b/hw/vfio/pci.h
index 643ff75..156fee2 100644
--- a/hw/vfio/pci.h
+++ b/hw/vfio/pci.h
@@ -193,6 +193,7 @@ OBJECT_DECLARE_SIMPLE_TYPE(VFIOUserPCIDevice, VFIO_USER_PCI)
struct VFIOUserPCIDevice {
VFIOPCIDevice device;
char *sock_name;
+ bool secure_dma; /* disable shared mem for DMA */
bool send_queued; /* all sends are queued */
bool no_post; /* all regions write are sync */
};
diff --git a/hw/vfio/user.h b/hw/vfio/user.h
index 8d03e7c..997f748 100644
--- a/hw/vfio/user.h
+++ b/hw/vfio/user.h
@@ -74,6 +74,7 @@ typedef struct VFIOProxy {
/* VFIOProxy flags */
#define VFIO_PROXY_CLIENT 0x1
+#define VFIO_PROXY_SECURE 0x2
#define VFIO_PROXY_FORCE_QUEUED 0x4
#define VFIO_PROXY_NO_POST 0x8
diff --git a/hw/vfio/pci.c b/hw/vfio/pci.c
index 1fc79ef..b86acd1 100644
--- a/hw/vfio/pci.c
+++ b/hw/vfio/pci.c
@@ -3483,6 +3483,9 @@ static void vfio_user_pci_realize(PCIDevice *pdev, Error
**errp)
vbasedev->proxy = proxy;
vfio_user_set_handler(vbasedev, vfio_user_pci_process_req, vdev);
+ if (udev->secure_dma) {
+ proxy->flags |= VFIO_PROXY_SECURE;
+ }
if (udev->send_queued) {
proxy->flags |= VFIO_PROXY_FORCE_QUEUED;
}
@@ -3607,6 +3610,7 @@ static void vfio_user_instance_finalize(Object *obj)
static Property vfio_user_pci_dev_properties[] = {
DEFINE_PROP_STRING("socket", VFIOUserPCIDevice, sock_name),
+ DEFINE_PROP_BOOL("secure-dma", VFIOUserPCIDevice, secure_dma, false),
DEFINE_PROP_BOOL("x-send-queued", VFIOUserPCIDevice, send_queued, false),
DEFINE_PROP_BOOL("x-no-posted-writes", VFIOUserPCIDevice, no_post, false),
DEFINE_PROP_END_OF_LIST(),
diff --git a/hw/vfio/user.c b/hw/vfio/user.c
index 5c27a5e..fb0165d 100644
--- a/hw/vfio/user.c
+++ b/hw/vfio/user.c
@@ -1441,7 +1441,7 @@ static int vfio_user_io_dma_map(VFIOContainer *container,
MemoryRegion *mr,
* map->vaddr enters as a QEMU process address
* make it either a file offset for mapped areas or 0
*/
- if (fd != -1) {
+ if (fd != -1 && (container->proxy->flags & VFIO_PROXY_SECURE) == 0) {
void *addr = (void *)(uintptr_t)map->vaddr;
map->vaddr = qemu_ram_block_host_offset(mr->ram_block, addr);
--
1.8.3.1
- [RFC v4 12/21] vfio-user: region read/write, (continued)
- [RFC v4 12/21] vfio-user: region read/write, John Johnson, 2022/01/11
- [RFC v4 13/21] vfio-user: pci_user_realize PCI setup, John Johnson, 2022/01/11
- [RFC v4 18/21] vfio-user: dma read/write operations, John Johnson, 2022/01/11
- [RFC v4 14/21] vfio-user: get and set IRQs, John Johnson, 2022/01/11
- [RFC v4 11/21] vfio-user: get region info, John Johnson, 2022/01/11
- [RFC v4 20/21] vfio-user: migration support, John Johnson, 2022/01/11
- [RFC v4 16/21] vfio-user: dma map/unmap operations, John Johnson, 2022/01/11
- [RFC v4 21/21] Only set qemu file error if saving state so the file exists, John Johnson, 2022/01/11
- [RFC v4 19/21] vfio-user: pci reset, John Johnson, 2022/01/11
- [RFC v4 17/21] vfio-user: secure DMA support,
John Johnson <=
- [RFC v4 15/21] vfio-user: proxy container connect/disconnect, John Johnson, 2022/01/11