Secure DMA forces the remote process to use DMA r/w messages instead of directly mapping guest memeory.
Signed-off-by: John G Johnson <john.g.john...@oracle.com> Signed-off-by: Elena Ufimtseva <elena.ufimts...@oracle.com> Signed-off-by: Jagannathan Raman <jag.ra...@oracle.com> --- hw/vfio/pci.h | 1 + hw/vfio/user.h | 1 + hw/vfio/pci.c | 4 ++++ hw/vfio/user.c | 2 +- 4 files changed, 7 insertions(+), 1 deletion(-) diff --git a/hw/vfio/pci.h b/hw/vfio/pci.h index 643ff75..156fee2 100644 --- a/hw/vfio/pci.h +++ b/hw/vfio/pci.h @@ -193,6 +193,7 @@ OBJECT_DECLARE_SIMPLE_TYPE(VFIOUserPCIDevice, VFIO_USER_PCI) struct VFIOUserPCIDevice { VFIOPCIDevice device; char *sock_name; + bool secure_dma; /* disable shared mem for DMA */ bool send_queued; /* all sends are queued */ bool no_post; /* all regions write are sync */ }; diff --git a/hw/vfio/user.h b/hw/vfio/user.h index 8d03e7c..997f748 100644 --- a/hw/vfio/user.h +++ b/hw/vfio/user.h @@ -74,6 +74,7 @@ typedef struct VFIOProxy { /* VFIOProxy flags */ #define VFIO_PROXY_CLIENT 0x1 +#define VFIO_PROXY_SECURE 0x2 #define VFIO_PROXY_FORCE_QUEUED 0x4 #define VFIO_PROXY_NO_POST 0x8 diff --git a/hw/vfio/pci.c b/hw/vfio/pci.c index 1fc79ef..b86acd1 100644 --- a/hw/vfio/pci.c +++ b/hw/vfio/pci.c @@ -3483,6 +3483,9 @@ static void vfio_user_pci_realize(PCIDevice *pdev, Error **errp) vbasedev->proxy = proxy; vfio_user_set_handler(vbasedev, vfio_user_pci_process_req, vdev); + if (udev->secure_dma) { + proxy->flags |= VFIO_PROXY_SECURE; + } if (udev->send_queued) { proxy->flags |= VFIO_PROXY_FORCE_QUEUED; } @@ -3607,6 +3610,7 @@ static void vfio_user_instance_finalize(Object *obj) static Property vfio_user_pci_dev_properties[] = { DEFINE_PROP_STRING("socket", VFIOUserPCIDevice, sock_name), + DEFINE_PROP_BOOL("secure-dma", VFIOUserPCIDevice, secure_dma, false), DEFINE_PROP_BOOL("x-send-queued", VFIOUserPCIDevice, send_queued, false), DEFINE_PROP_BOOL("x-no-posted-writes", VFIOUserPCIDevice, no_post, false), DEFINE_PROP_END_OF_LIST(), diff --git a/hw/vfio/user.c b/hw/vfio/user.c index 5c27a5e..fb0165d 100644 --- a/hw/vfio/user.c +++ b/hw/vfio/user.c @@ -1441,7 +1441,7 @@ static int vfio_user_io_dma_map(VFIOContainer *container, MemoryRegion *mr, * map->vaddr enters as a QEMU process address * make it either a file offset for mapped areas or 0 */ - if (fd != -1) { + if (fd != -1 && (container->proxy->flags & VFIO_PROXY_SECURE) == 0) { void *addr = (void *)(uintptr_t)map->vaddr; map->vaddr = qemu_ram_block_host_offset(mr->ram_block, addr); -- 1.8.3.1