Re: [PATCH 2/5] vfio: introduce the VFIO_DMA_MAP_FLAG_NOEXEC flag
On Mon, Oct 20, 2014 at 11:37 PM, Andy Lutomirski l...@amacapital.net wrote: On Mon, Oct 13, 2014 at 6:09 AM, Antonios Motakis a.mota...@virtualopensystems.com wrote: We introduce the VFIO_DMA_MAP_FLAG_NOEXEC flag to the VFIO dma map call, and expose its availability via the capability VFIO_DMA_NOEXEC_IOMMU. This way the user can control whether the XN flag will be set on the requested mappings. The IOMMU_NOEXEC flag needs to be available for all the IOMMUs of the container used. Since you sent this to the linux-api list, I'll bite: what's the XN flag? I know what PROT_EXEC does when you mmap something, and I presume that vfio is mmappable, but I don't actually have any clue what this patch does. I assume that this does not have anything to do with a non-CPU DMA master executing code in main memory, because that makes rather little sense. (Or maybe it really does, in which case: weird.) It does actually. For example, the ARM PL330 DMA controller will fetch from memory code with DMA instructions, and it will respect this flag. It is not code that can be executed on the CPU of course, but it is executable on the DMAC. --Andy -- Antonios Motakis Virtual Open Systems ___ iommu mailing list iommu@lists.linux-foundation.org https://lists.linuxfoundation.org/mailman/listinfo/iommu
Re: [PATCH 2/5] vfio: introduce the VFIO_DMA_MAP_FLAG_NOEXEC flag
On Mon, 2014-10-13 at 15:09 +0200, Antonios Motakis wrote: We introduce the VFIO_DMA_MAP_FLAG_NOEXEC flag to the VFIO dma map call, and expose its availability via the capability VFIO_DMA_NOEXEC_IOMMU. This way the user can control whether the XN flag will be set on the requested mappings. The IOMMU_NOEXEC flag needs to be available for all the IOMMUs of the container used. Signed-off-by: Antonios Motakis a.mota...@virtualopensystems.com --- include/uapi/linux/vfio.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/include/uapi/linux/vfio.h b/include/uapi/linux/vfio.h index 6612974..111b5e8 100644 --- a/include/uapi/linux/vfio.h +++ b/include/uapi/linux/vfio.h @@ -29,6 +29,7 @@ * capability is subject to change as groups are added or removed. */ #define VFIO_DMA_CC_IOMMU4 +#define VFIO_DMA_NOEXEC_IOMMU5 /* Check if EEH is supported */ #define VFIO_EEH 5 ^^ 5 is still already used. Feel free to convert to enum so we stop making this mistake. @@ -401,6 +402,7 @@ struct vfio_iommu_type1_dma_map { __u32 flags; #define VFIO_DMA_MAP_FLAG_READ (1 0) /* readable from device */ #define VFIO_DMA_MAP_FLAG_WRITE (1 1) /* writable from device */ +#define VFIO_DMA_MAP_FLAG_NOEXEC (1 2)/* not executable from device */ __u64 vaddr; /* Process virtual address */ __u64 iova; /* IO virtual address */ __u64 size; /* Size of mapping (bytes) */ ___ iommu mailing list iommu@lists.linux-foundation.org https://lists.linuxfoundation.org/mailman/listinfo/iommu
Re: [PATCH 2/5] vfio: introduce the VFIO_DMA_MAP_FLAG_NOEXEC flag
On Mon, Oct 13, 2014 at 6:09 AM, Antonios Motakis a.mota...@virtualopensystems.com wrote: We introduce the VFIO_DMA_MAP_FLAG_NOEXEC flag to the VFIO dma map call, and expose its availability via the capability VFIO_DMA_NOEXEC_IOMMU. This way the user can control whether the XN flag will be set on the requested mappings. The IOMMU_NOEXEC flag needs to be available for all the IOMMUs of the container used. Since you sent this to the linux-api list, I'll bite: what's the XN flag? I know what PROT_EXEC does when you mmap something, and I presume that vfio is mmappable, but I don't actually have any clue what this patch does. I assume that this does not have anything to do with a non-CPU DMA master executing code in main memory, because that makes rather little sense. (Or maybe it really does, in which case: weird.) --Andy ___ iommu mailing list iommu@lists.linux-foundation.org https://lists.linuxfoundation.org/mailman/listinfo/iommu
[PATCH 2/5] vfio: introduce the VFIO_DMA_MAP_FLAG_NOEXEC flag
We introduce the VFIO_DMA_MAP_FLAG_NOEXEC flag to the VFIO dma map call, and expose its availability via the capability VFIO_DMA_NOEXEC_IOMMU. This way the user can control whether the XN flag will be set on the requested mappings. The IOMMU_NOEXEC flag needs to be available for all the IOMMUs of the container used. Signed-off-by: Antonios Motakis a.mota...@virtualopensystems.com --- include/uapi/linux/vfio.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/include/uapi/linux/vfio.h b/include/uapi/linux/vfio.h index 6612974..111b5e8 100644 --- a/include/uapi/linux/vfio.h +++ b/include/uapi/linux/vfio.h @@ -29,6 +29,7 @@ * capability is subject to change as groups are added or removed. */ #define VFIO_DMA_CC_IOMMU 4 +#define VFIO_DMA_NOEXEC_IOMMU 5 /* Check if EEH is supported */ #define VFIO_EEH 5 @@ -401,6 +402,7 @@ struct vfio_iommu_type1_dma_map { __u32 flags; #define VFIO_DMA_MAP_FLAG_READ (1 0)/* readable from device */ #define VFIO_DMA_MAP_FLAG_WRITE (1 1) /* writable from device */ +#define VFIO_DMA_MAP_FLAG_NOEXEC (1 2) /* not executable from device */ __u64 vaddr; /* Process virtual address */ __u64 iova; /* IO virtual address */ __u64 size; /* Size of mapping (bytes) */ -- 2.1.1 ___ iommu mailing list iommu@lists.linux-foundation.org https://lists.linuxfoundation.org/mailman/listinfo/iommu