Re: [PATCH 2/5] vfio: introduce the VFIO_DMA_MAP_FLAG_NOEXEC flag

2014-10-21 Thread Antonios Motakis 
On Mon, Oct 20, 2014 at 11:37 PM, Andy Lutomirski l...@amacapital.net wrote:
 On Mon, Oct 13, 2014 at 6:09 AM, Antonios Motakis
 a.mota...@virtualopensystems.com wrote:
 We introduce the VFIO_DMA_MAP_FLAG_NOEXEC flag to the VFIO dma map call,
 and expose its availability via the capability VFIO_DMA_NOEXEC_IOMMU.
 This way the user can control whether the XN flag will be set on the
 requested mappings. The IOMMU_NOEXEC flag needs to be available for all
 the IOMMUs of the container used.

 Since you sent this to the linux-api list, I'll bite: what's the XN
 flag?  I know what PROT_EXEC does when you mmap something, and I
 presume that vfio is mmappable, but I don't actually have any clue
 what this patch does.

 I assume that this does not have anything to do with a non-CPU DMA
 master executing code in main memory, because that makes rather little
 sense.  (Or maybe it really does, in which case: weird.)

It does actually. For example, the ARM PL330 DMA controller will fetch
from memory code with DMA instructions, and it will respect this flag.
It is not code that can be executed on the CPU of course, but it is
executable on the DMAC.



 --Andy



-- 
Antonios Motakis
Virtual Open Systems
___
iommu mailing list
iommu@lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/iommu

Re: [PATCH 2/5] vfio: introduce the VFIO_DMA_MAP_FLAG_NOEXEC flag

2014-10-20 Thread Alex Williamson 
On Mon, 2014-10-13 at 15:09 +0200, Antonios Motakis wrote:
 We introduce the VFIO_DMA_MAP_FLAG_NOEXEC flag to the VFIO dma map call,
 and expose its availability via the capability VFIO_DMA_NOEXEC_IOMMU.
 This way the user can control whether the XN flag will be set on the
 requested mappings. The IOMMU_NOEXEC flag needs to be available for all
 the IOMMUs of the container used.
 
 Signed-off-by: Antonios Motakis a.mota...@virtualopensystems.com
 ---
  include/uapi/linux/vfio.h | 2 ++
  1 file changed, 2 insertions(+)
 
 diff --git a/include/uapi/linux/vfio.h b/include/uapi/linux/vfio.h
 index 6612974..111b5e8 100644
 --- a/include/uapi/linux/vfio.h
 +++ b/include/uapi/linux/vfio.h
 @@ -29,6 +29,7 @@
   * capability is subject to change as groups are added or removed.
   */
  #define VFIO_DMA_CC_IOMMU4
 +#define VFIO_DMA_NOEXEC_IOMMU5
  
  /* Check if EEH is supported */
  #define VFIO_EEH 5
^^
5 is still already used.  Feel free to convert to enum so we stop making
this mistake.

 @@ -401,6 +402,7 @@ struct vfio_iommu_type1_dma_map {
   __u32   flags;
  #define VFIO_DMA_MAP_FLAG_READ (1  0)  /* readable from device 
 */
  #define VFIO_DMA_MAP_FLAG_WRITE (1  1) /* writable from device */
 +#define VFIO_DMA_MAP_FLAG_NOEXEC (1  2)/* not executable from device */
   __u64   vaddr;  /* Process virtual address */
   __u64   iova;   /* IO virtual address */
   __u64   size;   /* Size of mapping (bytes) */



___
iommu mailing list
iommu@lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/iommu

Re: [PATCH 2/5] vfio: introduce the VFIO_DMA_MAP_FLAG_NOEXEC flag

2014-10-20 Thread Andy Lutomirski 
On Mon, Oct 13, 2014 at 6:09 AM, Antonios Motakis
a.mota...@virtualopensystems.com wrote:
 We introduce the VFIO_DMA_MAP_FLAG_NOEXEC flag to the VFIO dma map call,
 and expose its availability via the capability VFIO_DMA_NOEXEC_IOMMU.
 This way the user can control whether the XN flag will be set on the
 requested mappings. The IOMMU_NOEXEC flag needs to be available for all
 the IOMMUs of the container used.

Since you sent this to the linux-api list, I'll bite: what's the XN
flag?  I know what PROT_EXEC does when you mmap something, and I
presume that vfio is mmappable, but I don't actually have any clue
what this patch does.

I assume that this does not have anything to do with a non-CPU DMA
master executing code in main memory, because that makes rather little
sense.  (Or maybe it really does, in which case: weird.)

--Andy
___
iommu mailing list
iommu@lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/iommu

[PATCH 2/5] vfio: introduce the VFIO_DMA_MAP_FLAG_NOEXEC flag

2014-10-13 Thread Antonios Motakis 
We introduce the VFIO_DMA_MAP_FLAG_NOEXEC flag to the VFIO dma map call,
and expose its availability via the capability VFIO_DMA_NOEXEC_IOMMU.
This way the user can control whether the XN flag will be set on the
requested mappings. The IOMMU_NOEXEC flag needs to be available for all
the IOMMUs of the container used.

Signed-off-by: Antonios Motakis a.mota...@virtualopensystems.com
---
 include/uapi/linux/vfio.h | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/include/uapi/linux/vfio.h b/include/uapi/linux/vfio.h
index 6612974..111b5e8 100644
--- a/include/uapi/linux/vfio.h
+++ b/include/uapi/linux/vfio.h
@@ -29,6 +29,7 @@
  * capability is subject to change as groups are added or removed.
  */
 #define VFIO_DMA_CC_IOMMU  4
+#define VFIO_DMA_NOEXEC_IOMMU  5
 
 /* Check if EEH is supported */
 #define VFIO_EEH   5
@@ -401,6 +402,7 @@ struct vfio_iommu_type1_dma_map {
__u32   flags;
 #define VFIO_DMA_MAP_FLAG_READ (1  0)/* readable from device 
*/
 #define VFIO_DMA_MAP_FLAG_WRITE (1  1)   /* writable from device */
+#define VFIO_DMA_MAP_FLAG_NOEXEC (1  2)  /* not executable from device */
__u64   vaddr;  /* Process virtual address */
__u64   iova;   /* IO virtual address */
__u64   size;   /* Size of mapping (bytes) */
-- 
2.1.1

___
iommu mailing list
iommu@lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/iommu