[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[RFC v5 18/23] vfio-user: secure DMA support
From: |
John Johnson |
Subject: |
[RFC v5 18/23] vfio-user: secure DMA support |
Date: |
Thu, 5 May 2022 10:20:01 -0700 |
Secure DMA forces the remote process to use DMA r/w messages
instead of directly mapping guest memeory.
Signed-off-by: John G Johnson <john.g.johnson@oracle.com>
Signed-off-by: Elena Ufimtseva <elena.ufimtseva@oracle.com>
Signed-off-by: Jagannathan Raman <jag.raman@oracle.com>
---
hw/vfio/pci.h | 1 +
hw/vfio/user.h | 1 +
hw/vfio/pci.c | 4 ++++
hw/vfio/user.c | 2 +-
4 files changed, 7 insertions(+), 1 deletion(-)
diff --git a/hw/vfio/pci.h b/hw/vfio/pci.h
index a4eb5b9..c207847 100644
--- a/hw/vfio/pci.h
+++ b/hw/vfio/pci.h
@@ -194,6 +194,7 @@ OBJECT_DECLARE_SIMPLE_TYPE(VFIOUserPCIDevice, VFIO_USER_PCI)
struct VFIOUserPCIDevice {
VFIOPCIDevice device;
char *sock_name;
+ bool secure_dma; /* disable shared mem for DMA */
bool send_queued; /* all sends are queued */
bool no_post; /* all regions write are sync */
};
diff --git a/hw/vfio/user.h b/hw/vfio/user.h
index 742e1a9..ec764d3 100644
--- a/hw/vfio/user.h
+++ b/hw/vfio/user.h
@@ -76,6 +76,7 @@ typedef struct VFIOProxy {
/* VFIOProxy flags */
#define VFIO_PROXY_CLIENT 0x1
+#define VFIO_PROXY_SECURE 0x2
#define VFIO_PROXY_FORCE_QUEUED 0x4
#define VFIO_PROXY_NO_POST 0x8
diff --git a/hw/vfio/pci.c b/hw/vfio/pci.c
index 054a2bd..2faf890 100644
--- a/hw/vfio/pci.c
+++ b/hw/vfio/pci.c
@@ -3589,6 +3589,9 @@ static void vfio_user_pci_realize(PCIDevice *pdev, Error
**errp)
vbasedev->proxy = proxy;
vfio_user_set_handler(vbasedev, vfio_user_pci_process_req, vdev);
+ if (udev->secure_dma) {
+ proxy->flags |= VFIO_PROXY_SECURE;
+ }
if (udev->send_queued) {
proxy->flags |= VFIO_PROXY_FORCE_QUEUED;
}
@@ -3720,6 +3723,7 @@ static void vfio_user_instance_finalize(Object *obj)
static Property vfio_user_pci_dev_properties[] = {
DEFINE_PROP_STRING("socket", VFIOUserPCIDevice, sock_name),
+ DEFINE_PROP_BOOL("secure-dma", VFIOUserPCIDevice, secure_dma, false),
DEFINE_PROP_BOOL("x-send-queued", VFIOUserPCIDevice, send_queued, false),
DEFINE_PROP_BOOL("x-no-posted-writes", VFIOUserPCIDevice, no_post, false),
DEFINE_PROP_END_OF_LIST(),
diff --git a/hw/vfio/user.c b/hw/vfio/user.c
index 29eff8a..b08108c 100644
--- a/hw/vfio/user.c
+++ b/hw/vfio/user.c
@@ -1528,7 +1528,7 @@ static int vfio_user_io_dma_map(VFIOContainer *container,
MemoryRegion *mr,
* map->vaddr enters as a QEMU process address
* make it either a file offset for mapped areas or 0
*/
- if (fd != -1) {
+ if (fd != -1 && (container->proxy->flags & VFIO_PROXY_SECURE) == 0) {
void *addr = (void *)(uintptr_t)map->vaddr;
map->vaddr = qemu_ram_block_host_offset(mr->ram_block, addr);
--
1.8.3.1
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [RFC v5 18/23] vfio-user: secure DMA support,
John Johnson <=