@@ -30,6 +30,7 @@
#include "sysbus.h"
#include "range.h"
#include "xen.h"
+#include "exec-memory.h"
/*
* I440FX chipset data sheet.
@@ -252,6 +253,78 @@ static int i440fx_initfn(PCIDevice *dev)
return 0;
}
+typedef struct SillyIOMMU SillyIOMMU;
+
+struct SillyIOMMU {
+ MemoryRegion l1;
+ MemoryRegion l2;
+ target_phys_addr_t mask;
+ target_phys_addr_t secret;
+};
+
+static IOMMUTLBEntry silly_l1_translate(MemoryRegion *l1, target_phys_addr_t addr,
+ bool is_write)
+{
+ SillyIOMMU *s = container_of(l1, SillyIOMMU, l1);
+ target_phys_addr_t xlat = addr ^ s->secret;
+
+ printf("l1: %" TARGET_PRIxPHYS " -> %" TARGET_PRIxPHYS "\n", addr, xlat);
+
+ return (IOMMUTLBEntry) {
+ .device_addr = addr & ~s->mask,
+ .translated_addr = xlat & ~s->mask,
+ .addr_mask = s->mask,
+ .valid = true,
+ };
+}
+
+static MemoryRegionIOMMUOps silly_l1_iommu_ops = {
+ .translate = silly_l1_translate,
+};
+
+static IOMMUTLBEntry silly_l2_translate(MemoryRegion *l2, target_phys_addr_t addr,
+ bool is_write)
+{
+ SillyIOMMU *s = container_of(l2, SillyIOMMU, l2);
+ target_phys_addr_t xlat = addr ^ s->secret;
+
+ printf("l2: %" TARGET_PRIxPHYS " -> %" TARGET_PRIxPHYS "\n", addr, xlat);
+
+ return (IOMMUTLBEntry) {
+ .device_addr = addr & ~s->mask,
+ .translated_addr = xlat & ~s->mask,
+ .addr_mask = s->mask,
+ .valid = true,
+ };
+}
+
+static MemoryRegionIOMMUOps silly_l2_iommu_ops = {
+ .translate = silly_l2_translate,
+};
+
+static MemoryRegion *silly_iommu_new(PCIBus *bus, void *opaque, int devfn)
+{
+ SillyIOMMU *s = g_new(SillyIOMMU, 1);
+ MemoryRegion *sysmem = get_system_memory();
+
+ s->mask = (0x1000 << (devfn >> 3)) - 1;
+ s->secret = (((devfn << 24) | 0x00aabbccdd) & ~s->mask) * (devfn >= 3 * 8);
+ memory_region_init_iommu(&s->l2, &silly_l2_iommu_ops, sysmem, "silly-l2", INT64_MAX);
+ memory_region_init_iommu(&s->l1, &silly_l1_iommu_ops, &s->l2, "silly-l1", INT64_MAX);
+ return &s->l1;
+}
+
+static void silly_iommu_del(MemoryRegion *l1)
+{
+ SillyIOMMU *s = container_of(l1, SillyIOMMU, l1);
+
+ memory_region_del_subregion(&s->l2, get_system_memory());
+ memory_region_del_subregion(&s->l1, &s->l2);
+ memory_region_destroy(&s->l2);
+ memory_region_destroy(&s->l1);
+ g_free(s);
+}
+
static PCIBus *i440fx_common_init(const char *device_name,
PCII440FXState **pi440fx_state,
int *piix3_devfn,
@@ -278,6 +351,7 @@ static PCIBus *i440fx_common_init(const char *device_name,
s->address_space = address_space_mem;
b = pci_bus_new(dev, NULL, pci_address_space,
address_space_io, 0);
+ pci_setup_iommu(b, silly_iommu_new, silly_iommu_del, NULL);
s->bus = b;
object_property_add_child(qdev_get_machine(), "i440fx", OBJECT(dev), NULL);
qdev_init_nofail(dev);
This iommu encrypts addresses on the device bus to avoid divuling information to hackers equipped with bus analyzers. Following 3DES, addresses are encrypted multiple times. A XOR cypher is employed for efficiency. Signed-off-by: Avi Kivity <avi@redhat.com> --- hw/piix_pci.c | 74 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 74 insertions(+)