| Message ID | 1351597670-23031-8-git-send-email-avi@redhat.com |
|---|---|
| State | New |
| Headers | show |
On Tue, Oct 30, 2012 at 11:47 AM, Avi Kivity <avi@redhat.com> wrote: > This iommu encrypts addresses on the device bus to avoid divuling information > to hackers equipped with bus analyzers. Following 3DES, addresses are encrypted > multiple times. A XOR cypher is employed for efficiency. If this is not useful as a test device or other purposes, I'd drop it. > > Signed-off-by: Avi Kivity <avi@redhat.com> > --- > hw/piix_pci.c | 77 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ > 1 file changed, 77 insertions(+) > > diff --git a/hw/piix_pci.c b/hw/piix_pci.c > index 9af5847..99601f4 100644 > --- a/hw/piix_pci.c > +++ b/hw/piix_pci.c > @@ -30,6 +30,7 @@ > #include "sysbus.h" > #include "range.h" > #include "xen.h" > +#include "exec-memory.h" > > /* > * I440FX chipset data sheet. > @@ -248,6 +249,81 @@ static int i440fx_initfn(PCIDevice *dev) > return 0; > } > > +typedef struct SillyIOMMU SillyIOMMU; > + > +struct SillyIOMMU { > + MemoryRegion fault; > + MemoryRegion l1; > + MemoryRegion l2; > + hwaddr mask; > + hwaddr secret; > +}; > + > +static IOMMUTLBEntry silly_l1_translate(MemoryRegion *l1, hwaddr addr) > +{ > + SillyIOMMU *s = container_of(l1, SillyIOMMU, l1); > + hwaddr xlat = addr ^ s->secret; > + > + printf("l1: %" HWADDR_PRIx " -> %" HWADDR_PRIx "\n", addr, xlat); > + > + return (IOMMUTLBEntry) { > + .device_addr = addr & ~s->mask, > + .translated_addr = xlat & ~s->mask, > + .addr_mask = s->mask, > + .perm = { true, true }, > + }; > +} > + > +static MemoryRegionIOMMUOps silly_l1_iommu_ops = { > + .translate = silly_l1_translate, > +}; > + > +static IOMMUTLBEntry silly_l2_translate(MemoryRegion *l2, hwaddr addr) > +{ > + SillyIOMMU *s = container_of(l2, SillyIOMMU, l2); > + hwaddr xlat = addr ^ s->secret; > + > + printf("l2: %" HWADDR_PRIx " -> %" HWADDR_PRIx "\n", addr, xlat); > + > + return (IOMMUTLBEntry) { > + .device_addr = addr & ~s->mask, > + .translated_addr = xlat & ~s->mask, > + .addr_mask = s->mask, > + .perm = { true, true }, > + }; > +} > + > +static MemoryRegionIOMMUOps silly_l2_iommu_ops = { > + .translate = silly_l2_translate, > +}; > + > +static MemoryRegion *silly_iommu_new(PCIBus *bus, void *opaque, int devfn) > +{ > + SillyIOMMU *s = g_new(SillyIOMMU, 1); > + MemoryRegion *sysmem = get_system_memory(); > + > + s->mask = (0x1000 << (devfn >> 3)) - 1; > + s->secret = ((devfn << 24) | 0x00aabbccdd) & ~s->mask; > + memory_region_init(&s->fault, "silly-fault", INT64_MAX); > + memory_region_init_iommu(&s->l2, &silly_l2_iommu_ops, sysmem, &s->fault, > + "silly-l2", INT64_MAX); > + memory_region_init_iommu(&s->l1, &silly_l1_iommu_ops, &s->l2, &s->fault, > + "silly-l1", INT64_MAX); > + return &s->l1; > +} > + > +static void silly_iommu_del(MemoryRegion *l1) > +{ > + SillyIOMMU *s = container_of(l1, SillyIOMMU, l1); > + > + memory_region_del_subregion(&s->l2, get_system_memory()); > + memory_region_del_subregion(&s->l1, &s->l2); > + memory_region_destroy(&s->l2); > + memory_region_destroy(&s->l1); > + memory_region_destroy(&s->fault); > + g_free(s); > +} > + > static PCIBus *i440fx_common_init(const char *device_name, > PCII440FXState **pi440fx_state, > int *piix3_devfn, > @@ -275,6 +351,7 @@ static PCIBus *i440fx_common_init(const char *device_name, > s->address_space = address_space_mem; > b = pci_bus_new(dev, NULL, pci_address_space, > address_space_io, 0); > + pci_setup_iommu(b, silly_iommu_new, silly_iommu_del, NULL); > s->bus = b; > object_property_add_child(qdev_get_machine(), "i440fx", OBJECT(dev), NULL); > qdev_init_nofail(dev); > -- > 1.7.12 >
On 10/30/2012 09:18 PM, Blue Swirl wrote: > On Tue, Oct 30, 2012 at 11:47 AM, Avi Kivity <avi@redhat.com> wrote: >> This iommu encrypts addresses on the device bus to avoid divuling information >> to hackers equipped with bus analyzers. Following 3DES, addresses are encrypted >> multiple times. A XOR cypher is employed for efficiency. > > If this is not useful as a test device or other purposes, I'd drop it. It's just for demonstrating the API. I won't propose it for merging.
diff --git a/hw/piix_pci.c b/hw/piix_pci.c index 9af5847..99601f4 100644 --- a/hw/piix_pci.c +++ b/hw/piix_pci.c @@ -30,6 +30,7 @@ #include "sysbus.h" #include "range.h" #include "xen.h" +#include "exec-memory.h" /* * I440FX chipset data sheet. @@ -248,6 +249,81 @@ static int i440fx_initfn(PCIDevice *dev) return 0; } +typedef struct SillyIOMMU SillyIOMMU; + +struct SillyIOMMU { + MemoryRegion fault; + MemoryRegion l1; + MemoryRegion l2; + hwaddr mask; + hwaddr secret; +}; + +static IOMMUTLBEntry silly_l1_translate(MemoryRegion *l1, hwaddr addr) +{ + SillyIOMMU *s = container_of(l1, SillyIOMMU, l1); + hwaddr xlat = addr ^ s->secret; + + printf("l1: %" HWADDR_PRIx " -> %" HWADDR_PRIx "\n", addr, xlat); + + return (IOMMUTLBEntry) { + .device_addr = addr & ~s->mask, + .translated_addr = xlat & ~s->mask, + .addr_mask = s->mask, + .perm = { true, true }, + }; +} + +static MemoryRegionIOMMUOps silly_l1_iommu_ops = { + .translate = silly_l1_translate, +}; + +static IOMMUTLBEntry silly_l2_translate(MemoryRegion *l2, hwaddr addr) +{ + SillyIOMMU *s = container_of(l2, SillyIOMMU, l2); + hwaddr xlat = addr ^ s->secret; + + printf("l2: %" HWADDR_PRIx " -> %" HWADDR_PRIx "\n", addr, xlat); + + return (IOMMUTLBEntry) { + .device_addr = addr & ~s->mask, + .translated_addr = xlat & ~s->mask, + .addr_mask = s->mask, + .perm = { true, true }, + }; +} + +static MemoryRegionIOMMUOps silly_l2_iommu_ops = { + .translate = silly_l2_translate, +}; + +static MemoryRegion *silly_iommu_new(PCIBus *bus, void *opaque, int devfn) +{ + SillyIOMMU *s = g_new(SillyIOMMU, 1); + MemoryRegion *sysmem = get_system_memory(); + + s->mask = (0x1000 << (devfn >> 3)) - 1; + s->secret = ((devfn << 24) | 0x00aabbccdd) & ~s->mask; + memory_region_init(&s->fault, "silly-fault", INT64_MAX); + memory_region_init_iommu(&s->l2, &silly_l2_iommu_ops, sysmem, &s->fault, + "silly-l2", INT64_MAX); + memory_region_init_iommu(&s->l1, &silly_l1_iommu_ops, &s->l2, &s->fault, + "silly-l1", INT64_MAX); + return &s->l1; +} + +static void silly_iommu_del(MemoryRegion *l1) +{ + SillyIOMMU *s = container_of(l1, SillyIOMMU, l1); + + memory_region_del_subregion(&s->l2, get_system_memory()); + memory_region_del_subregion(&s->l1, &s->l2); + memory_region_destroy(&s->l2); + memory_region_destroy(&s->l1); + memory_region_destroy(&s->fault); + g_free(s); +} + static PCIBus *i440fx_common_init(const char *device_name, PCII440FXState **pi440fx_state, int *piix3_devfn, @@ -275,6 +351,7 @@ static PCIBus *i440fx_common_init(const char *device_name, s->address_space = address_space_mem; b = pci_bus_new(dev, NULL, pci_address_space, address_space_io, 0); + pci_setup_iommu(b, silly_iommu_new, silly_iommu_del, NULL); s->bus = b; object_property_add_child(qdev_get_machine(), "i440fx", OBJECT(dev), NULL); qdev_init_nofail(dev);
This iommu encrypts addresses on the device bus to avoid divuling information to hackers equipped with bus analyzers. Following 3DES, addresses are encrypted multiple times. A XOR cypher is employed for efficiency. Signed-off-by: Avi Kivity <avi@redhat.com> --- hw/piix_pci.c | 77 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 77 insertions(+)