From patchwork Tue Dec 19 18:11:27 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Maxime Coquelin X-Patchwork-Id: 850989 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=nongnu.org (client-ip=2001:4830:134:3::11; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=) Received: from lists.gnu.org (lists.gnu.org [IPv6:2001:4830:134:3::11]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3z1Qy62Z08z9s72 for ; Wed, 20 Dec 2017 05:13:33 +1100 (AEDT) Received: from localhost ([::1]:58137 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1eRMOQ-0007cU-PB for incoming@patchwork.ozlabs.org; Tue, 19 Dec 2017 13:13:30 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:40339) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1eRMNu-0007cB-09 for qemu-devel@nongnu.org; Tue, 19 Dec 2017 13:12:59 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1eRMNs-00056s-JD for qemu-devel@nongnu.org; Tue, 19 Dec 2017 13:12:57 -0500 Received: from mx1.redhat.com ([209.132.183.28]:34954) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1eRMNs-000564-Ch for qemu-devel@nongnu.org; Tue, 19 Dec 2017 13:12:56 -0500 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 87D34356EF for ; Tue, 19 Dec 2017 18:12:55 +0000 (UTC) Received: from localhost.localdomain (ovpn-112-46.ams2.redhat.com [10.36.112.46]) by smtp.corp.redhat.com (Postfix) with ESMTP id A95765278A; Tue, 19 Dec 2017 18:12:52 +0000 (UTC) From: Maxime Coquelin To: qemu-devel@nongnu.org, stefanha@redhat.com, mst@redhat.com Date: Tue, 19 Dec 2017 19:11:27 +0100 Message-Id: <20171219181129.24189-2-maxime.coquelin@redhat.com> In-Reply-To: <20171219181129.24189-1-maxime.coquelin@redhat.com> References: <20171219181129.24189-1-maxime.coquelin@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.30]); Tue, 19 Dec 2017 18:12:55 +0000 (UTC) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PATCH 1/3] vhost-user: rename VhostUserMemory userspace_addr field to user_addr X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Maxime Coquelin , mlureau@redhat.com Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: "Qemu-devel" The Vhost-user specification does not specify the user address should be a valid address within master process address space. Let's name it user_addr to comply with the specification. Cc: Stefan Hajnoczi Cc: Michael S. Tsirkin Signed-off-by: Maxime Coquelin --- hw/virtio/vhost-user.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hw/virtio/vhost-user.c b/hw/virtio/vhost-user.c index 093675ed98..43b342a65b 100644 --- a/hw/virtio/vhost-user.c +++ b/hw/virtio/vhost-user.c @@ -77,7 +77,7 @@ typedef enum VhostUserSlaveRequest { typedef struct VhostUserMemoryRegion { uint64_t guest_phys_addr; uint64_t memory_size; - uint64_t userspace_addr; + uint64_t user_addr; uint64_t mmap_offset; } VhostUserMemoryRegion; @@ -317,7 +317,7 @@ static int vhost_user_set_mem_table(struct vhost_dev *dev, &offset); fd = memory_region_get_fd(mr); if (fd > 0) { - msg.payload.memory.regions[fd_num].userspace_addr = reg->userspace_addr; + msg.payload.memory.regions[fd_num].user_addr = reg->userspace_addr; msg.payload.memory.regions[fd_num].memory_size = reg->memory_size; msg.payload.memory.regions[fd_num].guest_phys_addr = reg->guest_phys_addr; msg.payload.memory.regions[fd_num].mmap_offset = offset; From patchwork Tue Dec 19 18:11:28 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Maxime Coquelin X-Patchwork-Id: 850993 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=nongnu.org (client-ip=2001:4830:134:3::11; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=) Received: from lists.gnu.org (lists.gnu.org [IPv6:2001:4830:134:3::11]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3z1R0S4Kb8z9t2f for ; Wed, 20 Dec 2017 05:15:36 +1100 (AEDT) Received: from localhost ([::1]:58186 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1eRMQQ-00010t-J6 for incoming@patchwork.ozlabs.org; Tue, 19 Dec 2017 13:15:34 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:40427) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1eRMNy-0007ee-9r for qemu-devel@nongnu.org; Tue, 19 Dec 2017 13:13:03 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1eRMNx-0005BY-1g for qemu-devel@nongnu.org; Tue, 19 Dec 2017 13:13:02 -0500 Received: from mx1.redhat.com ([209.132.183.28]:27617) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1eRMNw-0005AW-Q3 for qemu-devel@nongnu.org; Tue, 19 Dec 2017 13:13:00 -0500 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 0A5807E427 for ; Tue, 19 Dec 2017 18:13:00 +0000 (UTC) Received: from localhost.localdomain (ovpn-112-46.ams2.redhat.com [10.36.112.46]) by smtp.corp.redhat.com (Postfix) with ESMTP id 0295E1B480; Tue, 19 Dec 2017 18:12:55 +0000 (UTC) From: Maxime Coquelin To: qemu-devel@nongnu.org, stefanha@redhat.com, mst@redhat.com Date: Tue, 19 Dec 2017 19:11:28 +0100 Message-Id: <20171219181129.24189-3-maxime.coquelin@redhat.com> In-Reply-To: <20171219181129.24189-1-maxime.coquelin@redhat.com> References: <20171219181129.24189-1-maxime.coquelin@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.27]); Tue, 19 Dec 2017 18:13:00 +0000 (UTC) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PATCH 2/3] vhost: introduce backend's user address type X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Maxime Coquelin , mlureau@redhat.com Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: "Qemu-devel" User backends don't need to know about QEMU virtual addresses. It is possible to use guest physical addresses as user addresses without user backends changes. This patch introduces a new enum in VhostOps to specify whether the backend expects the user addresses to be host virtual or guest physical. This patch makes possible for the backend driver to select whether it wants to use host virtual or guest physical addresses as user addresses. No behavioral changes in this patch for the backensds, as both backend types still use host virtual addresses. Cc: Stefan Hajnoczi Cc: Michael S. Tsirkin Signed-off-by: Maxime Coquelin --- hw/virtio/vhost-backend.c | 1 + hw/virtio/vhost-user.c | 1 + hw/virtio/vhost.c | 16 ++++++++++++---- include/hw/virtio/vhost-backend.h | 6 ++++++ 4 files changed, 20 insertions(+), 4 deletions(-) diff --git a/hw/virtio/vhost-backend.c b/hw/virtio/vhost-backend.c index 7f09efab8b..dc53f91d59 100644 --- a/hw/virtio/vhost-backend.c +++ b/hw/virtio/vhost-backend.c @@ -235,6 +235,7 @@ static void vhost_kernel_set_iotlb_callback(struct vhost_dev *dev, static const VhostOps kernel_ops = { .backend_type = VHOST_BACKEND_TYPE_KERNEL, + .uaddr_type = VHOST_UADDR_TYPE_HVA, .vhost_backend_init = vhost_kernel_init, .vhost_backend_cleanup = vhost_kernel_cleanup, .vhost_backend_memslots_limit = vhost_kernel_memslots_limit, diff --git a/hw/virtio/vhost-user.c b/hw/virtio/vhost-user.c index 43b342a65b..5ebeb8401b 100644 --- a/hw/virtio/vhost-user.c +++ b/hw/virtio/vhost-user.c @@ -924,6 +924,7 @@ static void vhost_user_set_iotlb_callback(struct vhost_dev *dev, int enabled) const VhostOps user_ops = { .backend_type = VHOST_BACKEND_TYPE_USER, + .uaddr_type = VHOST_UADDR_TYPE_HVA, .vhost_backend_init = vhost_user_init, .vhost_backend_cleanup = vhost_user_cleanup, .vhost_backend_memslots_limit = vhost_user_memslots_limit, diff --git a/hw/virtio/vhost.c b/hw/virtio/vhost.c index e4290ce93d..300e307284 100644 --- a/hw/virtio/vhost.c +++ b/hw/virtio/vhost.c @@ -433,7 +433,8 @@ static int vhost_dev_has_iommu(struct vhost_dev *dev) static void *vhost_memory_map(struct vhost_dev *dev, hwaddr addr, hwaddr *plen, int is_write) { - if (!vhost_dev_has_iommu(dev)) { + if (dev->vhost_ops->uaddr_type == VHOST_UADDR_TYPE_HVA && + !vhost_dev_has_iommu(dev)) { return cpu_physical_memory_map(addr, plen, is_write); } else { return (void *)(uintptr_t)addr; @@ -444,7 +445,8 @@ static void vhost_memory_unmap(struct vhost_dev *dev, void *buffer, hwaddr len, int is_write, hwaddr access_len) { - if (!vhost_dev_has_iommu(dev)) { + if (dev->vhost_ops->uaddr_type == VHOST_UADDR_TYPE_HVA && + !vhost_dev_has_iommu(dev)) { cpu_physical_memory_unmap(buffer, len, is_write, access_len); } } @@ -975,7 +977,7 @@ static int vhost_memory_region_lookup(struct vhost_dev *hdev, int vhost_device_iotlb_miss(struct vhost_dev *dev, uint64_t iova, int write) { IOMMUTLBEntry iotlb; - uint64_t uaddr, len; + uint64_t userspace_addr, uaddr, len; int ret = -EFAULT; rcu_read_lock(); @@ -984,7 +986,7 @@ int vhost_device_iotlb_miss(struct vhost_dev *dev, uint64_t iova, int write) iova, write); if (iotlb.target_as != NULL) { ret = vhost_memory_region_lookup(dev, iotlb.translated_addr, - &uaddr, &len); + &userspace_addr, &len); if (ret) { error_report("Fail to lookup the translated address " "%"PRIx64, iotlb.translated_addr); @@ -994,6 +996,12 @@ int vhost_device_iotlb_miss(struct vhost_dev *dev, uint64_t iova, int write) len = MIN(iotlb.addr_mask + 1, len); iova = iova & ~iotlb.addr_mask; + if (dev->vhost_ops->uaddr_type == VHOST_UADDR_TYPE_GPA) { + uaddr = iotlb.translated_addr; + } else { + uaddr = userspace_addr; + } + ret = vhost_backend_update_device_iotlb(dev, iova, uaddr, len, iotlb.perm); if (ret) { diff --git a/include/hw/virtio/vhost-backend.h b/include/hw/virtio/vhost-backend.h index a7a5f22bc6..51c1c08c7a 100644 --- a/include/hw/virtio/vhost-backend.h +++ b/include/hw/virtio/vhost-backend.h @@ -20,6 +20,11 @@ typedef enum VhostBackendType { VHOST_BACKEND_TYPE_MAX = 3, } VhostBackendType; +typedef enum VhostUaddrType { + VHOST_UADDR_TYPE_HVA = 0, + VHOST_UADDR_TYPE_GPA = 1, +} VhostUaddrType; + struct vhost_dev; struct vhost_log; struct vhost_memory; @@ -87,6 +92,7 @@ typedef int (*vhost_send_device_iotlb_msg_op)(struct vhost_dev *dev, typedef struct VhostOps { VhostBackendType backend_type; + VhostUaddrType uaddr_type; vhost_backend_init vhost_backend_init; vhost_backend_cleanup vhost_backend_cleanup; vhost_backend_memslots_limit vhost_backend_memslots_limit; From patchwork Tue Dec 19 18:11:29 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Maxime Coquelin X-Patchwork-Id: 850991 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=nongnu.org (client-ip=2001:4830:134:3::11; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=) Received: from lists.gnu.org (lists.gnu.org [IPv6:2001:4830:134:3::11]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3z1QyP6nfSz9s72 for ; Wed, 20 Dec 2017 05:13:49 +1100 (AEDT) Received: from localhost ([::1]:58142 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1eRMOh-0007lz-WB for incoming@patchwork.ozlabs.org; Tue, 19 Dec 2017 13:13:48 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:40477) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1eRMO5-0007kA-KV for qemu-devel@nongnu.org; Tue, 19 Dec 2017 13:13:10 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1eRMO0-0005F9-SR for qemu-devel@nongnu.org; Tue, 19 Dec 2017 13:13:09 -0500 Received: from mx1.redhat.com ([209.132.183.28]:51750) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1eRMO0-0005EV-Lw for qemu-devel@nongnu.org; Tue, 19 Dec 2017 13:13:04 -0500 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id E59665D5EB for ; Tue, 19 Dec 2017 18:13:03 +0000 (UTC) Received: from localhost.localdomain (ovpn-112-46.ams2.redhat.com [10.36.112.46]) by smtp.corp.redhat.com (Postfix) with ESMTP id 5EEDE87940; Tue, 19 Dec 2017 18:13:00 +0000 (UTC) From: Maxime Coquelin To: qemu-devel@nongnu.org, stefanha@redhat.com, mst@redhat.com Date: Tue, 19 Dec 2017 19:11:29 +0100 Message-Id: <20171219181129.24189-4-maxime.coquelin@redhat.com> In-Reply-To: <20171219181129.24189-1-maxime.coquelin@redhat.com> References: <20171219181129.24189-1-maxime.coquelin@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.39]); Tue, 19 Dec 2017 18:13:03 +0000 (UTC) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PATCH 3/3] vhost-user: no more leak QEMU virtual addresses to user backend X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Maxime Coquelin , mlureau@redhat.com Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: "Qemu-devel" The user backends use user address from VHOST_USER_SET_MEM_TABLE to be able to handle VHOST_USER_SET_VRING_ADDR and VHOST_USER_IOTLB_MSG payloads. Now that Vhost code supports the use of Guest physical addresses instead of QEMU process virtual addresses, let's do the switch to avoid leaking QEMU process VAs to the user backend. Cc: Stefan Hajnoczi Cc: Michael S. Tsirkin Signed-off-by: Maxime Coquelin --- hw/virtio/vhost-user.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/hw/virtio/vhost-user.c b/hw/virtio/vhost-user.c index 5ebeb8401b..e783d88afe 100644 --- a/hw/virtio/vhost-user.c +++ b/hw/virtio/vhost-user.c @@ -317,7 +317,8 @@ static int vhost_user_set_mem_table(struct vhost_dev *dev, &offset); fd = memory_region_get_fd(mr); if (fd > 0) { - msg.payload.memory.regions[fd_num].user_addr = reg->userspace_addr; + /* Use GPA as user address not to leak QEMU VAs to the backend */ + msg.payload.memory.regions[fd_num].user_addr = reg->guest_phys_addr; msg.payload.memory.regions[fd_num].memory_size = reg->memory_size; msg.payload.memory.regions[fd_num].guest_phys_addr = reg->guest_phys_addr; msg.payload.memory.regions[fd_num].mmap_offset = offset; @@ -924,7 +925,7 @@ static void vhost_user_set_iotlb_callback(struct vhost_dev *dev, int enabled) const VhostOps user_ops = { .backend_type = VHOST_BACKEND_TYPE_USER, - .uaddr_type = VHOST_UADDR_TYPE_HVA, + .uaddr_type = VHOST_UADDR_TYPE_GPA, .vhost_backend_init = vhost_user_init, .vhost_backend_cleanup = vhost_user_cleanup, .vhost_backend_memslots_limit = vhost_user_memslots_limit,