From patchwork Mon Mar  2 16:58:24 2015
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Baptiste Reynal <b.reynal@virtualopensystems.com>
X-Patchwork-Id: 5915861
Return-Path: <kvm-owner@kernel.org>
X-Original-To: patchwork-kvm@patchwork.kernel.org
Delivered-To: patchwork-parsemail@patchwork1.web.kernel.org
Received: from mail.kernel.org (mail.kernel.org [198.145.29.136])
	by patchwork1.web.kernel.org (Postfix) with ESMTP id 2AF529F380
	for <patchwork-kvm@patchwork.kernel.org>;
	Mon,  2 Mar 2015 17:11:36 +0000 (UTC)
Received: from mail.kernel.org (localhost [127.0.0.1])
	by mail.kernel.org (Postfix) with ESMTP id 58427201EC
	for <patchwork-kvm@patchwork.kernel.org>;
	Mon,  2 Mar 2015 17:11:35 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.kernel.org (Postfix) with ESMTP id 7493E201FA
	for <patchwork-kvm@patchwork.kernel.org>;
	Mon,  2 Mar 2015 17:11:34 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1755707AbbCBQ7Y (ORCPT
	<rfc822;patchwork-kvm@patchwork.kernel.org>);
	Mon, 2 Mar 2015 11:59:24 -0500
Received: from mail-we0-f170.google.com ([74.125.82.170]:41542 "EHLO
	mail-we0-f170.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1755674AbbCBQ7U (ORCPT <rfc822; kvm@vger.kernel.org>);
	Mon, 2 Mar 2015 11:59:20 -0500
Received: by wevm14 with SMTP id m14so34599199wev.8
	for <kvm@vger.kernel.org>; Mon, 02 Mar 2015 08:59:19 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20130820;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references;
	bh=N9WDWdJcXN0Rr0V5hAimqaaBoYpRYQg60O5TcWkp/7Y=;
	b=G7DMfisFqVhThXnhguG89JvnDW9zzuERjkjuc90aovcXJfP1dmPc7Fh0YMk5nEbnLr
	R3CjY8FCxnQPOifGOqFrurKa5I/88LitgCBUnpXkRAV9KpS+CTz4Am4l2oZEjS2XOtEw
	1ffRxJ+0eTjQJ27OHrll7bmcBxuIPAk/U85EigcPFhIXPVyqnKJnRL7HhD0eedPKsmGi
	krtycVOGQ1gVVnQiKF5hWVlQpVbfyEG66O00OuvFQFntHqU8My8uO1U5xS9qTk46hJcD
	cZyRBc2NM+q05329kxFbfeFaA6VedLUztO9hmgjclPuiATFAQnP2NTOPRNgZBhhr1WMY
	DTEw==
X-Gm-Message-State: 
 ALoCoQlSaofRmGxsBbZsR5byczEHkTKoTTds1Gz2w9BnkyMo4lgZ3sGBZCovls6dpv33cPawuIMi
X-Received: by 10.194.108.162 with SMTP id hl2mr59136162wjb.81.1425315559480;
	Mon, 02 Mar 2015 08:59:19 -0800 (PST)
Received: from localhost (LPuteaux-656-1-278-113.w80-15.abo.wanadoo.fr.
	[80.15.154.113]) by mx.google.com with ESMTPSA id
	bf8sm20016755wjb.37.2015.03.02.08.59.18
	(version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Mon, 02 Mar 2015 08:59:18 -0800 (PST)
From: Baptiste Reynal <b.reynal@virtualopensystems.com>
To: iommu@lists.linux-foundation.org, kvmarm@lists.cs.columbia.edu
Cc: tech@virtualopensystems.com,
	Antonios Motakis <a.motakis@virtualopensystems.com>,
	Baptiste Reynal <b.reynal@virtualopensystems.com>,
	Alex Williamson <alex.williamson@redhat.com>,
	kvm@vger.kernel.org (open list:VFIO DRIVER),
	linux-api@vger.kernel.org (open list:ABI/API),
	linux-kernel@vger.kernel.org (open list)
Subject: [PATCH v4 2/5] vfio: introduce the VFIO_DMA_MAP_FLAG_NOEXEC flag
Date: Mon,  2 Mar 2015 17:58:24 +0100
Message-Id: 
 <1425315507-29661-3-git-send-email-b.reynal@virtualopensystems.com>
X-Mailer: git-send-email 2.3.1
In-Reply-To: 
 <1425315507-29661-1-git-send-email-b.reynal@virtualopensystems.com>
References: 
 <1425315507-29661-1-git-send-email-b.reynal@virtualopensystems.com>
Sender: kvm-owner@vger.kernel.org
Precedence: bulk
List-ID: <kvm.vger.kernel.org>
X-Mailing-List: kvm@vger.kernel.org
X-Spam-Status: No, score=-6.9 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_HI,
	T_RP_MATCHES_RCVD,
	UNPARSEABLE_RELAY autolearn=unavailable version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

From: Antonios Motakis <a.motakis@virtualopensystems.com>

We introduce the VFIO_DMA_MAP_FLAG_NOEXEC flag to the VFIO dma map call,
and expose its availability via the capability VFIO_DMA_NOEXEC_IOMMU.
This way the user can control whether the XN flag will be set on the
requested mappings. The IOMMU_NOEXEC flag needs to be available for all
the IOMMUs of the container used.

Signed-off-by: Antonios Motakis <a.motakis@virtualopensystems.com>
Signed-off-by: Baptiste Reynal <b.reynal@virtualopensystems.com>
---
 include/uapi/linux/vfio.h | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/include/uapi/linux/vfio.h b/include/uapi/linux/vfio.h
index 5fb3d46..30801a7 100644
--- a/include/uapi/linux/vfio.h
+++ b/include/uapi/linux/vfio.h
@@ -31,6 +31,7 @@ enum vfio_iommu_cap {
 					   (ex. PCIe NoSnoop stripping) */
 	VFIO_EEH = 5,			/* Check if EEH is supported */
 	VFIO_TYPE1_NESTING_IOMMU = 6,	/* Two-stage IOMMU, implies v2  */
+	VFIO_DMA_NOEXEC_IOMMU = 7,
 };
 
 
@@ -397,12 +398,17 @@ struct vfio_iommu_type1_info {
  *
  * Map process virtual addresses to IO virtual addresses using the
  * provided struct vfio_dma_map. Caller sets argsz. READ &/ WRITE required.
+ *
+ * To use the VFIO_DMA_MAP_FLAG_NOEXEC flag, the container must support the
+ * VFIO_DMA_NOEXEC_IOMMU capability. If mappings are created using this flag,
+ * any groups subsequently added to the container must support this capability.
  */
 struct vfio_iommu_type1_dma_map {
 	__u32	argsz;
 	__u32	flags;
 #define VFIO_DMA_MAP_FLAG_READ (1 << 0)		/* readable from device */
 #define VFIO_DMA_MAP_FLAG_WRITE (1 << 1)	/* writable from device */
+#define VFIO_DMA_MAP_FLAG_NOEXEC (1 << 2)	/* not executable from device */
 	__u64	vaddr;				/* Process virtual address */
 	__u64	iova;				/* IO virtual address */
 	__u64	size;				/* Size of mapping (bytes) */