The permission of TCE entry should exclude physical base address.
Otherwise, unmapping TCE entry can be interpreted to mapping TCE
entry wrongly for VFIO devices.
Signed-off-by: Gavin Shan <gws...@linux.vnet.ibm.com>
---
hw/misc/vfio.c | 2 +-
hw/ppc/spapr_iommu.c | 4 ++--
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/hw/misc/vfio.c b/hw/misc/vfio.c
index f9426ef..75ccceb 100644
--- a/hw/misc/vfio.c
+++ b/hw/misc/vfio.c
@@ -2316,7 +2316,7 @@ static void vfio_iommu_map_notify(Notifier *n, void *data)
return;
}
- if (iotlb->perm != IOMMU_NONE) {
+ if ((iotlb->perm & IOMMU_RW) != IOMMU_NONE) {
vaddr = memory_region_get_ram_ptr(mr) + xlat;
ret = vfio_dma_map(container, iotlb->iova,
diff --git a/hw/ppc/spapr_iommu.c b/hw/ppc/spapr_iommu.c
index e603ac1..e223374 100644
--- a/hw/ppc/spapr_iommu.c
+++ b/hw/ppc/spapr_iommu.c
@@ -81,7 +81,7 @@ static IOMMUTLBEntry spapr_tce_translate_iommu(MemoryRegion
*iommu, hwaddr addr)
ret.iova = addr & page_mask;
ret.translated_addr = tce & page_mask;
ret.addr_mask = ~page_mask;
- ret.perm = tce;
+ ret.perm = tce & IOMMU_RW;
}
trace_spapr_iommu_xlate(tcet->liobn, addr, ret.iova, ret.perm,
ret.addr_mask);
@@ -225,7 +225,7 @@ static target_ulong put_tce_emu(sPAPRTCETable *tcet,
target_ulong ioba,
entry.iova = ioba & page_mask;
entry.translated_addr = tce & page_mask;
entry.addr_mask = ~page_mask;
- entry.perm = tce;
+ entry.perm = tce & IOMMU_RW;
memory_region_notify_iommu(&tcet->iommu, entry);
return H_SUCCESS;
--
1.8.3.2
