From: Leon Romanovsky <leon@kernel.org>
To: "Bjorn Helgaas" <bhelgaas@google.com>,
"Logan Gunthorpe" <logang@deltatee.com>,
"Jens Axboe" <axboe@kernel.dk>,
"Robin Murphy" <robin.murphy@arm.com>,
"Joerg Roedel" <joro@8bytes.org>, "Will Deacon" <will@kernel.org>,
"Marek Szyprowski" <m.szyprowski@samsung.com>,
"Jason Gunthorpe" <jgg@ziepe.ca>,
"Leon Romanovsky" <leon@kernel.org>,
"Andrew Morton" <akpm@linux-foundation.org>,
"Jonathan Corbet" <corbet@lwn.net>,
"Sumit Semwal" <sumit.semwal@linaro.org>,
"Christian König" <christian.koenig@amd.com>,
"Kees Cook" <kees@kernel.org>,
"Gustavo A. R. Silva" <gustavoars@kernel.org>,
"Ankit Agrawal" <ankita@nvidia.com>,
"Yishai Hadas" <yishaih@nvidia.com>,
"Shameer Kolothum" <skolothumtho@nvidia.com>,
"Kevin Tian" <kevin.tian@intel.com>,
"Alex Williamson" <alex@shazbot.org>
Cc: Krishnakant Jaju <kjaju@nvidia.com>, Matt Ochs <mochs@nvidia.com>,
linux-pci@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-block@vger.kernel.org, iommu@lists.linux.dev,
linux-mm@kvack.org, linux-doc@vger.kernel.org,
linux-media@vger.kernel.org, dri-devel@lists.freedesktop.org,
linaro-mm-sig@lists.linaro.org, kvm@vger.kernel.org,
linux-hardening@vger.kernel.org, Alex Mastro <amastro@fb.com>,
Nicolin Chen <nicolinc@nvidia.com>
Subject: [PATCH v8 09/11] vfio/pci: Enable peer-to-peer DMA transactions by default
Date: Tue, 11 Nov 2025 11:57:51 +0200 [thread overview]
Message-ID: <20251111-dmabuf-vfio-v8-9-fd9aa5df478f@nvidia.com> (raw)
In-Reply-To: <20251111-dmabuf-vfio-v8-0-fd9aa5df478f@nvidia.com>
From: Leon Romanovsky <leonro@nvidia.com>
Make sure that all VFIO PCI devices have peer-to-peer capabilities
enables, so we would be able to export their MMIO memory through DMABUF,
VFIO has always supported P2P mappings with itself. VFIO type 1
insecurely reads PFNs directly out of a VMA's PTEs and programs them
into the IOMMU allowing any two VFIO devices to perform P2P to each
other.
All existing VMMs use this capability to export P2P into a VM where
the VM could setup any kind of DMA it likes. Projects like DPDK/SPDK
are also known to make use of this, though less frequently.
As a first step to more properly integrating VFIO with the P2P
subsystem unconditionally enable P2P support for VFIO PCI devices. The
struct p2pdma_provider will act has a handle to the P2P subsystem to
do things like DMA mapping.
While real PCI devices have to support P2P (they can't even tell if an
IOVA is P2P or not) there may be fake PCI devices that may trigger
some kind of catastrophic system failure. To date VFIO has never
tripped up on such a case, but if one is discovered the plan is to add
a PCI quirk and have pcim_p2pdma_init() fail. This will fully block
the broken device throughout any users of the P2P subsystem in the
kernel.
Thus P2P through DMABUF will follow the historical VFIO model and be
unconditionally enabled by vfio-pci.
Tested-by: Alex Mastro <amastro@fb.com>
Tested-by: Nicolin Chen <nicolinc@nvidia.com>
Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
---
drivers/vfio/pci/vfio_pci_core.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/drivers/vfio/pci/vfio_pci_core.c b/drivers/vfio/pci/vfio_pci_core.c
index ca9a95716a85..142b84b3f225 100644
--- a/drivers/vfio/pci/vfio_pci_core.c
+++ b/drivers/vfio/pci/vfio_pci_core.c
@@ -28,6 +28,7 @@
#include <linux/nospec.h>
#include <linux/sched/mm.h>
#include <linux/iommufd.h>
+#include <linux/pci-p2pdma.h>
#if IS_ENABLED(CONFIG_EEH)
#include <asm/eeh.h>
#endif
@@ -2081,6 +2082,7 @@ int vfio_pci_core_init_dev(struct vfio_device *core_vdev)
{
struct vfio_pci_core_device *vdev =
container_of(core_vdev, struct vfio_pci_core_device, vdev);
+ int ret;
vdev->pdev = to_pci_dev(core_vdev->dev);
vdev->irq_type = VFIO_PCI_NUM_IRQS;
@@ -2090,6 +2092,9 @@ int vfio_pci_core_init_dev(struct vfio_device *core_vdev)
INIT_LIST_HEAD(&vdev->dummy_resources_list);
INIT_LIST_HEAD(&vdev->ioeventfds_list);
INIT_LIST_HEAD(&vdev->sriov_pfs_item);
+ ret = pcim_p2pdma_init(vdev->pdev);
+ if (ret && ret != -EOPNOTSUPP)
+ return ret;
init_rwsem(&vdev->memory_lock);
xa_init(&vdev->ctx);
--
2.51.1
next prev parent reply other threads:[~2025-11-11 9:58 UTC|newest]
Thread overview: 63+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-11-11 9:57 [PATCH v8 00/11] vfio/pci: Allow MMIO regions to be exported through dma-buf Leon Romanovsky
2025-11-11 9:57 ` [PATCH v8 01/11] PCI/P2PDMA: Separate the mmap() support from the core logic Leon Romanovsky
2025-11-11 9:57 ` [PATCH v8 02/11] PCI/P2PDMA: Simplify bus address mapping API Leon Romanovsky
2025-11-11 9:57 ` [PATCH v8 03/11] PCI/P2PDMA: Refactor to separate core P2P functionality from memory allocation Leon Romanovsky
2025-11-11 9:57 ` [PATCH v8 04/11] PCI/P2PDMA: Provide an access to pci_p2pdma_map_type() function Leon Romanovsky
2025-11-11 9:57 ` [PATCH v8 05/11] PCI/P2PDMA: Document DMABUF model Leon Romanovsky
2025-11-19 9:18 ` Christian König
2025-11-19 13:13 ` Leon Romanovsky
2025-11-19 13:35 ` Jason Gunthorpe
2025-11-19 14:06 ` Christian König
2025-11-19 19:45 ` Jason Gunthorpe
2025-11-19 20:45 ` Leon Romanovsky
2025-11-11 9:57 ` [PATCH v8 06/11] dma-buf: provide phys_vec to scatter-gather mapping routine Leon Romanovsky
2025-11-18 23:02 ` Jason Gunthorpe
2025-11-19 0:06 ` Nicolin Chen
2025-11-19 13:32 ` Leon Romanovsky
2025-11-19 5:54 ` Tian, Kevin
2025-11-19 13:30 ` Leon Romanovsky
2025-11-19 13:37 ` Jason Gunthorpe
2025-11-19 13:45 ` Leon Romanovsky
2025-11-19 13:16 ` [Linaro-mm-sig] " Christian König
2025-11-19 13:25 ` Jason Gunthorpe
2025-11-19 13:42 ` Christian König
2025-11-19 13:48 ` Leon Romanovsky
2025-11-19 19:31 ` Jason Gunthorpe
2025-11-19 20:54 ` Leon Romanovsky
2025-11-20 7:08 ` Christian König
2025-11-20 7:41 ` Leon Romanovsky
2025-11-20 7:54 ` Christian König
2025-11-20 8:06 ` Leon Romanovsky
2025-11-20 8:32 ` Christian König
2025-11-20 8:42 ` Leon Romanovsky
2025-11-20 13:20 ` Jason Gunthorpe
2025-11-19 13:42 ` Leon Romanovsky
2025-11-19 14:11 ` Christian König
2025-11-19 14:50 ` Leon Romanovsky
2025-11-19 14:53 ` Christian König
2025-11-19 15:41 ` Leon Romanovsky
2025-11-19 16:33 ` Leon Romanovsky
2025-11-20 7:03 ` Christian König
2025-11-20 7:38 ` Leon Romanovsky
2025-11-19 19:36 ` Jason Gunthorpe
2025-11-11 9:57 ` [PATCH v8 07/11] vfio: Export vfio device get and put registration helpers Leon Romanovsky
2025-11-18 7:10 ` Tian, Kevin
2025-11-11 9:57 ` [PATCH v8 08/11] vfio/pci: Share the core device pointer while invoking feature functions Leon Romanovsky
2025-11-18 7:11 ` Tian, Kevin
2025-11-11 9:57 ` Leon Romanovsky [this message]
2025-11-18 7:18 ` [PATCH v8 09/11] vfio/pci: Enable peer-to-peer DMA transactions by default Tian, Kevin
2025-11-18 20:10 ` Alex Williamson
2025-11-19 0:01 ` Tian, Kevin
2025-11-18 20:18 ` Keith Busch
2025-11-19 0:02 ` Tian, Kevin
2025-11-19 13:54 ` Leon Romanovsky
2025-11-11 9:57 ` [PATCH v8 10/11] vfio/pci: Add dma-buf export support for MMIO regions Leon Romanovsky
2025-11-18 7:33 ` Tian, Kevin
2025-11-18 14:28 ` Jason Gunthorpe
2025-11-18 23:56 ` Tian, Kevin
2025-11-19 19:41 ` Jason Gunthorpe
2025-11-19 20:50 ` Leon Romanovsky
2025-11-11 9:57 ` [PATCH v8 11/11] vfio/nvgrace: Support get_dmabuf_phys Leon Romanovsky
2025-11-18 7:34 ` Tian, Kevin
2025-11-18 7:59 ` Ankit Agrawal
2025-11-18 14:30 ` Jason Gunthorpe
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20251111-dmabuf-vfio-v8-9-fd9aa5df478f@nvidia.com \
--to=leon@kernel.org \
--cc=akpm@linux-foundation.org \
--cc=alex@shazbot.org \
--cc=amastro@fb.com \
--cc=ankita@nvidia.com \
--cc=axboe@kernel.dk \
--cc=bhelgaas@google.com \
--cc=christian.koenig@amd.com \
--cc=corbet@lwn.net \
--cc=dri-devel@lists.freedesktop.org \
--cc=gustavoars@kernel.org \
--cc=iommu@lists.linux.dev \
--cc=jgg@ziepe.ca \
--cc=joro@8bytes.org \
--cc=kees@kernel.org \
--cc=kevin.tian@intel.com \
--cc=kjaju@nvidia.com \
--cc=kvm@vger.kernel.org \
--cc=linaro-mm-sig@lists.linaro.org \
--cc=linux-block@vger.kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-hardening@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-media@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linux-pci@vger.kernel.org \
--cc=logang@deltatee.com \
--cc=m.szyprowski@samsung.com \
--cc=mochs@nvidia.com \
--cc=nicolinc@nvidia.com \
--cc=robin.murphy@arm.com \
--cc=skolothumtho@nvidia.com \
--cc=sumit.semwal@linaro.org \
--cc=will@kernel.org \
--cc=yishaih@nvidia.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).