[PATCH V2] vfio: platform: support No-IOMMU mode

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

* [PATCH V2] vfio: platform: support No-IOMMU mode
@ 2016-05-23  8:14 Peng Fan
  2016-05-23  8:59 ` Eric Auger
  0 siblings, 1 reply; 3+ messages in thread
From: Peng Fan @ 2016-05-23  8:14 UTC (permalink / raw)
  To: alex.williamson, b.reynal, eric.auger; +Cc: kvm, linux-kernel, Peng Fan

The vfio No-IOMMU mode was supported by this
'commit 03a76b60f8ba2797 ("vfio: Include No-IOMMU mode")',
but it only support vfio-pci.

Using vfio_iommu_group_get/put, but not iommu_group_get/put,
the platform devices can be exposed to userspace with
CONFIG_VFIO_NOIOMMU and the "enable_unsafe_noiommu_mode"
option enabled.

>From 'commit 03a76b60f8ba2797 ("vfio: Include No-IOMMU mode")',
"This should make it very clear that this mode is not safe.
Additionally, CAP_SYS_RAWIO privileges are necessary to work
with groups and containers using this mode.  Groups making
use of this support are named /dev/vfio/noiommu-$GROUP and
can only make use of the special VFIO_NOIOMMU_IOMMU for the
container.  Use of this mode, specifically binding a device
without a native IOMMU group to a VFIO bus driver will taint
the kernel and should therefore not be considered supported.",

Actually, for vfio-platform No-IOMMU mode, the userspace can
not do DMA, because the ioctl API of noiommu container only
supports VFIO_CHECK_EXTENSION and VFIO_IOMMU_MAP_DMA is not
supported.

Signed-off-by: Peng Fan <van.freenix@gmail.com>
Cc: Eric Auger <eric.auger@linaro.org>
Cc: Baptiste Reynal <b.reynal@virtualopensystems.com>
Cc: Alex Williamson <alex.williamson@redhat.com>
---

V2:
 Rename subject to support No-IOMMU
 Add more commit log.

 I wrote a simple program following this
 https://github.com/virtualopensystems/vfio-host-test/blob/master/src_test/vfio_device_test.c
 ,no dma support. The device's register can be
 accessed in userspace using command './vfio_dev_test 30b60000.usdhc 0 1 platform'

 drivers/vfio/platform/vfio_platform_common.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/drivers/vfio/platform/vfio_platform_common.c b/drivers/vfio/platform/vfio_platform_common.c
index e65b142..993b2f9 100644
--- a/drivers/vfio/platform/vfio_platform_common.c
+++ b/drivers/vfio/platform/vfio_platform_common.c
@@ -561,7 +561,7 @@ int vfio_platform_probe_common(struct vfio_platform_device *vdev,
 
 	vdev->device = dev;
 
-	group = iommu_group_get(dev);
+	group = vfio_iommu_group_get(dev);
 	if (!group) {
 		pr_err("VFIO: No IOMMU group for device %s\n", vdev->name);
 		return -EINVAL;
@@ -569,7 +569,7 @@ int vfio_platform_probe_common(struct vfio_platform_device *vdev,
 
 	ret = vfio_add_group_dev(dev, &vfio_platform_ops, vdev);
 	if (ret) {
-		iommu_group_put(group);
+		vfio_iommu_group_put(group, dev);
 		return ret;
 	}
 
@@ -589,7 +589,7 @@ struct vfio_platform_device *vfio_platform_remove_common(struct device *dev)
 
 	if (vdev) {
 		vfio_platform_put_reset(vdev);
-		iommu_group_put(dev->iommu_group);
+		vfio_iommu_group_put(dev->iommu_group, dev);
 	}
 
 	return vdev;
-- 
2.6.2

^ permalink raw reply related	[flat|nested] 3+ messages in thread

* Re: [PATCH V2] vfio: platform: support No-IOMMU mode
  2016-05-23  8:14 [PATCH V2] vfio: platform: support No-IOMMU mode Peng Fan
@ 2016-05-23  8:59 ` Eric Auger
  2016-05-23  9:23   ` Peng Fan
  0 siblings, 1 reply; 3+ messages in thread
From: Eric Auger @ 2016-05-23  8:59 UTC (permalink / raw)
  To: Peng Fan, alex.williamson, b.reynal; +Cc: kvm, linux-kernel

Hi Peng,
On 05/23/2016 10:14 AM, Peng Fan wrote:
> The vfio No-IOMMU mode was supported by this
> 'commit 03a76b60f8ba2797 ("vfio: Include No-IOMMU mode")',
> but it only support vfio-pci.
> 
> Using vfio_iommu_group_get/put, but not iommu_group_get/put,
> the platform devices can be exposed to userspace with
> CONFIG_VFIO_NOIOMMU and the "enable_unsafe_noiommu_mode"
> option enabled.
> 
> From 'commit 03a76b60f8ba2797 ("vfio: Include No-IOMMU mode")',
> "This should make it very clear that this mode is not safe.
> Additionally, CAP_SYS_RAWIO privileges are necessary to work
> with groups and containers using this mode.  Groups making
> use of this support are named /dev/vfio/noiommu-$GROUP and
> can only make use of the special VFIO_NOIOMMU_IOMMU for the
> container.  Use of this mode, specifically binding a device
> without a native IOMMU group to a VFIO bus driver will taint
> the kernel and should therefore not be considered supported.",
> 
> Actually, for vfio-platform No-IOMMU mode, the userspace can
> not do DMA, because the ioctl API of noiommu container only
> supports VFIO_CHECK_EXTENSION and VFIO_IOMMU_MAP_DMA is not
> supported.
I did not play with no-iommu mode yet but I am surprised by this last
sentence. Without IOMMU the VFIO_IOMMU_MAP_DMA ioctl is not relevant
since you do not need to and cannot map anything but does this really
mean the device cannot perform DMA transfers towards physical memory, if
programmed to do so; I don't think so?

Best Regards

Eric
> 
> Signed-off-by: Peng Fan <van.freenix@gmail.com>
> Cc: Eric Auger <eric.auger@linaro.org>
> Cc: Baptiste Reynal <b.reynal@virtualopensystems.com>
> Cc: Alex Williamson <alex.williamson@redhat.com>
> ---
> 
> V2:
>  Rename subject to support No-IOMMU
>  Add more commit log.
> 
>  I wrote a simple program following this
>  https://github.com/virtualopensystems/vfio-host-test/blob/master/src_test/vfio_device_test.c
>  ,no dma support. The device's register can be
>  accessed in userspace using command './vfio_dev_test 30b60000.usdhc 0 1 platform'
> 
>  drivers/vfio/platform/vfio_platform_common.c | 6 +++---
>  1 file changed, 3 insertions(+), 3 deletions(-)
> 
> diff --git a/drivers/vfio/platform/vfio_platform_common.c b/drivers/vfio/platform/vfio_platform_common.c
> index e65b142..993b2f9 100644
> --- a/drivers/vfio/platform/vfio_platform_common.c
> +++ b/drivers/vfio/platform/vfio_platform_common.c
> @@ -561,7 +561,7 @@ int vfio_platform_probe_common(struct vfio_platform_device *vdev,
>  
>  	vdev->device = dev;
>  
> -	group = iommu_group_get(dev);
> +	group = vfio_iommu_group_get(dev);
>  	if (!group) {
>  		pr_err("VFIO: No IOMMU group for device %s\n", vdev->name);
>  		return -EINVAL;
> @@ -569,7 +569,7 @@ int vfio_platform_probe_common(struct vfio_platform_device *vdev,
>  
>  	ret = vfio_add_group_dev(dev, &vfio_platform_ops, vdev);
>  	if (ret) {
> -		iommu_group_put(group);
> +		vfio_iommu_group_put(group, dev);
>  		return ret;
>  	}
>  
> @@ -589,7 +589,7 @@ struct vfio_platform_device *vfio_platform_remove_common(struct device *dev)
>  
>  	if (vdev) {
>  		vfio_platform_put_reset(vdev);
> -		iommu_group_put(dev->iommu_group);
> +		vfio_iommu_group_put(dev->iommu_group, dev);
>  	}
>  
>  	return vdev;
> 

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH V2] vfio: platform: support No-IOMMU mode
  2016-05-23  8:59 ` Eric Auger
@ 2016-05-23  9:23   ` Peng Fan
  0 siblings, 0 replies; 3+ messages in thread
From: Peng Fan @ 2016-05-23  9:23 UTC (permalink / raw)
  To: Eric Auger; +Cc: alex.williamson, b.reynal, kvm, linux-kernel

Hi Eric,

On Mon, May 23, 2016 at 10:59:24AM +0200, Eric Auger wrote:
>Hi Peng,
>On 05/23/2016 10:14 AM, Peng Fan wrote:
>> The vfio No-IOMMU mode was supported by this
>> 'commit 03a76b60f8ba2797 ("vfio: Include No-IOMMU mode")',
>> but it only support vfio-pci.
>> 
>> Using vfio_iommu_group_get/put, but not iommu_group_get/put,
>> the platform devices can be exposed to userspace with
>> CONFIG_VFIO_NOIOMMU and the "enable_unsafe_noiommu_mode"
>> option enabled.
>> 
>> From 'commit 03a76b60f8ba2797 ("vfio: Include No-IOMMU mode")',
>> "This should make it very clear that this mode is not safe.
>> Additionally, CAP_SYS_RAWIO privileges are necessary to work
>> with groups and containers using this mode.  Groups making
>> use of this support are named /dev/vfio/noiommu-$GROUP and
>> can only make use of the special VFIO_NOIOMMU_IOMMU for the
>> container.  Use of this mode, specifically binding a device
>> without a native IOMMU group to a VFIO bus driver will taint
>> the kernel and should therefore not be considered supported.",
>> 
>> Actually, for vfio-platform No-IOMMU mode, the userspace can
>> not do DMA, because the ioctl API of noiommu container only
>> supports VFIO_CHECK_EXTENSION and VFIO_IOMMU_MAP_DMA is not
>> supported.
>I did not play with no-iommu mode yet but I am surprised by this last
>sentence. Without IOMMU the VFIO_IOMMU_MAP_DMA ioctl is not relevant
>since you do not need to and cannot map anything but does this really
>mean the device cannot perform DMA transfers towards physical memory, if
>programmed to do so; I don't think so?

Sorry. My commit log maybe misleading, I mean we can not use mmap + VFIO_IOMMU_MAP_DMA
for noiommu.

The platform device can still do DMA, if we program the DMA address for the device correctly,
such as a reserved memory region.

I can discard the last sentence of the commit log in V3.

Thanks,
Peng.
>
>Best Regards
>
>Eric
>> 
>> Signed-off-by: Peng Fan <van.freenix@gmail.com>
>> Cc: Eric Auger <eric.auger@linaro.org>
>> Cc: Baptiste Reynal <b.reynal@virtualopensystems.com>
>> Cc: Alex Williamson <alex.williamson@redhat.com>
>> ---
>> 
>> V2:
>>  Rename subject to support No-IOMMU
>>  Add more commit log.
>> 
>>  I wrote a simple program following this
>>  https://github.com/virtualopensystems/vfio-host-test/blob/master/src_test/vfio_device_test.c
>>  ,no dma support. The device's register can be
>>  accessed in userspace using command './vfio_dev_test 30b60000.usdhc 0 1 platform'
>> 
>>  drivers/vfio/platform/vfio_platform_common.c | 6 +++---
>>  1 file changed, 3 insertions(+), 3 deletions(-)
>> 
>> diff --git a/drivers/vfio/platform/vfio_platform_common.c b/drivers/vfio/platform/vfio_platform_common.c
>> index e65b142..993b2f9 100644
>> --- a/drivers/vfio/platform/vfio_platform_common.c
>> +++ b/drivers/vfio/platform/vfio_platform_common.c
>> @@ -561,7 +561,7 @@ int vfio_platform_probe_common(struct vfio_platform_device *vdev,
>>  
>>  	vdev->device = dev;
>>  
>> -	group = iommu_group_get(dev);
>> +	group = vfio_iommu_group_get(dev);
>>  	if (!group) {
>>  		pr_err("VFIO: No IOMMU group for device %s\n", vdev->name);
>>  		return -EINVAL;
>> @@ -569,7 +569,7 @@ int vfio_platform_probe_common(struct vfio_platform_device *vdev,
>>  
>>  	ret = vfio_add_group_dev(dev, &vfio_platform_ops, vdev);
>>  	if (ret) {
>> -		iommu_group_put(group);
>> +		vfio_iommu_group_put(group, dev);
>>  		return ret;
>>  	}
>>  
>> @@ -589,7 +589,7 @@ struct vfio_platform_device *vfio_platform_remove_common(struct device *dev)
>>  
>>  	if (vdev) {
>>  		vfio_platform_put_reset(vdev);
>> -		iommu_group_put(dev->iommu_group);
>> +		vfio_iommu_group_put(dev->iommu_group, dev);
>>  	}
>>  
>>  	return vdev;
>> 
>

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2016-05-23  9:24 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-05-23  8:14 [PATCH V2] vfio: platform: support No-IOMMU mode Peng Fan
2016-05-23  8:59 ` Eric Auger
2016-05-23  9:23   ` Peng Fan

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox