From: Alex Williamson <alex@shazbot.org>
To: Jacob Pan <jacob.pan@linux.microsoft.com>
Cc: linux-kernel@vger.kernel.org,
"iommu@lists.linux.dev" <iommu@lists.linux.dev>,
Jason Gunthorpe <jgg@nvidia.com>, Joerg Roedel <joro@8bytes.org>,
Mostafa Saleh <smostafa@google.com>,
David Matlack <dmatlack@google.com>,
Robin Murphy <robin.murphy@arm.com>,
Nicolin Chen <nicolinc@nvidia.com>,
"Tian, Kevin" <kevin.tian@intel.com>, Yi Liu <yi.l.liu@intel.com>,
skhawaja@google.com, pasha.tatashin@soleen.com,
Will Deacon <will@kernel.org>,
Baolu Lu <baolu.lu@linux.intel.com>,
alex@shazbot.org
Subject: Re: [PATCH V4 07/10] vfio: Enable cdev noiommu mode under iommufd
Date: Thu, 16 Apr 2026 14:49:15 -0600 [thread overview]
Message-ID: <20260416144915.4fe38481@shazbot.org> (raw)
In-Reply-To: <20260414211412.2729-8-jacob.pan@linux.microsoft.com>
On Tue, 14 Apr 2026 14:14:09 -0700
Jacob Pan <jacob.pan@linux.microsoft.com> wrote:
> Now that devices under noiommu mode can bind with IOMMUFD and perform
> IOAS operations, lift restrictions on cdev from VFIO side.
>
> No IOMMU cdevs are explicitly named with noiommu prefix. e.g.
>
> /dev/vfio/
> |-- 7
> |-- devices
> | `-- noiommu-vfio0
> `-- vfio
The group interface already does this, so the "7" is not
representative. In fact, since the no-iommu groups are created as
device are bound, chances are they'd be in sync for a single device, so
this would be 'noiommu-0'. NB. it's correctly represented in the
subsequent patches.
>
> Signed-off-by: Jacob Pan <jacob.pan@linux.microsoft.com>
>
> ---
> v4:
> - Move vfio_device_has_group() related out to 5/10
> - Keep wait loop in vfio_unregister_group_dev (Jason)
> v3:
> - Add explict dependency on !GENERIC_ATOMIC64
> v2:
> - Fix build dependency on IOMMU_SUPPORT
> ---
> drivers/vfio/Kconfig | 8 ++++++--
> drivers/vfio/iommufd.c | 7 -------
> drivers/vfio/vfio.h | 8 +-------
> drivers/vfio/vfio_main.c | 20 ++++++--------------
> 4 files changed, 13 insertions(+), 30 deletions(-)
>
> diff --git a/drivers/vfio/Kconfig b/drivers/vfio/Kconfig
> index ceae52fd7586..c013255bf7f1 100644
> --- a/drivers/vfio/Kconfig
> +++ b/drivers/vfio/Kconfig
> @@ -22,8 +22,7 @@ config VFIO_DEVICE_CDEV
> The VFIO device cdev is another way for userspace to get device
> access. Userspace gets device fd by opening device cdev under
> /dev/vfio/devices/vfioX, and then bind the device fd with an iommufd
> - to set up secure DMA context for device access. This interface does
> - not support noiommu.
> + to set up secure DMA context for device access.
>
> If you don't know what to do here, say N.
>
> @@ -63,6 +62,11 @@ endif
> config VFIO_NOIOMMU
> bool "VFIO No-IOMMU support"
> depends on VFIO_GROUP
> + depends on !GENERIC_ATOMIC64 # IOMMU_PT_AMDV1 requires cmpxchg64
> + select GENERIC_PT
> + select IOMMU_PT
> + select IOMMU_PT_AMDV1
> + depends on IOMMU_SUPPORT
Cosmetic nit, group the depends together.
Noting my previous concern about why we keep group support for
non-container builds, what about making VFIO_GROUP_NOIOMMU and
VFIO_CDEV_NOIOMMU?
Also, vfio no-iommu is traditionally gated on CAP_SYS_RAWIO, but those
tests are all in the vfio group code and not replicated here for cdev,
afaict. That would relax the usage requirements quite significantly.
Thanks,
Alex
> help
> VFIO is built on the ability to isolate devices using the IOMMU.
> Only with an IOMMU can userspace access to DMA capable devices be
> diff --git a/drivers/vfio/iommufd.c b/drivers/vfio/iommufd.c
> index a38d262c6028..26c9c3068c77 100644
> --- a/drivers/vfio/iommufd.c
> +++ b/drivers/vfio/iommufd.c
> @@ -25,10 +25,6 @@ int vfio_df_iommufd_bind(struct vfio_device_file *df)
>
> lockdep_assert_held(&vdev->dev_set->lock);
>
> - /* Returns 0 to permit device opening under noiommu mode */
> - if (vfio_device_is_noiommu(vdev))
> - return 0;
> -
> return vdev->ops->bind_iommufd(vdev, ictx, &df->devid);
> }
>
> @@ -58,9 +54,6 @@ void vfio_df_iommufd_unbind(struct vfio_device_file *df)
>
> lockdep_assert_held(&vdev->dev_set->lock);
>
> - if (vfio_device_is_noiommu(vdev))
> - return;
> -
> if (vdev->ops->unbind_iommufd)
> vdev->ops->unbind_iommufd(vdev);
> }
> diff --git a/drivers/vfio/vfio.h b/drivers/vfio/vfio.h
> index 9e25605da564..ad9e09f6d095 100644
> --- a/drivers/vfio/vfio.h
> +++ b/drivers/vfio/vfio.h
> @@ -376,19 +376,13 @@ void vfio_init_device_cdev(struct vfio_device *device);
>
> static inline int vfio_device_add(struct vfio_device *device)
> {
> - /* cdev does not support noiommu device */
> - if (vfio_device_is_noiommu(device))
> - return device_add(&device->device);
> vfio_init_device_cdev(device);
> return cdev_device_add(&device->cdev, &device->device);
> }
>
> static inline void vfio_device_del(struct vfio_device *device)
> {
> - if (vfio_device_is_noiommu(device))
> - device_del(&device->device);
> - else
> - cdev_device_del(&device->cdev, &device->device);
> + cdev_device_del(&device->cdev, &device->device);
> }
>
> int vfio_device_fops_cdev_open(struct inode *inode, struct file *filep);
> diff --git a/drivers/vfio/vfio_main.c b/drivers/vfio/vfio_main.c
> index 5d7c2d014689..3ae3d34c21cc 100644
> --- a/drivers/vfio/vfio_main.c
> +++ b/drivers/vfio/vfio_main.c
> @@ -332,13 +332,15 @@ static int __vfio_register_dev(struct vfio_device *device,
> if (!device->dev_set)
> vfio_assign_device_set(device, device);
>
> - ret = dev_set_name(&device->device, "vfio%d", device->index);
> + ret = vfio_device_set_group(device, type);
> if (ret)
> return ret;
>
> - ret = vfio_device_set_group(device, type);
> + /* Just to be safe, expose to user explicitly noiommu cdev node */
> + ret = dev_set_name(&device->device, "%svfio%d",
> + device->noiommu ? "noiommu-" : "", device->index);
> if (ret)
> - return ret;
> + goto err_out;
>
> /*
> * VFIO always sets IOMMU_CACHE because we offer no way for userspace to
> @@ -359,7 +361,7 @@ static int __vfio_register_dev(struct vfio_device *device,
> refcount_set(&device->refcount, 1);
>
> /* noiommu device w/o container may have NULL group */
> - if (!vfio_device_has_group(device))
> + if (vfio_device_is_noiommu(device) && !vfio_device_has_group(device))
> return 0;
>
> vfio_device_group_register(device);
> @@ -396,16 +398,6 @@ void vfio_unregister_group_dev(struct vfio_device *device)
> bool interrupted = false;
> long rc;
>
> - /*
> - * For noiommu devices without a container, thus no dummy group,
> - * simply delete and unregister to balance refcount.
> - */
> - if (!vfio_device_has_group(device)) {
> - vfio_device_del(device);
> - vfio_device_put_registration(device);
> - return;
> - }
> -
> /*
> * Prevent new device opened by userspace via the
> * VFIO_GROUP_GET_DEVICE_FD in the group path.
next prev parent reply other threads:[~2026-04-16 20:49 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-14 21:14 [PATCH V4 00/10] iommufd: Enable noiommu mode for cdev Jacob Pan
2026-04-14 21:14 ` [PATCH V4 01/10] iommufd: Support a HWPT without an iommu driver for noiommu Jacob Pan
2026-04-16 7:25 ` Tian, Kevin
2026-04-17 21:59 ` Jacob Pan
2026-04-14 21:14 ` [PATCH V4 02/10] iommufd: Move igroup allocation to a function Jacob Pan
2026-04-16 7:48 ` Tian, Kevin
2026-04-14 21:14 ` [PATCH V4 03/10] iommufd: Allow binding to a noiommu device Jacob Pan
2026-04-16 7:56 ` Tian, Kevin
2026-04-14 21:14 ` [PATCH V4 04/10] iommufd: Add an ioctl IOMMU_IOAS_GET_PA to query PA from IOVA Jacob Pan
2026-04-16 8:02 ` Tian, Kevin
2026-04-16 19:32 ` Alex Williamson
2026-04-14 21:14 ` [PATCH V4 05/10] vfio: Allow null group for noiommu without containers Jacob Pan
2026-04-16 8:13 ` Tian, Kevin
2026-04-16 21:33 ` Jacob Pan
2026-04-16 20:06 ` Alex Williamson
2026-04-17 17:06 ` Jacob Pan
2026-04-17 23:04 ` Alex Williamson
2026-04-14 21:14 ` [PATCH V4 06/10] vfio: Introduce and set noiommu flag on vfio_device Jacob Pan
2026-04-14 21:14 ` [PATCH V4 07/10] vfio: Enable cdev noiommu mode under iommufd Jacob Pan
2026-04-16 20:49 ` Alex Williamson [this message]
2026-04-14 21:14 ` [PATCH V4 08/10] vfio:selftest: Handle VFIO noiommu cdev Jacob Pan
2026-04-14 21:14 ` [PATCH V4 09/10] selftests/vfio: Add iommufd noiommu mode selftest for cdev Jacob Pan
2026-04-14 21:14 ` [PATCH V4 10/10] Documentation: Update VFIO NOIOMMU mode Jacob Pan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260416144915.4fe38481@shazbot.org \
--to=alex@shazbot.org \
--cc=baolu.lu@linux.intel.com \
--cc=dmatlack@google.com \
--cc=iommu@lists.linux.dev \
--cc=jacob.pan@linux.microsoft.com \
--cc=jgg@nvidia.com \
--cc=joro@8bytes.org \
--cc=kevin.tian@intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=nicolinc@nvidia.com \
--cc=pasha.tatashin@soleen.com \
--cc=robin.murphy@arm.com \
--cc=skhawaja@google.com \
--cc=smostafa@google.com \
--cc=will@kernel.org \
--cc=yi.l.liu@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox