Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp2111221imm; Fri, 7 Sep 2018 10:57:51 -0700 (PDT) X-Google-Smtp-Source: ANB0Vdb62Cki6NMXb710SHfVp18Hrhemb0MhPcDC4ikrfJF+QOufyLShlkaQHQ8oxmsrakqdClgL X-Received: by 2002:a62:25c5:: with SMTP id l188-v6mr9672435pfl.179.1536343071175; Fri, 07 Sep 2018 10:57:51 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1536343071; cv=none; d=google.com; s=arc-20160816; b=YlKPIfCoKrK1Vmu4SHTBvSe2gV4VWN0q7OZ4wl9ZyozsmoPAfJYD8HcHa+tzDQLqdC 59dyk4iZlSH7mMgtfU8bdCFVDBmGRwY1ltqjRR+M3zGQ0Nr/K7Icxt14GIX/ocIztIwW R80L7XhUvv+5JJz+CBoCgnnOhuvhGiRzqLrEAl2zW6JdRuHzHM3SaYBiLSXxedt2csVe UqQHxE4T50+o0a61r5rYfDnMqflo0bELZCkc6LX947DREr6JRAOuZ7IWDoeE8DKRZQKA DLubo+OVao1Xio8mnIj8iOv4OALhJm4+McZyDTG/qaH2rD0DIDRvUtV986+s3iibrZQb Ss5Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject; bh=SwI3k5bSWYlYrqZgx6jvDCXNFoWuSAZNt3VDpudRXNI=; b=okXKUqwOkmkv2Quh6vJDKonT6K9nBrjthxr1pp6Cp7J12CnGjb6KB77tKSDJRr4LG7 7dcyomEe8J89qolZiO/YFH/EyE2oj+Zg7Ve+lHbPqlLyAeoM0CdarNEtlPn2pWzBXnG9 zrHqmBrzi2/AOwseenkuRJb4ESP4z68RtU6vAO3JZejOsU3pM+mim+8kXty7vfYwFxyN pRR9Boo6NnyPUcqvYwV6E4e/XjVOfaXQAIXXS9SvPh3aCl060bDqMJJPaiYL4GI1h7uD 13aeiIYPdCLK/4ZofUE8IRwObZwdH+A9pVG2Bd4+ZvJdAdx3RHn9ES1ZiVMx72ebePW9 i2qg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id v190-v6si8792993pgd.128.2018.09.07.10.57.35; Fri, 07 Sep 2018 10:57:51 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727664AbeIGWiF (ORCPT + 99 others); Fri, 7 Sep 2018 18:38:05 -0400 Received: from usa-sjc-mx-foss1.foss.arm.com ([217.140.101.70]:35396 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726151AbeIGWiE (ORCPT ); Fri, 7 Sep 2018 18:38:04 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id ED43318A; Fri, 7 Sep 2018 10:56:01 -0700 (PDT) Received: from [10.4.12.111] (ostrya.Emea.Arm.com [10.4.12.111]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id F2C013F5BC; Fri, 7 Sep 2018 10:55:58 -0700 (PDT) Subject: Re: [RFCv2 PATCH 0/7] A General Accelerator Framework, WarpDrive To: Jerome Glisse , Kenneth Lee Cc: Kenneth Lee , Alex Williamson , Herbert Xu , kvm@vger.kernel.org, Jonathan Corbet , Greg Kroah-Hartman , linux-doc@vger.kernel.org, Sanjay Kumar , Hao Fang , linux-kernel@vger.kernel.org, linuxarm@huawei.com, iommu@lists.linux-foundation.org, "David S . Miller" , linux-crypto@vger.kernel.org, Philippe Ombredanne , Thomas Gleixner , linux-accelerators@lists.ozlabs.org References: <20180903005204.26041-1-nek.in.cn@gmail.com> <20180904150019.GA4024@redhat.com> <20180904101509.62314b67@t450s.home> <20180906094532.GG230707@Turing-Arch-b> <20180906133133.GA3830@redhat.com> <20180907040138.GI230707@Turing-Arch-b> <20180907165303.GA3519@redhat.com> From: Jean-Philippe Brucker Message-ID: <404f0944-d514-b450-f743-89ae798ac694@arm.com> Date: Fri, 7 Sep 2018 18:55:45 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.0 MIME-Version: 1.0 In-Reply-To: <20180907165303.GA3519@redhat.com> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 07/09/2018 17:53, Jerome Glisse wrote: > So there is no reasons to do that under VFIO. Especialy as in your example > it is not a real user space device driver, the userspace portion only knows > about writting command into command buffer AFAICT. > > VFIO is for real userspace driver where interrupt, configurations, ... ie > all the driver is handled in userspace. This means that the userspace have > to be trusted as it could program the device to do DMA to anywhere (if > IOMMU is disabled at boot which is still the default configuration in the > kernel). If the IOMMU is disabled (not exactly a kernel default by the way, I think most IOMMU drivers enable it by default), your userspace driver can't bypass DMA isolation by accident. It just won't be allowed to access the device. VFIO requires an IOMMU unless the admin forces the NOIOMMU mode with the "enable_unsafe_noiommu_mode" module parameter, and the userspace explicitly asks for it with VFIO_NOIOMMU_IOMMU, which taints the kernel. Not for production. A normal userspace driver that uses VFIO can only do DMA to its own memory. Thanks, Jean