Received: by 2002:a05:6a10:5bc5:0:0:0:0 with SMTP id os5csp3775845pxb; Mon, 1 Nov 2021 20:55:37 -0700 (PDT) X-Google-Smtp-Source: ABdhPJw7KujUHPBf8Fn0KuZopMiGz4VooBIiOsabohBXW1Wm2sdj2Zavv7jqxxA4cxKU6BiXX+Ff X-Received: by 2002:a05:6402:26d6:: with SMTP id x22mr47622333edd.165.1635825337502; Mon, 01 Nov 2021 20:55:37 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1635825337; cv=none; d=google.com; s=arc-20160816; b=SQkXsgg9V3TkoCaOZ5O9UEDAAj5qqB26xP4DOmQCtzvVP51I90HFgAn2dRU+lm6ppe gXBFdla9y6MjsKv2hXyJ4UJuCgJXaCXXKs3/ohcauMkr3iX9JrPQBfsRAT/ygc/pJH4B s2Ew4cBiXiN51ADF9mk6jxB3ApswjQvSh7oKVSoPoKy9R3W7D2NTA8ma9+8oJR3mfGRA IPSyU1OMdznMAP5/wje+E559Js1OkIrpS71AfjibsNiBZiApM/VJfocF9+6oVTpL3zvW hkjHCUX9yJbkeJwy6J86AqEBNfczq9uPkEtmwFtsjKEE9YbGolXysUaqe4nEzfZCayzv tULg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=l5JQX7PK3bUB+fO7KCHuTs96kpHZCzUz5hWvhokA8Wo=; b=s6TbgGzfbk+BqmKBD+k16X7soiAjUzrV60/mnKmIkxfzTlebCWr93tvxKRimjTm8SR fel4k/CgXlM6a4SPPeaoeLG64LmaOcftE/5W/db4MHsw4bn7Y/x2MsvgX3m68wgbHmN6 rtBCBWrak1UudXeBw5bgEOZG+aORTo4Aop35rmkviPJq0I7C4d1ddCFZSR0XJ82Mg3DJ WZGpCbyRwxfIvDuKmuf0fFD8XNukWnzDaQYcLucYpusLpD3s/KIxVY4/dkzbR1Ss9TbI YFZ+Sn2rjExPyK0CtHgdzGmeN9x5e6lfEXnux4uKAJXbL3MtmFnzISJzkU3BktA5nzdL O40A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=RghOEjDL; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id 9si20652312edw.603.2021.11.01.20.55.13; Mon, 01 Nov 2021 20:55:37 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=RghOEjDL; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232775AbhKBDzN (ORCPT + 99 others); Mon, 1 Nov 2021 23:55:13 -0400 Received: from us-smtp-delivery-124.mimecast.com ([216.205.24.124]:30883 "EHLO us-smtp-delivery-124.mimecast.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232752AbhKBDzJ (ORCPT ); Mon, 1 Nov 2021 23:55:09 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1635825154; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=l5JQX7PK3bUB+fO7KCHuTs96kpHZCzUz5hWvhokA8Wo=; b=RghOEjDL4afjnzXeL55cWpEv8TQnj+im4Xg6YL8Q9UZ8b7ywZC6RWYaVmoejXVlsUTxjML n7dqZkUimmxIM9cufFuSp3odoS4C/14M80PXhaH24MEFexRj+cJBoCu02k9Iibw0XbVwGL CZ0oKhiyg3N6AG4OyLVFjVRr3NKzuCU= Received: from mail-lj1-f199.google.com (mail-lj1-f199.google.com [209.85.208.199]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-459-um07mfmdMxeM0-_6McAG6Q-1; Mon, 01 Nov 2021 23:52:33 -0400 X-MC-Unique: um07mfmdMxeM0-_6McAG6Q-1 Received: by mail-lj1-f199.google.com with SMTP id a20-20020a2eb554000000b0020de66f70bcso7062225ljn.1 for ; Mon, 01 Nov 2021 20:52:33 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=l5JQX7PK3bUB+fO7KCHuTs96kpHZCzUz5hWvhokA8Wo=; b=mfzFtC/ABJbGDuy12kuVvJ1fXQng+6P4b7X2W/xqIuu5ZJ9O5HsIAbLH2PwIVkjf3y xw5ZxeGlDdrCDkbzCYaRUYlm2Ny7BDv45aK7ffG6YhCPz2sNGvdrlsB/zTSM7cNb/djP K/vbYLzEPGRVQ1wQYq9Zyor3tstdRY39YtWJVxvxKo/kkWPYaTHxLlzkTvxuCloTKW8+ QojFzSrcyMY7WNw37jI7YOBveDOR7U4+zgF3i2dEXJl+VHSlh3VkVGshACQe3/K7BqKb viJMwwcWkC3yjqY6kBnBMdJdbc10F1SW36O4fQrfTry2zsa4jxpgZqc6EZ1apXgjZX9N xd+w== X-Gm-Message-State: AOAM532/i0/Mkrt3Un1DkrGB0T7cZMxuGkbUd/IeduQDBsCK3b81Zq7z UB+l6y5EF5fMg0VBVEl6e9mD8YbSx9WMGmd9efwZz7+XApHq9zWjZqVka1SC0ElB/c9obMk2yt+ 3zxMYiBbc1ZM1lXSridk3DhYOeCC/zTtKl+WuVAdS X-Received: by 2002:a2e:a5c8:: with SMTP id n8mr34920396ljp.307.1635825151559; Mon, 01 Nov 2021 20:52:31 -0700 (PDT) X-Received: by 2002:a2e:a5c8:: with SMTP id n8mr34920347ljp.307.1635825151261; Mon, 01 Nov 2021 20:52:31 -0700 (PDT) MIME-Version: 1.0 References: <20200326140125.19794-1-jasowang@redhat.com> <20200326140125.19794-8-jasowang@redhat.com> <20211101141133.GA1073864@nvidia.com> In-Reply-To: <20211101141133.GA1073864@nvidia.com> From: Jason Wang Date: Tue, 2 Nov 2021 11:52:20 +0800 Message-ID: Subject: Re: [PATCH V9 7/9] vhost: introduce vDPA-based backend To: Jason Gunthorpe Cc: mst , linux-kernel , kvm , virtualization , netdev , Maxime Coquelin , "Liang, Cunming" , zhihong.wang@intel.com, rob.miller@broadcom.com, Xiao W Wang , Zhu Lingshan , eperezma , Cindy Lu , Parav Pandit , "Tian, Kevin" , Stefan Hajnoczi , Randy Dunlap , Christoph Hellwig , Ariel Adam , jiri@mellanox.com, shahafs@mellanox.com, Harpreet Singh Anand , mhabets@solarflare.com, Gautam Dawar , Saugat Mitra , vmireyno@marvell.com, zhangweining@ruijie.com.cn, Tiwei Bie , Lu Baolu Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Nov 1, 2021 at 10:11 PM Jason Gunthorpe wrote: > > On Thu, Mar 26, 2020 at 10:01:23PM +0800, Jason Wang wrote: > > From: Tiwei Bie > > > > This patch introduces a vDPA-based vhost backend. This backend is > > built on top of the same interface defined in virtio-vDPA and provides > > a generic vhost interface for userspace to accelerate the virtio > > devices in guest. > > > > This backend is implemented as a vDPA device driver on top of the same > > ops used in virtio-vDPA. It will create char device entry named > > vhost-vdpa-$index for userspace to use. Userspace can use vhost ioctls > > on top of this char device to setup the backend. > > > > Vhost ioctls are extended to make it type agnostic and behave like a > > virtio device, this help to eliminate type specific API like what > > vhost_net/scsi/vsock did: > > > > - VHOST_VDPA_GET_DEVICE_ID: get the virtio device ID which is defined > > by virtio specification to differ from different type of devices > > - VHOST_VDPA_GET_VRING_NUM: get the maximum size of virtqueue > > supported by the vDPA device > > - VHSOT_VDPA_SET/GET_STATUS: set and get virtio status of vDPA device > > - VHOST_VDPA_SET/GET_CONFIG: access virtio config space > > - VHOST_VDPA_SET_VRING_ENABLE: enable a specific virtqueue > > > > For memory mapping, IOTLB API is mandated for vhost-vDPA which means > > userspace drivers are required to use > > VHOST_IOTLB_UPDATE/VHOST_IOTLB_INVALIDATE to add or remove mapping for > > a specific userspace memory region. > > > > The vhost-vDPA API is designed to be type agnostic, but it allows net > > device only in current stage. Due to the lacking of control virtqueue > > support, some features were filter out by vhost-vdpa. > > > > We will enable more features and devices in the near future. > > [..] > > > +static int vhost_vdpa_alloc_domain(struct vhost_vdpa *v) > > +{ > > + struct vdpa_device *vdpa = v->vdpa; > > + const struct vdpa_config_ops *ops = vdpa->config; > > + struct device *dma_dev = vdpa_get_dma_dev(vdpa); > > + struct bus_type *bus; > > + int ret; > > + > > + /* Device want to do DMA by itself */ > > + if (ops->set_map || ops->dma_map) > > + return 0; > > + > > + bus = dma_dev->bus; > > + if (!bus) > > + return -EFAULT; > > + > > + if (!iommu_capable(bus, IOMMU_CAP_CACHE_COHERENCY)) > > + return -ENOTSUPP; > > + > > + v->domain = iommu_domain_alloc(bus); > > + if (!v->domain) > > + return -EIO; > > + > > + ret = iommu_attach_device(v->domain, dma_dev); > > + if (ret) > > + goto err_attach; > > > > I've been looking at the security of iommu_attach_device() users, and > I wonder if this is safe? > > The security question is if userspace is able to control the DMA > address the devices uses? Eg if any of the cpu to device ring's are in > userspace memory? > > For instance if userspace can tell the device to send a packet from an > arbitrary user controlled address. The map is validated via pin_user_pages() which guarantees that the address is not arbitrary and must belong to userspace? Thanks > > Thanks, > Jason >