From: Jason Wang <jasowang@redhat.com>
To: Jason Gunthorpe <jgg@nvidia.com>
Cc: mst <mst@redhat.com>, linux-kernel <linux-kernel@vger.kernel.org>,
kvm <kvm@vger.kernel.org>,
virtualization <virtualization@lists.linux-foundation.org>,
netdev <netdev@vger.kernel.org>,
Maxime Coquelin <maxime.coquelin@redhat.com>,
"Liang, Cunming" <cunming.liang@intel.com>,
zhihong.wang@intel.com, rob.miller@broadcom.com,
Xiao W Wang <xiao.w.wang@intel.com>,
Zhu Lingshan <lingshan.zhu@intel.com>,
eperezma <eperezma@redhat.com>, Cindy Lu <lulu@redhat.com>,
Parav Pandit <parav@mellanox.com>,
"Tian, Kevin" <kevin.tian@intel.com>,
Stefan Hajnoczi <stefanha@redhat.com>,
Randy Dunlap <rdunlap@infradead.org>,
Christoph Hellwig <hch@infradead.org>,
Ariel Adam <aadam@redhat.com>,
jiri@mellanox.com, shahafs@mellanox.com,
Harpreet Singh Anand <hanand@xilinx.com>,
mhabets@solarflare.com, Gautam Dawar <gdawar@xilinx.com>,
Saugat Mitra <saugatm@xilinx.com>,
vmireyno@marvell.com, zhangweining@ruijie.com.cn,
Tiwei Bie <tiwei.bie@intel.com>,
Lu Baolu <baolu.lu@linux.intel.com>
Subject: Re: [PATCH V9 7/9] vhost: introduce vDPA-based backend
Date: Tue, 2 Nov 2021 11:52:20 +0800 [thread overview]
Message-ID: <CACGkMEtbs3u7J7krpkusfqczTU00+6o_YtZjD8htC=+Un9cNew@mail.gmail.com> (raw)
In-Reply-To: <20211101141133.GA1073864@nvidia.com>
On Mon, Nov 1, 2021 at 10:11 PM Jason Gunthorpe <jgg@nvidia.com> wrote:
>
> On Thu, Mar 26, 2020 at 10:01:23PM +0800, Jason Wang wrote:
> > From: Tiwei Bie <tiwei.bie@intel.com>
> >
> > This patch introduces a vDPA-based vhost backend. This backend is
> > built on top of the same interface defined in virtio-vDPA and provides
> > a generic vhost interface for userspace to accelerate the virtio
> > devices in guest.
> >
> > This backend is implemented as a vDPA device driver on top of the same
> > ops used in virtio-vDPA. It will create char device entry named
> > vhost-vdpa-$index for userspace to use. Userspace can use vhost ioctls
> > on top of this char device to setup the backend.
> >
> > Vhost ioctls are extended to make it type agnostic and behave like a
> > virtio device, this help to eliminate type specific API like what
> > vhost_net/scsi/vsock did:
> >
> > - VHOST_VDPA_GET_DEVICE_ID: get the virtio device ID which is defined
> > by virtio specification to differ from different type of devices
> > - VHOST_VDPA_GET_VRING_NUM: get the maximum size of virtqueue
> > supported by the vDPA device
> > - VHSOT_VDPA_SET/GET_STATUS: set and get virtio status of vDPA device
> > - VHOST_VDPA_SET/GET_CONFIG: access virtio config space
> > - VHOST_VDPA_SET_VRING_ENABLE: enable a specific virtqueue
> >
> > For memory mapping, IOTLB API is mandated for vhost-vDPA which means
> > userspace drivers are required to use
> > VHOST_IOTLB_UPDATE/VHOST_IOTLB_INVALIDATE to add or remove mapping for
> > a specific userspace memory region.
> >
> > The vhost-vDPA API is designed to be type agnostic, but it allows net
> > device only in current stage. Due to the lacking of control virtqueue
> > support, some features were filter out by vhost-vdpa.
> >
> > We will enable more features and devices in the near future.
>
> [..]
>
> > +static int vhost_vdpa_alloc_domain(struct vhost_vdpa *v)
> > +{
> > + struct vdpa_device *vdpa = v->vdpa;
> > + const struct vdpa_config_ops *ops = vdpa->config;
> > + struct device *dma_dev = vdpa_get_dma_dev(vdpa);
> > + struct bus_type *bus;
> > + int ret;
> > +
> > + /* Device want to do DMA by itself */
> > + if (ops->set_map || ops->dma_map)
> > + return 0;
> > +
> > + bus = dma_dev->bus;
> > + if (!bus)
> > + return -EFAULT;
> > +
> > + if (!iommu_capable(bus, IOMMU_CAP_CACHE_COHERENCY))
> > + return -ENOTSUPP;
> > +
> > + v->domain = iommu_domain_alloc(bus);
> > + if (!v->domain)
> > + return -EIO;
> > +
> > + ret = iommu_attach_device(v->domain, dma_dev);
> > + if (ret)
> > + goto err_attach;
> >
>
> I've been looking at the security of iommu_attach_device() users, and
> I wonder if this is safe?
>
> The security question is if userspace is able to control the DMA
> address the devices uses? Eg if any of the cpu to device ring's are in
> userspace memory?
>
> For instance if userspace can tell the device to send a packet from an
> arbitrary user controlled address.
The map is validated via pin_user_pages() which guarantees that the
address is not arbitrary and must belong to userspace?
Thanks
>
> Thanks,
> Jason
>
WARNING: multiple messages have this Message-ID (diff)
From: Jason Wang <jasowang@redhat.com>
To: Jason Gunthorpe <jgg@nvidia.com>
Cc: kvm <kvm@vger.kernel.org>, mst <mst@redhat.com>,
mhabets@solarflare.com,
virtualization <virtualization@lists.linux-foundation.org>,
rob.miller@broadcom.com, Saugat Mitra <saugatm@xilinx.com>,
Cindy Lu <lulu@redhat.com>,
Harpreet Singh Anand <hanand@xilinx.com>,
Christoph Hellwig <hch@infradead.org>,
eperezma <eperezma@redhat.com>,
shahafs@mellanox.com, Parav Pandit <parav@mellanox.com>,
vmireyno@marvell.com, Gautam Dawar <gdawar@xilinx.com>,
jiri@mellanox.com, Xiao W Wang <xiao.w.wang@intel.com>,
Stefan Hajnoczi <stefanha@redhat.com>,
zhihong.wang@intel.com, zhangweining@ruijie.com.cn,
Tiwei Bie <tiwei.bie@intel.com>,
Randy Dunlap <rdunlap@infradead.org>,
linux-kernel <linux-kernel@vger.kernel.org>,
Maxime Coquelin <maxime.coquelin@redhat.com>,
netdev <netdev@vger.kernel.org>,
Zhu Lingshan <lingshan.zhu@intel.com>,
Lu Baolu <baolu.lu@linux.intel.com>
Subject: Re: [PATCH V9 7/9] vhost: introduce vDPA-based backend
Date: Tue, 2 Nov 2021 11:52:20 +0800 [thread overview]
Message-ID: <CACGkMEtbs3u7J7krpkusfqczTU00+6o_YtZjD8htC=+Un9cNew@mail.gmail.com> (raw)
In-Reply-To: <20211101141133.GA1073864@nvidia.com>
On Mon, Nov 1, 2021 at 10:11 PM Jason Gunthorpe <jgg@nvidia.com> wrote:
>
> On Thu, Mar 26, 2020 at 10:01:23PM +0800, Jason Wang wrote:
> > From: Tiwei Bie <tiwei.bie@intel.com>
> >
> > This patch introduces a vDPA-based vhost backend. This backend is
> > built on top of the same interface defined in virtio-vDPA and provides
> > a generic vhost interface for userspace to accelerate the virtio
> > devices in guest.
> >
> > This backend is implemented as a vDPA device driver on top of the same
> > ops used in virtio-vDPA. It will create char device entry named
> > vhost-vdpa-$index for userspace to use. Userspace can use vhost ioctls
> > on top of this char device to setup the backend.
> >
> > Vhost ioctls are extended to make it type agnostic and behave like a
> > virtio device, this help to eliminate type specific API like what
> > vhost_net/scsi/vsock did:
> >
> > - VHOST_VDPA_GET_DEVICE_ID: get the virtio device ID which is defined
> > by virtio specification to differ from different type of devices
> > - VHOST_VDPA_GET_VRING_NUM: get the maximum size of virtqueue
> > supported by the vDPA device
> > - VHSOT_VDPA_SET/GET_STATUS: set and get virtio status of vDPA device
> > - VHOST_VDPA_SET/GET_CONFIG: access virtio config space
> > - VHOST_VDPA_SET_VRING_ENABLE: enable a specific virtqueue
> >
> > For memory mapping, IOTLB API is mandated for vhost-vDPA which means
> > userspace drivers are required to use
> > VHOST_IOTLB_UPDATE/VHOST_IOTLB_INVALIDATE to add or remove mapping for
> > a specific userspace memory region.
> >
> > The vhost-vDPA API is designed to be type agnostic, but it allows net
> > device only in current stage. Due to the lacking of control virtqueue
> > support, some features were filter out by vhost-vdpa.
> >
> > We will enable more features and devices in the near future.
>
> [..]
>
> > +static int vhost_vdpa_alloc_domain(struct vhost_vdpa *v)
> > +{
> > + struct vdpa_device *vdpa = v->vdpa;
> > + const struct vdpa_config_ops *ops = vdpa->config;
> > + struct device *dma_dev = vdpa_get_dma_dev(vdpa);
> > + struct bus_type *bus;
> > + int ret;
> > +
> > + /* Device want to do DMA by itself */
> > + if (ops->set_map || ops->dma_map)
> > + return 0;
> > +
> > + bus = dma_dev->bus;
> > + if (!bus)
> > + return -EFAULT;
> > +
> > + if (!iommu_capable(bus, IOMMU_CAP_CACHE_COHERENCY))
> > + return -ENOTSUPP;
> > +
> > + v->domain = iommu_domain_alloc(bus);
> > + if (!v->domain)
> > + return -EIO;
> > +
> > + ret = iommu_attach_device(v->domain, dma_dev);
> > + if (ret)
> > + goto err_attach;
> >
>
> I've been looking at the security of iommu_attach_device() users, and
> I wonder if this is safe?
>
> The security question is if userspace is able to control the DMA
> address the devices uses? Eg if any of the cpu to device ring's are in
> userspace memory?
>
> For instance if userspace can tell the device to send a packet from an
> arbitrary user controlled address.
The map is validated via pin_user_pages() which guarantees that the
address is not arbitrary and must belong to userspace?
Thanks
>
> Thanks,
> Jason
>
_______________________________________________
Virtualization mailing list
Virtualization@lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/virtualization
next prev parent reply other threads:[~2021-11-02 3:52 UTC|newest]
Thread overview: 59+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-03-26 14:01 [PATCH V9 0/9] vDPA support Jason Wang
2020-03-26 14:01 ` [PATCH V9 1/9] vhost: refine vhost and vringh kconfig Jason Wang
2020-04-01 11:21 ` Christian Borntraeger
2020-04-01 12:50 ` Jason Wang
2020-04-01 12:56 ` Christian Borntraeger
2020-04-01 13:02 ` Christian Borntraeger
2020-04-01 14:01 ` Michael S. Tsirkin
2020-04-01 14:13 ` Jason Wang
2020-04-01 14:18 ` Michael S. Tsirkin
2020-04-01 14:36 ` Jason Wang
2020-04-01 14:27 ` Michael S. Tsirkin
2020-04-01 14:50 ` Jason Wang
2020-04-01 15:57 ` Michael S. Tsirkin
2020-04-01 18:53 ` Christian Borntraeger
2020-04-01 13:22 ` Michael S. Tsirkin
2020-04-01 14:08 ` Jason Wang
2020-04-01 14:13 ` Michael S. Tsirkin
2020-04-01 14:29 ` Jason Wang
2020-04-01 14:35 ` Michael S. Tsirkin
2020-04-01 14:39 ` Jason Wang
2020-04-01 14:39 ` Michael S. Tsirkin
2020-04-01 14:43 ` Jason Wang
2020-04-01 16:05 ` Michael S. Tsirkin
2020-04-01 16:08 ` Michael S. Tsirkin
2020-04-02 3:22 ` Jason Wang
2020-04-02 3:22 ` Jason Wang
2020-04-02 14:03 ` Michael S. Tsirkin
2020-04-02 14:23 ` Jason Wang
2020-04-02 14:38 ` Michael S. Tsirkin
2020-04-02 14:56 ` Jason Wang
2020-03-26 14:01 ` [PATCH V9 2/9] vhost: allow per device message handler Jason Wang
2020-03-26 14:01 ` [PATCH V9 3/9] vhost: factor out IOTLB Jason Wang
2020-03-26 14:01 ` [PATCH V9 4/9] vringh: IOTLB support Jason Wang
2020-03-26 14:01 ` [PATCH V9 5/9] vDPA: introduce vDPA bus Jason Wang
2020-03-26 14:01 ` [PATCH V9 6/9] virtio: introduce a vDPA based transport Jason Wang
2020-03-26 14:01 ` [PATCH V9 7/9] vhost: introduce vDPA-based backend Jason Wang
2021-11-01 14:11 ` Jason Gunthorpe
2021-11-02 3:52 ` Jason Wang [this message]
2021-11-02 3:52 ` Jason Wang
2021-11-02 15:56 ` Jason Gunthorpe
2021-11-03 7:34 ` Jason Wang
2021-11-03 7:34 ` Jason Wang
2020-03-26 14:01 ` [PATCH V9 8/9] vdpasim: vDPA device simulator Jason Wang
2020-04-10 7:45 ` Geert Uytterhoeven
2020-04-10 7:45 ` Geert Uytterhoeven
2020-04-10 8:23 ` Jason Wang
2020-04-10 8:23 ` Jason Wang
2020-03-26 14:01 ` [PATCH V9 9/9] virtio: Intel IFC VF driver for VDPA Jason Wang
2020-04-09 10:41 ` Arnd Bergmann
2020-04-09 10:41 ` Arnd Bergmann
2020-04-09 12:43 ` Jason Wang
2020-04-09 12:43 ` Jason Wang
2020-04-09 12:49 ` Zhu, Lingshan
2020-04-09 12:49 ` Zhu, Lingshan
2020-04-09 20:25 ` Michael S. Tsirkin
2020-04-09 20:25 ` Michael S. Tsirkin
2020-04-10 3:15 ` Zhu, Lingshan
2020-04-10 3:15 ` Zhu, Lingshan
2020-03-29 11:07 ` [PATCH V9 0/9] vDPA support Michael S. Tsirkin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CACGkMEtbs3u7J7krpkusfqczTU00+6o_YtZjD8htC=+Un9cNew@mail.gmail.com' \
--to=jasowang@redhat.com \
--cc=aadam@redhat.com \
--cc=baolu.lu@linux.intel.com \
--cc=cunming.liang@intel.com \
--cc=eperezma@redhat.com \
--cc=gdawar@xilinx.com \
--cc=hanand@xilinx.com \
--cc=hch@infradead.org \
--cc=jgg@nvidia.com \
--cc=jiri@mellanox.com \
--cc=kevin.tian@intel.com \
--cc=kvm@vger.kernel.org \
--cc=lingshan.zhu@intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=lulu@redhat.com \
--cc=maxime.coquelin@redhat.com \
--cc=mhabets@solarflare.com \
--cc=mst@redhat.com \
--cc=netdev@vger.kernel.org \
--cc=parav@mellanox.com \
--cc=rdunlap@infradead.org \
--cc=rob.miller@broadcom.com \
--cc=saugatm@xilinx.com \
--cc=shahafs@mellanox.com \
--cc=stefanha@redhat.com \
--cc=tiwei.bie@intel.com \
--cc=virtualization@lists.linux-foundation.org \
--cc=vmireyno@marvell.com \
--cc=xiao.w.wang@intel.com \
--cc=zhangweining@ruijie.com.cn \
--cc=zhihong.wang@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.