linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Jason Wang <jasowang@redhat.com>
To: Jason Gunthorpe <jgg@nvidia.com>
Cc: mst <mst@redhat.com>, linux-kernel <linux-kernel@vger.kernel.org>,
	kvm <kvm@vger.kernel.org>,
	virtualization <virtualization@lists.linux-foundation.org>,
	netdev <netdev@vger.kernel.org>,
	Maxime Coquelin <maxime.coquelin@redhat.com>,
	"Liang, Cunming" <cunming.liang@intel.com>,
	zhihong.wang@intel.com, rob.miller@broadcom.com,
	Xiao W Wang <xiao.w.wang@intel.com>,
	Zhu Lingshan <lingshan.zhu@intel.com>,
	eperezma <eperezma@redhat.com>, Cindy Lu <lulu@redhat.com>,
	Parav Pandit <parav@mellanox.com>,
	"Tian, Kevin" <kevin.tian@intel.com>,
	Stefan Hajnoczi <stefanha@redhat.com>,
	Randy Dunlap <rdunlap@infradead.org>,
	Christoph Hellwig <hch@infradead.org>,
	Ariel Adam <aadam@redhat.com>,
	jiri@mellanox.com, shahafs@mellanox.com,
	Harpreet Singh Anand <hanand@xilinx.com>,
	mhabets@solarflare.com, Gautam Dawar <gdawar@xilinx.com>,
	Saugat Mitra <saugatm@xilinx.com>,
	vmireyno@marvell.com, zhangweining@ruijie.com.cn,
	Tiwei Bie <tiwei.bie@intel.com>,
	Lu Baolu <baolu.lu@linux.intel.com>
Subject: Re: [PATCH V9 7/9] vhost: introduce vDPA-based backend
Date: Tue, 2 Nov 2021 11:52:20 +0800	[thread overview]
Message-ID: <CACGkMEtbs3u7J7krpkusfqczTU00+6o_YtZjD8htC=+Un9cNew@mail.gmail.com> (raw)
In-Reply-To: <20211101141133.GA1073864@nvidia.com>

On Mon, Nov 1, 2021 at 10:11 PM Jason Gunthorpe <jgg@nvidia.com> wrote:
>
> On Thu, Mar 26, 2020 at 10:01:23PM +0800, Jason Wang wrote:
> > From: Tiwei Bie <tiwei.bie@intel.com>
> >
> > This patch introduces a vDPA-based vhost backend. This backend is
> > built on top of the same interface defined in virtio-vDPA and provides
> > a generic vhost interface for userspace to accelerate the virtio
> > devices in guest.
> >
> > This backend is implemented as a vDPA device driver on top of the same
> > ops used in virtio-vDPA. It will create char device entry named
> > vhost-vdpa-$index for userspace to use. Userspace can use vhost ioctls
> > on top of this char device to setup the backend.
> >
> > Vhost ioctls are extended to make it type agnostic and behave like a
> > virtio device, this help to eliminate type specific API like what
> > vhost_net/scsi/vsock did:
> >
> > - VHOST_VDPA_GET_DEVICE_ID: get the virtio device ID which is defined
> >   by virtio specification to differ from different type of devices
> > - VHOST_VDPA_GET_VRING_NUM: get the maximum size of virtqueue
> >   supported by the vDPA device
> > - VHSOT_VDPA_SET/GET_STATUS: set and get virtio status of vDPA device
> > - VHOST_VDPA_SET/GET_CONFIG: access virtio config space
> > - VHOST_VDPA_SET_VRING_ENABLE: enable a specific virtqueue
> >
> > For memory mapping, IOTLB API is mandated for vhost-vDPA which means
> > userspace drivers are required to use
> > VHOST_IOTLB_UPDATE/VHOST_IOTLB_INVALIDATE to add or remove mapping for
> > a specific userspace memory region.
> >
> > The vhost-vDPA API is designed to be type agnostic, but it allows net
> > device only in current stage. Due to the lacking of control virtqueue
> > support, some features were filter out by vhost-vdpa.
> >
> > We will enable more features and devices in the near future.
>
> [..]
>
> > +static int vhost_vdpa_alloc_domain(struct vhost_vdpa *v)
> > +{
> > +     struct vdpa_device *vdpa = v->vdpa;
> > +     const struct vdpa_config_ops *ops = vdpa->config;
> > +     struct device *dma_dev = vdpa_get_dma_dev(vdpa);
> > +     struct bus_type *bus;
> > +     int ret;
> > +
> > +     /* Device want to do DMA by itself */
> > +     if (ops->set_map || ops->dma_map)
> > +             return 0;
> > +
> > +     bus = dma_dev->bus;
> > +     if (!bus)
> > +             return -EFAULT;
> > +
> > +     if (!iommu_capable(bus, IOMMU_CAP_CACHE_COHERENCY))
> > +             return -ENOTSUPP;
> > +
> > +     v->domain = iommu_domain_alloc(bus);
> > +     if (!v->domain)
> > +             return -EIO;
> > +
> > +     ret = iommu_attach_device(v->domain, dma_dev);
> > +     if (ret)
> > +             goto err_attach;
> >
>
> I've been looking at the security of iommu_attach_device() users, and
> I wonder if this is safe?
>
> The security question is if userspace is able to control the DMA
> address the devices uses? Eg if any of the cpu to device ring's are in
> userspace memory?
>
> For instance if userspace can tell the device to send a packet from an
> arbitrary user controlled address.

The map is validated via pin_user_pages() which guarantees that the
address is not arbitrary and must belong to userspace?

Thanks

>
> Thanks,
> Jason
>


  reply	other threads:[~2021-11-02  3:52 UTC|newest]

Thread overview: 49+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-03-26 14:01 [PATCH V9 0/9] vDPA support Jason Wang
2020-03-26 14:01 ` [PATCH V9 1/9] vhost: refine vhost and vringh kconfig Jason Wang
2020-04-01 11:21   ` Christian Borntraeger
2020-04-01 12:50     ` Jason Wang
2020-04-01 12:56       ` Christian Borntraeger
2020-04-01 13:02         ` Christian Borntraeger
2020-04-01 14:01           ` Michael S. Tsirkin
2020-04-01 14:13           ` Jason Wang
2020-04-01 14:18             ` Michael S. Tsirkin
2020-04-01 14:36               ` Jason Wang
2020-04-01 14:27             ` Michael S. Tsirkin
2020-04-01 14:50               ` Jason Wang
2020-04-01 15:57                 ` Michael S. Tsirkin
2020-04-01 18:53                   ` Christian Borntraeger
2020-04-01 13:22   ` Michael S. Tsirkin
2020-04-01 14:08     ` Jason Wang
2020-04-01 14:13       ` Michael S. Tsirkin
2020-04-01 14:29         ` Jason Wang
2020-04-01 14:35           ` Michael S. Tsirkin
2020-04-01 14:39             ` Jason Wang
2020-04-01 14:39           ` Michael S. Tsirkin
2020-04-01 14:43             ` Jason Wang
2020-04-01 16:05           ` Michael S. Tsirkin
2020-04-01 16:08           ` Michael S. Tsirkin
2020-04-02  3:22             ` Jason Wang
2020-04-02 14:03               ` Michael S. Tsirkin
2020-04-02 14:23                 ` Jason Wang
2020-04-02 14:38                   ` Michael S. Tsirkin
2020-04-02 14:56                     ` Jason Wang
2020-03-26 14:01 ` [PATCH V9 2/9] vhost: allow per device message handler Jason Wang
2020-03-26 14:01 ` [PATCH V9 3/9] vhost: factor out IOTLB Jason Wang
2020-03-26 14:01 ` [PATCH V9 4/9] vringh: IOTLB support Jason Wang
2020-03-26 14:01 ` [PATCH V9 5/9] vDPA: introduce vDPA bus Jason Wang
2020-03-26 14:01 ` [PATCH V9 6/9] virtio: introduce a vDPA based transport Jason Wang
2020-03-26 14:01 ` [PATCH V9 7/9] vhost: introduce vDPA-based backend Jason Wang
2021-11-01 14:11   ` Jason Gunthorpe
2021-11-02  3:52     ` Jason Wang [this message]
2021-11-02 15:56       ` Jason Gunthorpe
2021-11-03  7:34         ` Jason Wang
2020-03-26 14:01 ` [PATCH V9 8/9] vdpasim: vDPA device simulator Jason Wang
2020-04-10  7:45   ` Geert Uytterhoeven
2020-04-10  8:23     ` Jason Wang
2020-03-26 14:01 ` [PATCH V9 9/9] virtio: Intel IFC VF driver for VDPA Jason Wang
2020-04-09 10:41   ` Arnd Bergmann
2020-04-09 12:43     ` Jason Wang
2020-04-09 12:49       ` Zhu, Lingshan
2020-04-09 20:25     ` Michael S. Tsirkin
2020-04-10  3:15       ` Zhu, Lingshan
2020-03-29 11:07 ` [PATCH V9 0/9] vDPA support Michael S. Tsirkin

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CACGkMEtbs3u7J7krpkusfqczTU00+6o_YtZjD8htC=+Un9cNew@mail.gmail.com' \
    --to=jasowang@redhat.com \
    --cc=aadam@redhat.com \
    --cc=baolu.lu@linux.intel.com \
    --cc=cunming.liang@intel.com \
    --cc=eperezma@redhat.com \
    --cc=gdawar@xilinx.com \
    --cc=hanand@xilinx.com \
    --cc=hch@infradead.org \
    --cc=jgg@nvidia.com \
    --cc=jiri@mellanox.com \
    --cc=kevin.tian@intel.com \
    --cc=kvm@vger.kernel.org \
    --cc=lingshan.zhu@intel.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=lulu@redhat.com \
    --cc=maxime.coquelin@redhat.com \
    --cc=mhabets@solarflare.com \
    --cc=mst@redhat.com \
    --cc=netdev@vger.kernel.org \
    --cc=parav@mellanox.com \
    --cc=rdunlap@infradead.org \
    --cc=rob.miller@broadcom.com \
    --cc=saugatm@xilinx.com \
    --cc=shahafs@mellanox.com \
    --cc=stefanha@redhat.com \
    --cc=tiwei.bie@intel.com \
    --cc=virtualization@lists.linux-foundation.org \
    --cc=vmireyno@marvell.com \
    --cc=xiao.w.wang@intel.com \
    --cc=zhangweining@ruijie.com.cn \
    --cc=zhihong.wang@intel.com \
    --subject='Re: [PATCH V9 7/9] vhost: introduce vDPA-based backend' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).