On Wed, Apr 10, 2024 at 10:15:37AM +0000, Srujana Challa wrote:
> > > > > +
> > > > > + domain = iommu_get_domain_for_dev(dev);
> > > > > + if (!domain || domain->type == IOMMU_DOMAIN_IDENTITY) {
> > > > > + dev_info(dev, "NO-IOMMU\n");
> > > > > + octep_vdpa_ops.set_map = octep_vdpa_set_map;
> > > >
> > > > Is this a shortcut to have get better performance? DMA API should have
> > > > those greacefully I think.
> > > When IOMMU is disabled on host and set_map/dma_map is not set,
> > > vhost-vdpa is reporting an error "Failed to allocate domain, device is not
> > IOMMU cache coherent capable\n".
> > > Hence we are doing this way to get better performance.
> >
> > The problem is, assuming the device does not have any internal IOMMU.
> >
> > 1) If we allow it running without IOMMU, it opens a window for guest
> > to attack the host.
> > 2) If you see perforamnce issue with IOMMU_DOMAIN_IDENTITY, let's
> > report it to DMA/IOMMU maintiner to fix that
> It will be helpful for host networking case when iommu is disabled.
> Can we take the vfio pci driver approach as a reference where user explicitly set
> "enable_unsafe_noiommu_mode" using module param?
vfio is a userspace driver so it's userspace's responsibility.
what exactly ensures correctness here? does the device have
an on-chip iommu?
> >
> > Thanks
>
> Thanks.
>
