Re: [EXTERNAL] Re: [PATCH] virtio: vdpa: vDPA driver for Marvell OCTEON DPU devices

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Apr 10, 2024 at 6:16 PM Srujana Challa <schalla@xxxxxxxxxxx> wrote:
>
> > > > > +
> > > > > +       domain = iommu_get_domain_for_dev(dev);
> > > > > +       if (!domain || domain->type == IOMMU_DOMAIN_IDENTITY) {
> > > > > +               dev_info(dev, "NO-IOMMU\n");
> > > > > +               octep_vdpa_ops.set_map = octep_vdpa_set_map;
> > > >
> > > > Is this a shortcut to have get better performance? DMA API should have
> > > > those greacefully I think.
> > > When IOMMU is disabled on host and set_map/dma_map is not set,
> > > vhost-vdpa is reporting an error "Failed to allocate domain, device is not
> > IOMMU cache coherent capable\n".
> > > Hence we are doing this way to get better performance.
> >
> > The problem is, assuming the device does not have any internal IOMMU.
> >
> > 1) If we allow it running without IOMMU, it opens a window for guest
> > to attack the host.
> > 2) If you see perforamnce issue with IOMMU_DOMAIN_IDENTITY, let's
> > report it to DMA/IOMMU maintiner to fix that
> It will be helpful for host networking case when iommu is disabled.
> Can we take the vfio pci driver approach as a reference where user explicitly set
> "enable_unsafe_noiommu_mode" using module param?

I prefer not, the "unsafe" is a hint that it should not be used in
production environment due to security implications.

How much degradation have you seen for IOMMU_DOMAIN_IDENTITY or IOMMU
is disabled? Is that because of the DMA API?

Thanks

>
> >
> > Thanks
>
> Thanks.
>






[Index of Archives]     [KVM Development]     [Libvirt Development]     [Libvirt Users]     [CentOS Virtualization]     [Netdev]     [Ethernet Bridging]     [Linux Wireless]     [Kernel Newbies]     [Security]     [Linux for Hams]     [Netfilter]     [Bugtraq]     [Yosemite Forum]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux Admin]     [Samba]

  Powered by Linux