mirror of
https://mirrors.bfsu.edu.cn/git/linux.git
synced 2024-12-27 21:14:44 +08:00
03a76b60f8
There is really no way to safely give a user full access to a DMA capable device without an IOMMU to protect the host system. There is also no way to provide DMA translation, for use cases such as device assignment to virtual machines. However, there are still those users that want userspace drivers even under those conditions. The UIO driver exists for this use case, but does not provide the degree of device access and programming that VFIO has. In an effort to avoid code duplication, this introduces a No-IOMMU mode for VFIO. This mode requires building VFIO with CONFIG_VFIO_NOIOMMU and enabling the "enable_unsafe_noiommu_mode" option on the vfio driver. This should make it very clear that this mode is not safe. Additionally, CAP_SYS_RAWIO privileges are necessary to work with groups and containers using this mode. Groups making use of this support are named /dev/vfio/noiommu-$GROUP and can only make use of the special VFIO_NOIOMMU_IOMMU for the container. Use of this mode, specifically binding a device without a native IOMMU group to a VFIO bus driver will taint the kernel and should therefore not be considered supported. This patch includes no-iommu support for the vfio-pci bus driver only. Signed-off-by: Alex Williamson <alex.williamson@redhat.com> Acked-by: Michael S. Tsirkin <mst@redhat.com>
52 lines
1.5 KiB
Plaintext
52 lines
1.5 KiB
Plaintext
config VFIO_IOMMU_TYPE1
|
|
tristate
|
|
depends on VFIO
|
|
default n
|
|
|
|
config VFIO_IOMMU_SPAPR_TCE
|
|
tristate
|
|
depends on VFIO && SPAPR_TCE_IOMMU
|
|
default n
|
|
|
|
config VFIO_SPAPR_EEH
|
|
tristate
|
|
depends on EEH && VFIO_IOMMU_SPAPR_TCE
|
|
default n
|
|
|
|
config VFIO_VIRQFD
|
|
tristate
|
|
depends on VFIO && EVENTFD
|
|
default n
|
|
|
|
menuconfig VFIO
|
|
tristate "VFIO Non-Privileged userspace driver framework"
|
|
depends on IOMMU_API
|
|
select VFIO_IOMMU_TYPE1 if (X86 || S390 || ARM_SMMU || ARM_SMMU_V3)
|
|
select VFIO_IOMMU_SPAPR_TCE if (PPC_POWERNV || PPC_PSERIES)
|
|
select VFIO_SPAPR_EEH if (PPC_POWERNV || PPC_PSERIES)
|
|
select ANON_INODES
|
|
help
|
|
VFIO provides a framework for secure userspace device drivers.
|
|
See Documentation/vfio.txt for more details.
|
|
|
|
If you don't know what to do here, say N.
|
|
|
|
menuconfig VFIO_NOIOMMU
|
|
bool "VFIO No-IOMMU support"
|
|
depends on VFIO
|
|
help
|
|
VFIO is built on the ability to isolate devices using the IOMMU.
|
|
Only with an IOMMU can userspace access to DMA capable devices be
|
|
considered secure. VFIO No-IOMMU mode enables IOMMU groups for
|
|
devices without IOMMU backing for the purpose of re-using the VFIO
|
|
infrastructure in a non-secure mode. Use of this mode will result
|
|
in an unsupportable kernel and will therefore taint the kernel.
|
|
Device assignment to virtual machines is also not possible with
|
|
this mode since there is no IOMMU to provide DMA translation.
|
|
|
|
If you don't know what to do here, say N.
|
|
|
|
source "drivers/vfio/pci/Kconfig"
|
|
source "drivers/vfio/platform/Kconfig"
|
|
source "virt/lib/Kconfig"
|