Re: [PATCH] vfio iommu type1: Bypass the vma permission check in vfio_pin_pages_remote()

2020-12-07 Thread Stefan Hajnoczi
On Thu, Dec 03, 2020 at 05:01:32PM +0100, David Hildenbrand wrote: > The real question is: do we even *need* DMA from vfio devices to > virtio-fs regions? If not (do guests rely on it? what does the spec > state?), just don't care about vfio at all and don't map anything. Can DMA to/from the virti

Re: [PATCH] vfio iommu type1: Bypass the vma permission check in vfio_pin_pages_remote()

2020-12-03 Thread David Hildenbrand
On 03.12.20 16:43, Peter Xu wrote: > On Thu, Dec 03, 2020 at 11:20:02AM +, Stefan Hajnoczi wrote: >> On Wed, Dec 02, 2020 at 10:45:11AM -0500, Peter Xu wrote: >>> On Wed, Dec 02, 2020 at 02:33:56PM +, Stefan Hajnoczi wrote: On Wed, Nov 25, 2020 at 10:57:11AM -0500, Peter Xu wrote:

Re: [PATCH] vfio iommu type1: Bypass the vma permission check in vfio_pin_pages_remote()

2020-12-03 Thread Alex Williamson
On Thu, 3 Dec 2020 10:43:22 -0500 Peter Xu wrote: > On Thu, Dec 03, 2020 at 11:20:02AM +, Stefan Hajnoczi wrote: > > On Wed, Dec 02, 2020 at 10:45:11AM -0500, Peter Xu wrote: > > > On Wed, Dec 02, 2020 at 02:33:56PM +, Stefan Hajnoczi wrote: > > > > On Wed, Nov 25, 2020 at 10:57:11AM

Re: [PATCH] vfio iommu type1: Bypass the vma permission check in vfio_pin_pages_remote()

2020-12-03 Thread Peter Xu
On Thu, Dec 03, 2020 at 11:20:02AM +, Stefan Hajnoczi wrote: > On Wed, Dec 02, 2020 at 10:45:11AM -0500, Peter Xu wrote: > > On Wed, Dec 02, 2020 at 02:33:56PM +, Stefan Hajnoczi wrote: > > > On Wed, Nov 25, 2020 at 10:57:11AM -0500, Peter Xu wrote: > > > > On Wed, Nov 25, 2020 at 01:05:25A

Re: [PATCH] vfio iommu type1: Bypass the vma permission check in vfio_pin_pages_remote()

2020-12-03 Thread Stefan Hajnoczi
On Wed, Dec 02, 2020 at 10:45:11AM -0500, Peter Xu wrote: > On Wed, Dec 02, 2020 at 02:33:56PM +, Stefan Hajnoczi wrote: > > On Wed, Nov 25, 2020 at 10:57:11AM -0500, Peter Xu wrote: > > > On Wed, Nov 25, 2020 at 01:05:25AM +, Justin He wrote: > > > > > I'd appreciate if you could explain w

Re: [PATCH] vfio iommu type1: Bypass the vma permission check in vfio_pin_pages_remote()

2020-12-02 Thread Peter Xu
Hi, Stefan, On Wed, Dec 02, 2020 at 02:33:56PM +, Stefan Hajnoczi wrote: > On Wed, Nov 25, 2020 at 10:57:11AM -0500, Peter Xu wrote: > > On Wed, Nov 25, 2020 at 01:05:25AM +, Justin He wrote: > > > > I'd appreciate if you could explain why vfio needs to dma map some > > > > PROT_NONE > > >

Re: [PATCH] vfio iommu type1: Bypass the vma permission check in vfio_pin_pages_remote()

2020-12-02 Thread Stefan Hajnoczi
On Wed, Nov 25, 2020 at 10:57:11AM -0500, Peter Xu wrote: > On Wed, Nov 25, 2020 at 01:05:25AM +, Justin He wrote: > > > I'd appreciate if you could explain why vfio needs to dma map some > > > PROT_NONE > > > > Virtiofs will map a PROT_NONE cache window region firstly, then remap the > > sub

Re: [PATCH] vfio iommu type1: Bypass the vma permission check in vfio_pin_pages_remote()

2020-11-25 Thread Peter Xu
On Wed, Nov 25, 2020 at 01:05:25AM +, Justin He wrote: > > I'd appreciate if you could explain why vfio needs to dma map some > > PROT_NONE > > Virtiofs will map a PROT_NONE cache window region firstly, then remap the sub > region of that cache window with read or write permission. I guess thi

RE: [PATCH] vfio iommu type1: Bypass the vma permission check in vfio_pin_pages_remote()

2020-11-24 Thread Justin He
Hi Peter > -Original Message- > From: Peter Xu > Sent: Wednesday, November 25, 2020 2:12 AM > To: Justin He > Cc: Alex Williamson ; Cornelia Huck > ; k...@vger.kernel.org; linux-kernel@vger.kernel.org > Subject: Re: [PATCH] vfio iommu type1: Bypass the vm

Re: [PATCH] vfio iommu type1: Bypass the vma permission check in vfio_pin_pages_remote()

2020-11-24 Thread Peter Xu
Hi, Jia, On Thu, Nov 19, 2020 at 10:27:37PM +0800, Jia He wrote: > The permission of vfio iommu is different and incompatible with vma > permission. If the iotlb->perm is IOMMU_NONE (e.g. qemu side), qemu will > simply call unmap ioctl() instead of mapping. Hence vfio_dma_map() can't > map a dma r

Re: [PATCH] vfio iommu type1: Bypass the vma permission check in vfio_pin_pages_remote()

2020-11-24 Thread Alex Williamson
; k...@vger.kernel.org; linux- > > ker...@vger.kernel.org > > Subject: Re: [PATCH] vfio iommu type1: Bypass the vma permission check in > > vfio_pin_pages_remote() > > > > On Thu, 19 Nov 2020 22:27:37 +0800 > > Jia He wrote: > > > > > The permission

RE: [PATCH] vfio iommu type1: Bypass the vma permission check in vfio_pin_pages_remote()

2020-11-22 Thread Justin He
Hi Alex, thanks for the comments. See mine below: > -Original Message- > From: Alex Williamson > Sent: Friday, November 20, 2020 1:05 AM > To: Justin He > Cc: Cornelia Huck ; k...@vger.kernel.org; linux- > ker...@vger.kernel.org > Subject: Re: [PATCH] vfio iommu

Re: [PATCH] vfio iommu type1: Bypass the vma permission check in vfio_pin_pages_remote()

2020-11-19 Thread Alex Williamson
On Thu, 19 Nov 2020 22:27:37 +0800 Jia He wrote: > The permission of vfio iommu is different and incompatible with vma > permission. If the iotlb->perm is IOMMU_NONE (e.g. qemu side), qemu will > simply call unmap ioctl() instead of mapping. Hence vfio_dma_map() can't > map a dma region with NONE

[PATCH] vfio iommu type1: Bypass the vma permission check in vfio_pin_pages_remote()

2020-11-19 Thread Jia He
The permission of vfio iommu is different and incompatible with vma permission. If the iotlb->perm is IOMMU_NONE (e.g. qemu side), qemu will simply call unmap ioctl() instead of mapping. Hence vfio_dma_map() can't map a dma region with NONE permission. This corner case will be exposed in coming vi