> > > > +
> > > > + domain = iommu_get_domain_for_dev(dev);
> > > > + if (!domain || domain->type == IOMMU_DOMAIN_IDENTITY) {
> > > > + dev_info(dev, "NO-IOMMU\n");
> > > > + octep_vdpa_ops.set_map = octep_vdpa_set_map;
> > >
> > > Is this a shortcut to have get better performance? DMA API should have
> > > those greacefully I think.
> > When IOMMU is disabled on host and set_map/dma_map is not set,
> > vhost-vdpa is reporting an error "Failed to allocate domain, device is not
> IOMMU cache coherent capable\n".
> > Hence we are doing this way to get better performance.
>
> The problem is, assuming the device does not have any internal IOMMU.
>
> 1) If we allow it running without IOMMU, it opens a window for guest
> to attack the host.
> 2) If you see perforamnce issue with IOMMU_DOMAIN_IDENTITY, let's
> report it to DMA/IOMMU maintiner to fix that
It will be helpful for host networking case when iommu is disabled.
Can we take the vfio pci driver approach as a reference where user explicitly
set
"enable_unsafe_noiommu_mode" using module param?
>
> Thanks
Thanks.
