• Alex Williamson's avatar
    vfio: Include No-IOMMU mode · 033291ec
    Alex Williamson authored
    There is really no way to safely give a user full access to a DMA
    capable device without an IOMMU to protect the host system.  There is
    also no way to provide DMA translation, for use cases such as device
    assignment to virtual machines.  However, there are still those users
    that want userspace drivers even under those conditions.  The UIO
    driver exists for this use case, but does not provide the degree of
    device access and programming that VFIO has.  In an effort to avoid
    code duplication, this introduces a No-IOMMU mode for VFIO.
    This mode requires building VFIO with CONFIG_VFIO_NOIOMMU and enabling
    the "enable_unsafe_noiommu_mode" option on the vfio driver.  This
    should make it very clear that this mode is not safe.  Additionally,
    CAP_SYS_RAWIO privileges are necessary to work with groups and
    containers using this mode.  Groups making use of this support are
    named /dev/vfio/noiommu-$GROUP and can only make use of the special
    VFIO_NOIOMMU_IOMMU for the container.  Use of this mode, specifically
    binding a device without a native IOMMU group to a VFIO bus driver
    will taint the kernel and should therefore not be considered
    supported.  This patch includes no-iommu support for the vfio-pci bus
    driver only.
    Signed-off-by: default avatarAlex Williamson <alex.williamson@redhat.com>
    Acked-by: default avatarMichael S. Tsirkin <mst@redhat.com>
vfio_pci.c 29.9 KB