8b6f173a4c
This adds cdev support for vfio_device. It allows the user to directly open a vfio device w/o using the legacy container/group interface, as a prerequisite for supporting new iommu features like nested translation and etc. The device fd opened in this manner doesn't have the capability to access the device as the fops open() doesn't open the device until the successful VFIO_DEVICE_BIND_IOMMUFD ioctl which will be added in a later patch. With this patch, devices registered to vfio core would have both the legacy group and the new device interfaces created. - group interface : /dev/vfio/$groupID - device interface: /dev/vfio/devices/vfioX - normal device ("X" is a unique number across vfio devices) For a given device, the user can identify the matching vfioX by searching the vfio-dev folder under the sysfs path of the device. Take PCI device (0000:6a:01.0) as an example, /sys/bus/pci/devices/0000\:6a\:01.0/vfio-dev/vfioX implies the matching vfioX under /dev/vfio/devices/, and vfio-dev/vfioX/dev contains the major:minor number of the matching /dev/vfio/devices/vfioX. The user can get device fd by opening the /dev/vfio/devices/vfioX. The vfio_device cdev logic in this patch: *) __vfio_register_dev() path ends up doing cdev_device_add() for each vfio_device if VFIO_DEVICE_CDEV configured. *) vfio_unregister_group_dev() path does cdev_device_del(); cdev interface does not support noiommu devices, so VFIO only creates the legacy group interface for the physical devices that do not have IOMMU. noiommu users should use the legacy group interface. Reviewed-by: Kevin Tian <kevin.tian@intel.com> Reviewed-by: Jason Gunthorpe <jgg@nvidia.com> Tested-by: Terrence Xu <terrence.xu@intel.com> Tested-by: Nicolin Chen <nicolinc@nvidia.com> Tested-by: Matthew Rosato <mjrosato@linux.ibm.com> Tested-by: Yanting Jiang <yanting.jiang@intel.com> Tested-by: Shameer Kolothum <shameerali.kolothum.thodi@huawei.com> Tested-by: Zhenzhong Duan <zhenzhong.duan@intel.com> Signed-off-by: Yi Liu <yi.l.liu@intel.com> Link: https://lore.kernel.org/r/20230718135551.6592-19-yi.l.liu@intel.com Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
76 lines
2.3 KiB
Plaintext
76 lines
2.3 KiB
Plaintext
# SPDX-License-Identifier: GPL-2.0-only
|
|
menuconfig VFIO
|
|
tristate "VFIO Non-Privileged userspace driver framework"
|
|
select IOMMU_API
|
|
depends on IOMMUFD || !IOMMUFD
|
|
select INTERVAL_TREE
|
|
select VFIO_CONTAINER if IOMMUFD=n
|
|
help
|
|
VFIO provides a framework for secure userspace device drivers.
|
|
See Documentation/driver-api/vfio.rst for more details.
|
|
|
|
If you don't know what to do here, say N.
|
|
|
|
if VFIO
|
|
config VFIO_DEVICE_CDEV
|
|
bool "Support for the VFIO cdev /dev/vfio/devices/vfioX"
|
|
depends on IOMMUFD && !SPAPR_TCE_IOMMU
|
|
help
|
|
The VFIO device cdev is another way for userspace to get device
|
|
access. Userspace gets device fd by opening device cdev under
|
|
/dev/vfio/devices/vfioX, and then bind the device fd with an iommufd
|
|
to set up secure DMA context for device access. This interface does
|
|
not support noiommu.
|
|
|
|
If you don't know what to do here, say N.
|
|
|
|
config VFIO_CONTAINER
|
|
bool "Support for the VFIO container /dev/vfio/vfio"
|
|
select VFIO_IOMMU_TYPE1 if MMU && (X86 || S390 || ARM || ARM64)
|
|
default y
|
|
help
|
|
The VFIO container is the classic interface to VFIO for establishing
|
|
IOMMU mappings. If N is selected here then IOMMUFD must be used to
|
|
manage the mappings.
|
|
|
|
Unless testing IOMMUFD say Y here.
|
|
|
|
if VFIO_CONTAINER
|
|
config VFIO_IOMMU_TYPE1
|
|
tristate
|
|
default n
|
|
|
|
config VFIO_IOMMU_SPAPR_TCE
|
|
tristate
|
|
depends on SPAPR_TCE_IOMMU
|
|
default VFIO
|
|
endif
|
|
|
|
config VFIO_NOIOMMU
|
|
bool "VFIO No-IOMMU support"
|
|
help
|
|
VFIO is built on the ability to isolate devices using the IOMMU.
|
|
Only with an IOMMU can userspace access to DMA capable devices be
|
|
considered secure. VFIO No-IOMMU mode enables IOMMU groups for
|
|
devices without IOMMU backing for the purpose of re-using the VFIO
|
|
infrastructure in a non-secure mode. Use of this mode will result
|
|
in an unsupportable kernel and will therefore taint the kernel.
|
|
Device assignment to virtual machines is also not possible with
|
|
this mode since there is no IOMMU to provide DMA translation.
|
|
|
|
If you don't know what to do here, say N.
|
|
|
|
config VFIO_VIRQFD
|
|
bool
|
|
select EVENTFD
|
|
default n
|
|
|
|
source "drivers/vfio/pci/Kconfig"
|
|
source "drivers/vfio/platform/Kconfig"
|
|
source "drivers/vfio/mdev/Kconfig"
|
|
source "drivers/vfio/fsl-mc/Kconfig"
|
|
source "drivers/vfio/cdx/Kconfig"
|
|
endif
|
|
|
|
source "virt/lib/Kconfig"
|