On 2025/8/15 22:20, Alex Williamson wrote:
On Fri, 15 Aug 2025 18:49:22 +0800
Yi Liu <yi.l....@intel.com> wrote:
On 2025/8/14 23:34, Cédric Le Goater wrote:
The VFIO IOMMU Type1 kernel driver enforces a default IOMMU mapping
limit of 65535, which is configurable via the 'dma_max_mappings'
@Alex, I've a long standing question, could you share why 65535 is the
magic number? :)
640^Hk is enough for anyone, right? ;)
We added this in response to a security issue where a user could
allocate an unlimited number of vfio_dma objects and, iirc, the thought
was that 64k entries was an absurdly high number for all typical cases
where we're making relatively few, relatively static DMA mappings,
which is effectively what the type1 interface is designed for. It
would be insanely inefficient to map the entire VM with 4K pages with
type1, right?! Enter confidential device assignment...
yes. I remember there were some NIC passthrough scenarios hit the 65535
limit in the before and passed after opt a larger dma_max_mappings value.
It's still a bad idea to use type1 this way, I'm just waiting for the
reports of slow VM startup with large memory VMs, however we might be
able to mitigate the security issue if we allocated the vfio_dma
objects with GFP_KERNEL_ACCOUNT. However, I think we also compounded
the problem in QEMU when looking for the number of available mapping
entries it assumes 64k if the limit capability isn't found, rather than
unlimited.
yeah, admin can program a smaller dma_max_mappings value on an eld
kernel (a version before dma_avail cap is reported). If so, existing
QEMU may hit the dma_max_mapping limit while it believes it has not yet.
So to unwind ourselves out of this jam, we might choose to
report UINT32_MAX and some additional mechanism to report unlimited, or
let QEMU fix itself, or we just advise that type1 is a bad interface
for this and needing to adjust the limit is an indication or that and
such use cases should migrate to better interfaces in IOMMUFD. Thanks,
thanks for the the explanation. :)
Regards,
Yi Liu
