It sounds like a separate vfio iommu backend from type1, one that justIThere is an additional complication. With an iommu, userspace programs
guess the no-iommu map would error if the IOVA isn't simply the bus
address of the page mapped.
Of course this is entirely unsafe and this no-iommu driver should taint
the kernel, but it at least standardizes on one userspace API and you're
already doing completely unsafe things with uio. vfio should be
enlightened at least to the point that it allows only privileged users
access to devices under such a (lack of) iommu.
the device with virtual addresses, but without it, they have to program
physical addresses. So vfio would need to communicate this bit of
information.
We can go further and define a better translation API than the current
one (reading /proc/pagemap). But it's going to be a bigger change to
vfio than I thought at first.
pins the page and returns the bus address. The curse and benefit would
be that existing type1 users wouldn't "just work" in an insecure mode,
the DMA mapping code would need to be aware of the difference. Still, I
do really prefer to keep vfio as only exposing a secure, iommu protected
device to the user because surely someone will try and users would
expect that removing iommu restrictions from vfio means they can do
device assignment to VMs w/o an iommu.