On 4/14/25 6:48 AM, Thomas Petazzoni wrote:
Hello Christoph,
On Mon, 14 Apr 2025 04:24:21 -0700 Christoph Hellwig hch@infradead.org wrote:
On Mon, Apr 14, 2025 at 10:24:55AM +0200, Thomas Petazzoni wrote:
What this patch series is about is to add new user-space interface to extend the existing UIO subsystem.
Which as I explained to you is fundamentally broken and unsafe. If you need to do DMA from userspae you need to use vfio/iommufd.
I'm still unclear as to why it is more "broken and unsafe" than UIO already is. As I already replied in this thread: UIO allows to remap MMIO registers into a user-space application, which can then do whatever it wants with the IP block behind those MMIO registers. If this IP block supports DMA, it already means that _today_ with the current UIO subsystem as it is, the user-space application can program a DMA transfer to read/write to any location in memory.
Therefore, providing a way to cleanly allocate DMA buffers and get their physical address will not make things any better or worse in terms of safety.
The fact that it is reasonably safe is solely based on access control to the UIO device, done using usual Unix permissions, and that is already the case today.
I am not sure how this can work in our use-case. We have a very simple set of IP blocks implemented in a FPGA, some of those IP blocks are able to perform DMA operations. The register of those IP blocks are mapped into a user-space application using the existing, accepted upstream, UIO subsystem. Some of those registers allow to program DMA transfers. So far, we can do all what we need, except program those DMA transfers. Lots of people are having the same issue, and zillions of ugly out-of-tree solutions flourish all over, and we're trying to see if we can constructively find a solution that would be acceptable upstream to resolve this use-case. Our platform is an old PowerPC with no IOMMU.
Then your driver design can't work and you need to replace it with a proper in-kernel driver.
See above: your point is moot because providing capabilities to allocate a buffer and get its physical address so that a UIO-based user-space application can do DMA transfer does not make things any more unsafe than they already are.
"UIO is a broken legacy mess, so let's add more broken things to it as broken + broken => still broken, so no harm done", am I getting that right?
If your FPGA IP can do DMA then you should not be using UIO in the first place, see UIO docs:
Please note that UIO is not an universal driver interface. Devices that are already handled well by other kernel subsystems (like networking or serial or USB) are no candidates for an UIO driver.
The DMA subsystem already handles DMA devices, so write a DMA driver.
Andrew
Best regards,
Thomas