Re: Plan for /dev/ioasid RFC v2

From: Jason Gunthorpe
Date: Mon Jun 14 2021 - 09:38:25 EST

Next message: Rob Herring: "Re: [PATCH V4 1/2] dt-bindings: pinctrl: qcom: sm6125: Document SM6125 pinctrl driver"
Previous message: Jiri Kosina: "Re: [PATCH] HID: hid-input: add Surface Go battery quirk"
In reply to: Tian, Kevin: "RE: Plan for /dev/ioasid RFC v2"
Next in thread: Tian, Kevin: "RE: Plan for /dev/ioasid RFC v2"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Jun 14, 2021 at 03:09:31AM +0000, Tian, Kevin wrote:

> If a device can be always blocked from accessing memory in the IOMMU
> before it's bound to a driver or more specifically before the driver
> moves it to a new security context, then there is no need for VFIO
> to track whether IOASIDfd has taken over ownership of the DMA
> context for all devices within a group.

I've been assuming we'd do something like this, where when a device is
first turned into a VFIO it tells the IOMMU layer that this device
should be DMA blocked unless an IOASID is attached to
it. Disconnecting an IOASID returns it to blocked.

> If this works I didn't see the need for vfio to keep the sequence.
> VFIO still keeps group fd to claim ownership of all devices in a
> group.

As Alex says you still have to deal with the problem that device A in
a group can gain control of device B in the same group.

This means device A and B can not be used from to two different
security contexts.

If the /dev/iommu FD is the security context then the tracking is
needed there.

Jason

Next message: Rob Herring: "Re: [PATCH V4 1/2] dt-bindings: pinctrl: qcom: sm6125: Document SM6125 pinctrl driver"
Previous message: Jiri Kosina: "Re: [PATCH] HID: hid-input: add Surface Go battery quirk"
In reply to: Tian, Kevin: "RE: Plan for /dev/ioasid RFC v2"
Next in thread: Tian, Kevin: "RE: Plan for /dev/ioasid RFC v2"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]