On Mon, Jun 14, 2021 at 03:09:31AM +0000, Tian, Kevin wrote: > If a device can be always blocked from accessing memory in the IOMMU > before it's bound to a driver or more specifically before the driver > moves it to a new security context, then there is no need for VFIO > to track whether IOASIDfd has taken over ownership of the DMA > context for all devices within a group. I've been assuming we'd do something like this, where when a device is first turned into a VFIO it tells the IOMMU layer that this device should be DMA blocked unless an IOASID is attached to it. Disconnecting an IOASID returns it to blocked. > If this works I didn't see the need for vfio to keep the sequence. > VFIO still keeps group fd to claim ownership of all devices in a > group. As Alex says you still have to deal with the problem that device A in a group can gain control of device B in the same group. This means device A and B can not be used from to two different security contexts. If the /dev/iommu FD is the security context then the tracking is needed there. Jason
