On Mon, Jun 28, 2021 at 02:03:56AM +0000, Tian, Kevin wrote: > Combining with the last paragraph above, are you actually suggesting > that 1:1 group (including mdev) should use a new device-centric vfio > uAPI (without group fd) while existing group-centric vfio uAPI is only > kept for 1:N group (with slight semantics change in my sketch to match > device-centric iommu fd API)? Yes, this is one approach Using a VFIO_GROUP_GET_DEVICE_FD_NEW on the group FD is another option, but locks us into having the group FD. Which is better possibly depends on some details when going through the code transformation, though I prefer not to design assuming the group FD must exist. > (not via an indirect group ioctl). Then it implies that we may have to allow > the user open a device before it is put into a security context, thus the > safe guard may have to be enabled on mmap() for 1:1 group. This is a > different sequence from the existing group-centric model. Yes, but I think this is fairly minor, it would just start with a dummy fops and move to operational fops once things are setup enough. Jason