On Mon, Sep 27, 2021 at 01:00:08PM +0000, Tian, Kevin wrote:
> > I think for such a narrow usage you should not change the struct
> > device_driver. Just have pci_stub call a function to flip back to user
> > mode.
>
> Here we want to ensure that kernel dma should be blocked
> if the group is already marked for user-dma. If we just blindly
> do it for any driver at this point (as you commented earlier):
>
> + ret = iommu_set_kernel_ownership(dev);
> + if (ret)
> + return ret;
>
> how would pci-stub reach its function to indicate that it doesn't
> do dma and flip back?
> Do you envision a simpler policy that no driver can be bound
> to the group if it's already set for user-dma? what about vfio-pci
> itself?
Yes.. I'm not sure there is a good use case to allow the stub drivers
to load/unload while a VFIO is running. At least, not a strong enough
one to justify a global change to the driver core..
> > > +static int iommu_dev_viable(struct device *dev, void *data)
> > > +{
> > > + enum dma_hint hint = *data;
> > > + struct device_driver *drv = READ_ONCE(dev->driver);
> >
> > Especially since this isn't locked properly or safe.
>
> I have the same worry when copying from vfio. Not sure how
> vfio gets safe with this approach...
Fixing the locking in vfio_dev_viable is part of deleting the unbound
list. Once it properly uses the device_lock and doesn't race with the
driver core like this things are much better. Don't copy this stuff
into the iommu core without fixing it.
https://github.com/jgunthorpe/linux/commit/fa6abb318ccca114da12c0b5b123c99131ace926
https://github.com/jgunthorpe/linux/commit/45980bd90b023d1eea56df70d1c395bdf4cc7cf1
I can't remember if the above is contingent on some of the mdev
cleanups or not.. Have to get back to it.
Jason
