On Thu, Oct 14, 2021 at 07:06:07AM +0000, Tian, Kevin wrote: > > From: David Gibson <david@xxxxxxxxxxxxxxxxxxxxx> > > Sent: Thursday, October 14, 2021 1:24 PM > > > > On Sun, Sep 19, 2021 at 02:38:41PM +0800, Liu Yi L wrote: > > > From: Lu Baolu <baolu.lu@xxxxxxxxxxxxxxx> > > > > > > These two helpers could be used when 1) the iommu group is singleton, > > > or 2) the upper layer has put the iommu group into the secure state by > > > calling iommu_device_init_user_dma(). > > > > > > As we want the iommufd design to be a device-centric model, we want to > > > remove any group knowledge in iommufd. Given that we already have > > > iommu_at[de]tach_device() interface, we could extend it for iommufd > > > simply by doing below: > > > > > > - first device in a group does group attach; > > > - last device in a group does group detach. > > > > > > as long as the group has been put into the secure context. > > > > > > The commit <426a273834eae> ("iommu: Limit > > iommu_attach/detach_device to > > > device with their own group") deliberately restricts the two interfaces > > > to single-device group. To avoid the conflict with existing usages, we > > > keep this policy and put the new extension only when the group has been > > > marked for user_dma. > > > > I still kind of hate this interface because it means an operation that > > appears to be explicitly on a single device has an implicit effect on > > other devices. > > > > I still didn't get your concern why it's such a big deal. With this proposal > the group restriction will be 'explicitly' documented in the attach uAPI > comment and sample flow in iommufd.rst. A sane user should read all > those information to understand how this new sub-system works and > follow whatever constraints claimed there. In the end the user should > maintain the same group knowledge regardless of whether to use an > explicit group uAPI or a device uAPI which has group constraint... The first user might read this. Subsequent users are likely to just copy paste examples from earlier things without fully understanding them. In general documenting restrictions somewhere is never as effective as making those restrictions part of the interface signature itself. -- David Gibson | I'll have my music baroque, and my code david AT gibson.dropbear.id.au | minimalist, thank you. NOT _the_ _other_ | _way_ _around_! http://www.ozlabs.org/~dgibson
Attachment:
signature.asc
Description: PGP signature