Existing VFIO provides group-centric user APIs for userspace. Userspace opens the /dev/vfio/$group_id first before getting device fd and hence getting access to device. This is not the desired model for iommufd. Per the conclusion of community discussion[1], iommufd provides device-centric kAPIs and requires its consumer (like VFIO) to be device-centric user APIs. Such user APIs are used to associate device with iommufd and also the I/O address spaces managed by the iommufd. This series first introduces a per device file structure to be prepared for further enhancement and refactors the kvm-vfio code to be prepared for accepting device file from userspace. Then refactors the vfio to be able to handle iommufd binding. This refactor includes the mechanism of blocking device access before iommufd bind, making vfio_device_open() be exclusive between the group path and the cdev path. Eventually, adds the cdev support for vfio device, and makes group infrastructure optional as it is not needed when vfio device cdev is compiled. This is also a base for further support iommu nesting for vfio device[2]. The complete code can be found in below branch, simple test done with the legacy group path and the cdev path. Draft QEMU branch can be found at[3] https://github.com/yiliu1765/iommufd/tree/vfio_device_cdev_v2 (config CONFIG_IOMMUFD=y CONFIG_VFIO_DEVICE_CDEV=y) [1] https://lore.kernel.org/kvm/BN9PR11MB5433B1E4AE5B0480369F97178C189@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/ [2] https://github.com/yiliu1765/iommufd/tree/wip/iommufd-v6.2-rc4-nesting [3] https://github.com/yiliu1765/qemu/tree/iommufd_rfcv3 (it is based on Eric's QEMU iommufd rfcv3 (https://lore.kernel.org/kvm/20230131205305.2726330-1-eric.auger@xxxxxxxxxx/) plus two commits to align with vfio_device_cdev v2) Change log: v2: - Add r-b from Kevin and Eric on patch 01 02 04. - "Split kvm/vfio: Provide struct kvm_device_ops::release() insted of ::destroy()" from this series and got applied. (Alex, Kevin, Jason, Mathhew) - Add kvm_ref_lock to protect vfio_device_file->kvm instead of reusing dev_set->lock as dead-lock is observed with vfio-ap which would try to acquire kvm_lock. This is opposite lock order with kvm_device_release() which holds kvm_lock first and then hold dev_set->lock. (Kevin) - Use a separate ioctl for detaching IOAS. (Alex) - Rename vfio_device_file::single_open to be is_cdev_device (Kevin, Alex) - Move the vfio device cdev code into device_cdev.c and add a VFIO_DEVICE_CDEV kconfig for it. (Kevin, Jason) v1: https://lore.kernel.org/kvm/20230117134942.101112-1-yi.l.liu@xxxxxxxxx/ - Fix the circular refcount between kvm struct and device file reference. (JasonG) - Address comments from KevinT - Remained the ioctl for detach, needs to Alex's taste (https://lore.kernel.org/kvm/BN9PR11MB5276BE9F4B0613EE859317028CFF9@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/) rfc: https://lore.kernel.org/kvm/20221219084718.9342-1-yi.l.liu@xxxxxxxxx/ Thanks, Yi Liu Yi Liu (14): vfio: Allocate per device file structure vfio: Refine vfio file kAPIs vfio: Accept vfio device file in the driver facing kAPI kvm/vfio: Rename kvm_vfio_group to prepare for accepting vfio device fd kvm/vfio: Accept vfio device file from userspace vfio: Pass struct vfio_device_file * to vfio_device_open/close() vfio: Block device access via device fd until device is opened vfio: Add infrastructure for bind_iommufd from userspace vfio-iommufd: Add detach_ioas support for physical VFIO devices vfio-iommufd: Add detach_ioas for emulated VFIO devices vfio: Make vfio_device_open() exclusive between group path and device cdev path vfio: Add cdev for vfio_device vfio: Add ioctls for device cdev using iommufd vfio: Compile group optionally Documentation/driver-api/vfio.rst | 8 +- Documentation/virt/kvm/devices/vfio.rst | 40 ++- drivers/gpu/drm/i915/gvt/kvmgt.c | 1 + drivers/s390/cio/vfio_ccw_ops.c | 1 + drivers/s390/crypto/vfio_ap_ops.c | 1 + drivers/vfio/Kconfig | 29 ++ drivers/vfio/Makefile | 3 +- drivers/vfio/device_cdev.c | 240 ++++++++++++++ drivers/vfio/fsl-mc/vfio_fsl_mc.c | 1 + drivers/vfio/group.c | 117 +++---- drivers/vfio/iommufd.c | 81 +++-- .../vfio/pci/hisilicon/hisi_acc_vfio_pci.c | 2 + drivers/vfio/pci/mlx5/main.c | 1 + drivers/vfio/pci/vfio_pci.c | 1 + drivers/vfio/pci/vfio_pci_core.c | 4 +- drivers/vfio/platform/vfio_amba.c | 1 + drivers/vfio/platform/vfio_platform.c | 1 + drivers/vfio/vfio.h | 156 ++++++++- drivers/vfio/vfio_main.c | 312 ++++++++++++++++-- include/linux/iommufd.h | 6 + include/linux/vfio.h | 24 +- include/uapi/linux/kvm.h | 16 +- include/uapi/linux/vfio.h | 86 +++++ virt/kvm/vfio.c | 141 ++++---- 24 files changed, 1057 insertions(+), 216 deletions(-) create mode 100644 drivers/vfio/device_cdev.c -- 2.34.1