> From: Alex Williamson <alex.williamson@xxxxxxxxxx> > Sent: Thursday, March 16, 2023 6:53 AM > > On Wed, 8 Mar 2023 05:28:51 -0800 > Yi Liu <yi.l.liu@xxxxxxxxx> wrote: > > > This is another method to issue PCI hot reset for the users that bounds > > device to a positive iommufd value. In such case, iommufd is a proof of > > device ownership. By passing a zero-length fd array, user indicates kernel > > to do ownership check with the bound iommufd. All the opened devices > within > > the affected dev_set should have been bound to the same iommufd. This is > > simpler and faster as user does not need to pass a set of fds and kernel > > no need to search the device within the given fds. > > Couldn't this same idea apply to containers? User is allowed to create multiple containers. Looks we don't have a way to check whether multiple containers belong to the same user today. > > I'm afraid this proposal reduces or eliminates the handshake we have > with userspace between VFIO_DEVICE_GET_PCI_HOT_RESET_INFO and > VFIO_DEVICE_PCI_HOT_RESET, which could promote userspace to ignore the > _INFO ioctl altogether, resulting in drivers that don't understand the > scope of the reset. Is it worth it? What do we really gain? Jason raised the concern whether GET_PCI_HOT_RESET_INFO is actually useful today. It's an interface on opened device. So the tiny difference is whether the user knows the device is resettable when calling GET_INFO or later when actually calling PCI_HOT_RESET. and with this series we also allow reset on affected devices which are not opened. Such dynamic cannot be reflected in static GET_INFO. More suitable a try-and-fail style. > > > diff --git a/include/uapi/linux/vfio.h b/include/uapi/linux/vfio.h > > index d80141969cd1..382d95455f89 100644 > > --- a/include/uapi/linux/vfio.h > > +++ b/include/uapi/linux/vfio.h > > @@ -682,6 +682,11 @@ struct vfio_pci_hot_reset_info { > > * The ownership can be proved by: > > * - An array of group fds > > * - An array of device fds > > + * - A zero-length array > > + * > > + * In the last case all affected devices which are opened by this user > > + * must have been bound to a same iommufd_ctx. This approach is only > > + * available for devices bound to positive iommufd. > > * > > * Return: 0 on success, -errno on failure. > > */ > > There's no introspection that this feature is supported, is that why > containers are not considered? ie. if the host supports vfio cdevs, it > necessarily must support vfio-pci hot reset w/ a zero-length array? > Thanks, > yes. It's more for users who knows that iommufd is used.