On Tue, Mar 21, 2023 at 02:31:22PM -0600, Alex Williamson wrote: > This just seems like nit-picking that the API could have accomplished > this more concisely. Probably that's true, but I think you've > identified a gap above that amplifies the issue. If the user cannot > map BDFs to cdevs because the cdevs are passed as open fds to the user > driver, the _INFO results become meaningless and by removing the fds > array, that becomes the obvious choice that a user presented with this > dilemma would take. We're skipping past easier to misuse, difficult to > use correctly, and circling around no obvious way to use correctly. No - this just isn't finished yet is all it means :( I just noticed it just now, presumably Eric would have discovered this when he tried to implement the FD pass and we would have made a new _INFO at that point (or more ugly, have libvirt pass the BDF along with the FD). > Unfortunately the _INFO ioctl does presume that userspace knows the BDF > to device mappings today, so if we are attempting to pre-enable a case > with cdev support where that is not the case, then there must be > something done with the _INFO ioctl to provide scope. Yes, something is required with _INFO before libvirt can use a FD pass. I'm thinking of a new _INFO query that returns the iommufd dev_ids for the reset group. Then qemu can match the dev_ids back to cdev FDs and thus vPCI devices and do what it needs to do. But for the current qemu setup it will open cdev directly and it will know the BDF so it can still use the current _INFO. Though it would be nice if qemu didn't need two implementations so Yi I'd rather see a new info in this series as well and qemu can just consistently use dev_id and never bdf in iommufd mode. Anyhow, I don't see the two topics as really related, the intention is not to discourage people from calling _INFO, it just to make the security proof simpler and more logical. Jason