On Mon, Nov 15, 2021 at 10:05:42AM +0800, Lu Baolu wrote: > From the perspective of who is initiating the device to do DMA, device > DMA could be divided into the following types: > > DMA_OWNER_KERNEL: kernel device driver intiates the DMA > DMA_OWNER_USER: userspace device driver intiates the DMA s/intiates/initiates/ (twice) As your first sentence suggests, the driver doesn't actually *initiate* the DMA in either case. One of the drivers programs the device, and the *device* initiates the DMA. > DMA_OWNER_KERNEL and DMA_OWNER_USER are exclusive for all devices in > same iommu group as an iommu group is the smallest granularity of device > isolation and protection that the IOMMU subsystem can guarantee. I think this basically says DMA_OWNER_KERNEL and DMA_OWNER_USER are attributes of the iommu_group (not an individual device), and it applies to all devices in the iommu_group. Below, you allude to the fact that the interfaces are per-device. It's not clear to me why you made a per-device interface instead of a per-group interface. > This > extends the iommu core to enforce this exclusion when devices are > assigned to userspace. > > Basically two new interfaces are provided: > > int iommu_device_set_dma_owner(struct device *dev, > enum iommu_dma_owner mode, struct file *user_file); > void iommu_device_release_dma_owner(struct device *dev, > enum iommu_dma_owner mode); > > Although above interfaces are per-device, DMA owner is tracked per group > under the hood. An iommu group cannot have both DMA_OWNER_KERNEL > and DMA_OWNER_USER set at the same time. Violation of this assumption > fails iommu_device_set_dma_owner(). > > Kernel driver which does DMA have DMA_OWNER_KENREL automatically > set/released in the driver binding process (see next patch). s/DMA_OWNER_KENREL/DMA_OWNER_KERNEL/ > Kernel driver which doesn't do DMA should not set the owner type (via a > new suppress flag in next patch). Device bound to such driver is considered > same as a driver-less device which is compatible to all owner types. > > Userspace driver framework (e.g. vfio) should set DMA_OWNER_USER for > a device before the userspace is allowed to access it, plus a fd pointer to > mark the user identity so a single group cannot be operated by multiple > users simultaneously. Vice versa, the owner type should be released after > the user access permission is withdrawn.
