On 2019/11/21 上午6:07, Alex Williamson wrote:
On Wed, 20 Nov 2019 14:11:08 -0400
Jason Gunthorpe<jgg@xxxxxxxx> wrote:
On Wed, Nov 20, 2019 at 10:28:56AM -0700, Alex Williamson wrote:
Are you objecting the mdev_set_iommu_deivce() stuffs here?
I'm questioning if it fits the vfio PCI device security model, yes.
The mdev IOMMU backing device model is for when an mdev device has
IOMMU based isolation, either via the PCI requester ID or via requester
ID + PASID. For example, an SR-IOV VF may be used by a vendor to
provide IOMMU based translation and isolation, but the VF may not be
complete otherwise to provide a self contained device. It might
require explicit coordination and interaction with the PF driver, ie.
mediation.
In this case the PF does not look to be involved, the ICF kernel
driver is only manipulating registers in the same VF that the vfio
owns the IOMMU for.
The mdev_set_iommu_device() call is probably getting caught up in the
confusion of mdev as it exists today being vfio specific. What I
described in my reply is vfio specific. The vfio iommu backend is
currently the only code that calls mdev_get_iommu_device(), JasonW
doesn't use it in the virtio-mdev code, so this seems like a stray vfio
specific interface that's setup by IFC but never used.
It will be used by userspace driver through vhost-mdev code for having a
correct IOMMU when doing DMA mappings.
Thanks