From: Jason Gunthorpe <jgg@nvidia.com>
To: "Tian, Kevin" <kevin.tian@intel.com>
Cc: "Liu, Yi L" <yi.l.liu@intel.com>,
"linux-s390@vger.kernel.org" <linux-s390@vger.kernel.org>,
"yi.y.sun@linux.intel.com" <yi.y.sun@linux.intel.com>,
"mjrosato@linux.ibm.com" <mjrosato@linux.ibm.com>,
"kvm@vger.kernel.org" <kvm@vger.kernel.org>,
"joro@8bytes.org" <joro@8bytes.org>,
"cohuck@redhat.com" <cohuck@redhat.com>,
"Hao, Xudong" <xudong.hao@intel.com>,
"peterx@redhat.com" <peterx@redhat.com>,
"Zhao, Yan Y" <yan.y.zhao@intel.com>,
"eric.auger@redhat.com" <eric.auger@redhat.com>,
"alex.williamson@redhat.com" <alex.williamson@redhat.com>,
"Xu, Terrence" <terrence.xu@intel.com>,
"nicolinc@nvidia.com" <nicolinc@nvidia.com>,
"shameerali.kolothum.thodi@huawei.com"
<shameerali.kolothum.thodi@huawei.com>,
"suravee.suthikulpanit@amd.com" <suravee.suthikulpanit@amd.com>,
"intel-gfx@lists.freedesktop.org"
<intel-gfx@lists.freedesktop.org>,
"chao.p.peng@linux.intel.com" <chao.p.peng@linux.intel.com>,
"lulu@redhat.com" <lulu@redhat.com>,
"intel-gvt-dev@lists.freedesktop.org"
<intel-gvt-dev@lists.freedesktop.org>,
"jasowang@redhat.com" <jasowang@redhat.com>
Subject: Re: [PATCH v4 09/19] vfio/pci: Accept device fd for hot reset
Date: Thu, 23 Feb 2023 09:21:49 -0400 [thread overview]
Message-ID: <Y/dobS6gdSkxnPH7@nvidia.com> (raw)
In-Reply-To: <BN9PR11MB52767915B9A5E509BC90E0888CAB9@BN9PR11MB5276.namprd11.prod.outlook.com>
On Thu, Feb 23, 2023 at 07:55:21AM +0000, Tian, Kevin wrote:
> > From: Jason Gunthorpe
> > Sent: Thursday, February 23, 2023 1:18 AM
> >
> > > > static bool vfio_dev_in_groups(struct vfio_pci_core_device *vdev,
> > > > struct vfio_pci_group_info *groups)
> > > > {
> > > > unsigned int i;
> > > >
> > > > for (i = 0; i < groups->count; i++)
> > > > if (vfio_file_has_dev(groups->files[i], &vdev->vdev))
> > > > return true;
> > > > return false;
> > > > }
> > > >
> > > > Presumably when cdev fd is provided above should compare iommu
> > > > group of the fd and that of the vdev. Otherwise it expects the user
> > > > to have full access to every device in the set which is impractical.
> >
> > No, it should check the dev's directly, userspace has to provide every
> > dev in the dev set to do a reset. We should not allow userspace to
> > take a shortcut based on hidden group stuff.
> >
> > The dev set is already unrelated to the groups, and userspace cannot
> > discover the devset, so nothing has changed.
>
> Agree. But I envision there might be a user-visible impact.
>
> Say a scenario where group happens to overlap with devset. Let's say
> two devices in the group/devset.
>
> An existing deployment assigns only dev1 to Qemu. In this case dev1
> is resettable via group fd given dev2 cannot be opened by another
> user.
Oh, that is just because we took a shortcut in this logic and assumed
that if the group is open then all the devices are opened by the same
security domain.
But we can also more clearly state that any closed device is
acceptable for reset and doesn't need to be presented.
So, like this:
if (cur_vma->vdev.open_count &&
!vfio_dev_in_groups(cur_vma, groups) &&
!iommufd_ctx_has_device(iommufd_ctx, &cur_vma->pdev->dev)) {
ret = -EINVAL;
goto err_undo;
}
Jason
next prev parent reply other threads:[~2023-02-23 13:21 UTC|newest]
Thread overview: 55+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-02-21 3:47 [PATCH v4 00/19] Add vfio_device cdev for iommufd support Yi Liu
2023-02-21 3:47 ` [PATCH v4 01/19] vfio: Allocate per device file structure Yi Liu
2023-02-21 3:47 ` [PATCH v4 02/19] vfio: Refine vfio file kAPIs Yi Liu
2023-02-21 3:47 ` [PATCH v4 03/19] vfio: Accept vfio device file in the driver facing kAPI Yi Liu
2023-02-22 7:15 ` Tian, Kevin
2023-02-26 12:20 ` Liu, Yi L
2023-02-21 3:47 ` [PATCH v4 04/19] kvm/vfio: Rename kvm_vfio_group to prepare for accepting vfio device fd Yi Liu
2023-02-21 3:47 ` [PATCH v4 05/19] kvm/vfio: Accept vfio device file from userspace Yi Liu
2023-02-22 7:17 ` Tian, Kevin
2023-02-23 10:33 ` Liu, Yi L
2023-02-21 3:47 ` [PATCH v4 06/19] vfio: Pass struct vfio_device_file * to vfio_device_open/close() Yi Liu
2023-02-21 3:48 ` [PATCH v4 07/19] vfio: Block device access via device fd until device is opened Yi Liu
2023-02-22 7:55 ` Yan Zhao
2023-02-22 8:29 ` Liu, Yi L
2023-02-21 3:48 ` [PATCH v4 08/19] vfio/pci: Update comment around group_fd get in vfio_pci_ioctl_pci_hot_reset() Yi Liu
2023-02-22 7:20 ` Tian, Kevin
2023-02-21 3:48 ` [PATCH v4 09/19] vfio/pci: Accept device fd for hot reset Yi Liu
2023-02-22 7:26 ` Tian, Kevin
2023-02-22 13:35 ` Liu, Yi L
2023-02-22 17:17 ` Jason Gunthorpe
2023-02-23 7:55 ` Tian, Kevin
2023-02-23 13:21 ` Jason Gunthorpe [this message]
2023-02-24 2:21 ` Tian, Kevin
2023-02-24 2:36 ` Jason Gunthorpe
2023-02-24 2:48 ` Tian, Kevin
2023-02-24 3:43 ` Liu, Yi L
2023-02-24 3:56 ` Tian, Kevin
2023-02-24 5:09 ` Liu, Yi L
2023-02-24 14:30 ` Jason Gunthorpe
2023-02-26 8:59 ` Liu, Yi L
2023-02-26 23:40 ` Jason Gunthorpe
2023-02-27 2:53 ` Liu, Yi L
2023-02-21 3:48 ` [PATCH v4 10/19] vfio: Add infrastructure for bind_iommufd from userspace Yi Liu
2023-02-21 3:48 ` [PATCH v4 11/19] vfio-iommufd: Add detach_ioas support for physical VFIO devices Yi Liu
2023-02-21 3:48 ` [PATCH v4 12/19] vfio-iommufd: Add detach_ioas for emulated " Yi Liu
2023-02-21 3:48 ` [PATCH v4 13/19] vfio: Add cdev_device_open_cnt to vfio_group Yi Liu
2023-02-22 7:31 ` Tian, Kevin
2023-02-21 3:48 ` [PATCH v4 14/19] vfio: Make vfio_device_open() single open for device cdev path Yi Liu
2023-02-22 7:32 ` Tian, Kevin
2023-02-21 3:48 ` [PATCH v4 15/19] vfio: Add cdev for vfio_device Yi Liu
2023-02-22 7:34 ` Tian, Kevin
2023-02-21 3:48 ` [PATCH v4 16/19] vfio: Add VFIO_DEVICE_BIND_IOMMUFD Yi Liu
2023-02-22 7:39 ` Tian, Kevin
2023-02-22 7:44 ` Liu, Yi L
2023-02-22 7:59 ` Tian, Kevin
2023-02-22 12:59 ` Jason Gunthorpe
2023-02-24 4:58 ` Yan Zhao
2023-02-24 14:31 ` Jason Gunthorpe
2023-02-27 4:46 ` Yan Zhao
2023-02-22 7:53 ` Yan Zhao
2023-02-22 8:28 ` Liu, Yi L
2023-02-21 3:48 ` [PATCH v4 17/19] vfio: Add VFIO_DEVICE_AT[DE]TACH_IOMMUFD_PT Yi Liu
2023-02-22 7:41 ` Tian, Kevin
2023-02-21 3:48 ` [PATCH v4 18/19] vfio: Compile group optionally Yi Liu
2023-02-21 3:48 ` [PATCH v4 19/19] docs: vfio: Add vfio device cdev description Yi Liu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Y/dobS6gdSkxnPH7@nvidia.com \
--to=jgg@nvidia.com \
--cc=alex.williamson@redhat.com \
--cc=chao.p.peng@linux.intel.com \
--cc=cohuck@redhat.com \
--cc=eric.auger@redhat.com \
--cc=intel-gfx@lists.freedesktop.org \
--cc=intel-gvt-dev@lists.freedesktop.org \
--cc=jasowang@redhat.com \
--cc=joro@8bytes.org \
--cc=kevin.tian@intel.com \
--cc=kvm@vger.kernel.org \
--cc=linux-s390@vger.kernel.org \
--cc=lulu@redhat.com \
--cc=mjrosato@linux.ibm.com \
--cc=nicolinc@nvidia.com \
--cc=peterx@redhat.com \
--cc=shameerali.kolothum.thodi@huawei.com \
--cc=suravee.suthikulpanit@amd.com \
--cc=terrence.xu@intel.com \
--cc=xudong.hao@intel.com \
--cc=yan.y.zhao@intel.com \
--cc=yi.l.liu@intel.com \
--cc=yi.y.sun@linux.intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox