| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 2 Jun 2010 15:53:17 +0200 From: Joerg Roedel <joro@...tes.org> To: Avi Kivity <avi@...hat.com> Cc: "Michael S. Tsirkin" <mst@...hat.com>, Tom Lyon <pugs@...co.com>, linux-kernel@...r.kernel.org, kvm@...r.kernel.org, chrisw@...s-sol.org, hjk@...utronix.de, gregkh@...e.de, aafabbri@...co.com, scofeldm@...co.com Subject: Re: [PATCH] VFIO driver: Non-privileged user level PCI drivers On Wed, Jun 02, 2010 at 04:06:21PM +0300, Avi Kivity wrote: > On 06/02/2010 03:50 PM, Joerg Roedel wrote: >> Its by far more unintuitive that a process needs to explicitly bind a >> device to an iommu domain before it can do anything with it. > > I don't really care about the iommu domain. It's a side effect. The > kernel takes care of it. I'm only worried about the API. The proposed memory-map object is nothing else than a userspace abstraction of an iommu-domain. > We have a memory map that is (often) the same for a set of devices. If > you were coding a non-kernel interface, how would you code it? > > struct memory_map; > void memory_map_init(struct memory_map *mm, ...); > struct device; > void device_set_memory_map(struct device *device, struct memory_map *mm); > > or > > struct device; > void device_init_memory_map(struct device *dev, ...); > void device_clone_memory_map(struct device *dev, struct device *other); > > I wouldn't even think of the second one personally. Right, a kernel-interface would be designed the first way. The IOMMU-API is actually designed in this manner. But I still think we should keep it simpler for userspace. >> If its required anyway the binding can happen implicitly. We could >> allow to do a nop 'ioctl(dev1, SHARE, dev1)' to remove the asymmetry. > > It's still special. You define the memory map only for the first > device. You have to make sure dev1 doesn't go away while sharing it. Must be a misunderstanding. In my proposal the domain is not owned by one device. It is owned by all devices that share it and will only vanish if all devices that use it are unbound (which happens when the file descriptor is closed, for example). > so yes, more work, but once you have multiple devices which come and go > dynamically things become simpler. The map object has global lifetime > (you can even construct it if you don't assign any devices), the devices > attach to it, memory hotplug updates the memory map but doesn't touch > devices. I still think a userspace interface should be as simple as possible. But since both ways will work I am not really opposed to Michael's proposal. I just think its overkill for the common non-kvm usecase (a userspace device driver). Joerg -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists