RE: [RFC PATCH] iommufd: Destroy vdevice on device unbind

From: Tian, Kevin
Date: Mon Jun 16 2025 - 01:38:28 EST

Next message: Christoph Hellwig: "Re: [PATCH 01/10] block: introduce BLK_FEAT_WRITE_ZEROES_UNMAP to queue limits features"
Previous message: Manivannan Sadhasivam: "[PATCH v3] PCI/pwrctrl: Move pci_pwrctrl_create_device() definition to drivers/pci/pwrctrl/"
In reply to: Aneesh Kumar K . V: "Re: [RFC PATCH] iommufd: Destroy vdevice on device unbind"
Next in thread: Jason Gunthorpe: "Re: [RFC PATCH] iommufd: Destroy vdevice on device unbind"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> From: Aneesh Kumar K.V <aneesh.kumar@xxxxxxxxxx>
> Sent: Monday, June 16, 2025 12:29 PM
>
> Jason Gunthorpe <jgg@xxxxxxxx> writes:
>
> > On Fri, Jun 13, 2025 at 07:31:48AM +0000, Tian, Kevin wrote:
> >> yeah that seems to be the option if the said life-cycle dependency
> >> cannot be removed...
> >>
> >> conceptually it's still a bit unclean as the user needs to know that
> >> the vdevice object is special after idevice is unbound i.e. it can only
> >> be destroyed instead of supporting any other kind of operations.
> >
> > I would say userspace is somewhat malfunctioning if it destroys vfio
> > before the vdevice. So the main aim here should be to contain the
> > resulting mess, but still expect userspace to destroy the vdevice
> > without a failure.
> >
>
> The destruction of the vdevice is triggered by the .release method of
> the iommufd file operations(iommufd_fops_release())

or by Ioctl(IOMMU_DESTROY)

>
> and the destruction of the idevice is driven by the .release method of
> vfio cdev.
>
> vfio_device_fops_release()
> → vfio_df_device_last_close()
> → vfio_iommufd_physical_unbind()
> → iommufd_device_unbind()
>
> The vfio subsystem also retains a reference to the iommufd file descriptor
> through:
>
> vfio_df_ioctl_bind_iommufd()
> → iommufd_ctx_from_fd()
>
> This reference prevents the vdevice from being destroyed while the idevice
> remains bound.
>
> So, IIUC, the current destruction flow is: first destroy vfio, and then destroy
> the vdevice?
>

the above flow is about the userspace exiting abnormally then
the refcounting between FDs decides the destruction flow. At that
point the iommufd objects are not userspace-accessible.

the expected destruction flow from userspace is to IOMMU_DESTROY
the vdevice object before closing the vfio cdev fd which unbinds the
idevice.

now we are discussing how to handle a malfunction userspace which
violates that flow: let it be or add a tomestone state, after extending
unbind to destroy the vdevice...

Next message: Christoph Hellwig: "Re: [PATCH 01/10] block: introduce BLK_FEAT_WRITE_ZEROES_UNMAP to queue limits features"
Previous message: Manivannan Sadhasivam: "[PATCH v3] PCI/pwrctrl: Move pci_pwrctrl_create_device() definition to drivers/pci/pwrctrl/"
In reply to: Aneesh Kumar K . V: "Re: [RFC PATCH] iommufd: Destroy vdevice on device unbind"
Next in thread: Jason Gunthorpe: "Re: [RFC PATCH] iommufd: Destroy vdevice on device unbind"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]