> From: Jason Gunthorpe <j...@nvidia.com> > Sent: Monday, October 28, 2024 10:17 PM > > > > to > > > a Context Table. This virt_id helps IOMMU drivers to link the vID to a pID > > > of the device against the physical IOMMU instance. This is essential for a > > > vIOMMU-based invalidation, where the request contains a device's vID > for a > > > device cache flush, e.g. ATC invalidation. > > > > probably connect this to vCMDQ passthrough? otherwise for sw-based > > invalidation the userspace can always replace vID with pID before > > submitting the request. > > You can't just do that, the ID in the invalidation command has to be > validated by the kernel.
sure the ID must be validated to match the iommufd_device but not exactly going through a vID indirectly. > > At that point you may as well just use the vID instead of inventing a > new means to validate raw pIDs. w/o VCMDQ stuff validating raw pID sounds the natural way while vID is more like a new means and not mandatory. I'm fine with this design but just didn't feel the above description is accurate.
