Jason Gunthorpe
2025-Oct-02 21:04 UTC
[PATCH v2 1/2] rust: pci: skip probing VFs if driver doesn't support VFs
On Thu, Oct 02, 2025 at 09:36:17PM +0200, Danilo Krummrich wrote:> If we want to obtain the driver's private data from a device outside the scope > of bus callbacks, we always need to ensure that the device is guaranteed to be > bound and we also need to prove the type of the private data, since a device > structure can't be generic over its bound driver.pci_iov_get_pf_drvdata() does both of these things - this is what it is for. Please don't open code it :(> > Certain conditions may be workable, some drivers seem to have > > preferences not to call disable, though I think that is wrong :\ > > I fully agree! I was told that this is because apparently some PF drivers are > only loaded to enable SR-IOV and then removed to shrink the potential attack > surface. Personally, I think that's slightly paranoid, if the driver would not > do anything else than enable / disable SR-IOV, but I think we can work around > this use-case if people really want it.I've heard worse reasons than that. If that is the interest I'd suggest they should just use VFIO and leave a userspace stub process.. Jason
Danilo Krummrich
2025-Oct-02 21:14 UTC
[PATCH v2 1/2] rust: pci: skip probing VFs if driver doesn't support VFs
On 10/2/25 11:04 PM, Jason Gunthorpe wrote:> On Thu, Oct 02, 2025 at 09:36:17PM +0200, Danilo Krummrich wrote: >> If we want to obtain the driver's private data from a device outside the scope >> of bus callbacks, we always need to ensure that the device is guaranteed to be >> bound and we also need to prove the type of the private data, since a device >> structure can't be generic over its bound driver. > > pci_iov_get_pf_drvdata() does both of these things - this is what it > is for. Please don't open code it :(It makes no sense to use it, both of those things will be ensured in a more generic way in the base device implementation already (which is what I meant with layering). Both requirements are not specific to PCI, or the specific VF -> PF use-case. In order to guarantee soundness both of those things have to be guaranteed for any access to the driver's private data. I will send some patches soon, I think this will make it obvious. :)>>> Certain conditions may be workable, some drivers seem to have >>> preferences not to call disable, though I think that is wrong :\ >> >> I fully agree! I was told that this is because apparently some PF drivers are >> only loaded to enable SR-IOV and then removed to shrink the potential attack >> surface. Personally, I think that's slightly paranoid, if the driver would not >> do anything else than enable / disable SR-IOV, but I think we can work around >> this use-case if people really want it. > > I've heard worse reasons than that. If that is the interest I'd > suggest they should just use VFIO and leave a userspace stub > process..I'm not sure I follow your proposal, can you elaborate?