On 22.09.25 15:27, Jason Gunthorpe wrote: > On Mon, Sep 22, 2025 at 03:20:49PM +0200, Christian König wrote: > >> At least on AMD GPUs when you want to have a DMA-buf for a specific >> part of the VFs resources then you ask the hypervisor driver >> managing the PF for that and not the VFIO driver. > > Having a UAPI on the PF to give DMABUFs for arbitary VRAM seems > security exciting. I'd probably want to insist the calling process > prove to the PF driver that it also has access to the VF.
Good point. In our use case it's the userspace hypervisor component (running as root) talking to the kernel hypervisor driver and it is only used to collect very specific crash information. > Having the VF create the DMABUF is one way to do that, but I imagine > there are other options. Well how does the guest communicate to the host which parts of the VRAM should be exposed as DMA-buf in the first place? > > But sure, if you can solve, or ignore, the security proof it makes a > lot more sense. I mean what I'm still missing is the whole picture. E.g. what is the reason why you want a DMA-buf of portions of the VFs resource on the host in the first place? Is that for postmortem crash analysis? Providing some kind of service to the guest? Something completely different? Regards, Christian. > > Jason
