Alex Williamson | f621eb1 | 2022-03-15 11:29:57 -0600 | [diff] [blame] | 1 | .. SPDX-License-Identifier: GPL-2.0 |
| 2 | |
| 3 | Acceptance criteria for vfio-pci device specific driver variants |
| 4 | ================================================================ |
| 5 | |
| 6 | Overview |
| 7 | -------- |
| 8 | The vfio-pci driver exists as a device agnostic driver using the |
| 9 | system IOMMU and relying on the robustness of platform fault |
| 10 | handling to provide isolated device access to userspace. While the |
| 11 | vfio-pci driver does include some device specific support, further |
| 12 | extensions for yet more advanced device specific features are not |
| 13 | sustainable. The vfio-pci driver has therefore split out |
| 14 | vfio-pci-core as a library that may be reused to implement features |
| 15 | requiring device specific knowledge, ex. saving and loading device |
| 16 | state for the purposes of supporting migration. |
| 17 | |
| 18 | In support of such features, it's expected that some device specific |
| 19 | variants may interact with parent devices (ex. SR-IOV PF in support of |
| 20 | a user assigned VF) or other extensions that may not be otherwise |
| 21 | accessible via the vfio-pci base driver. Authors of such drivers |
| 22 | should be diligent not to create exploitable interfaces via these |
| 23 | interactions or allow unchecked userspace data to have an effect |
| 24 | beyond the scope of the assigned device. |
| 25 | |
| 26 | New driver submissions are therefore requested to have approval via |
| 27 | sign-off/ack/review/etc for any interactions with parent drivers. |
| 28 | Additionally, drivers should make an attempt to provide sufficient |
| 29 | documentation for reviewers to understand the device specific |
| 30 | extensions, for example in the case of migration data, how is the |
| 31 | device state composed and consumed, which portions are not otherwise |
| 32 | available to the user via vfio-pci, what safeguards exist to validate |
| 33 | the data, etc. To that extent, authors should additionally expect to |
| 34 | require reviews from at least one of the listed reviewers, in addition |
| 35 | to the overall vfio maintainer. |