> Would you be open to an in-between? The exporter and importer both > have information that should not leak into each other's drivers. > > What if the dmabuf mapping type core code was the only thing that had > access to *BOTH*? The exporter provides the address data, the importer > provides the iommu_domain. The core code, and only the core code, has > both and does the required operation?
I think that may not work for KVM. On IOMMU side, IOMMUFD acts as the address space (iova) manager and dma_api/IOMMU driver acts as the actual page table mapper. But for KVM, it is both. KVM doesn't allow another component to provide an unknown address space (GPA space) and say "map it", so doesn't expose to other components about "KVM domain". Even if we expose "KVM domain", KVM still acts as the importer and the mapper, is it wierd to say we trust KVM-the-mapper, but don't trust KVM-the-as-manager? Is it also wierd that we trust IOMMU-the-mapper, but don't trust IOMMUFD-the-as-manager? There are more IOMMU drivers than IOMMUFD...
