Re: [PATCH] iommu: Include MSI susceptibility to DMA in creatingiommu groups
From: Joerg Roedel
Date: Wed Nov 23 2011 - 05:56:24 EST
On Mon, Nov 21, 2011 at 03:35:05PM -0800, Chris Wright wrote:
> What is the value of a group w/out complete isolation?
There is still isolation for DMA. This may be sufficient for non-KVM
use-cases like a device driver partially implemented in userspace. There
is no no guest then that can attack the host with wrong interrupts.
> Is there a practical problem w/ conflating the subtleties above?
Same argument as above. It ties the the iommu_group interface to the KVM
use case. Another more pratical impact of this patch is that a reboot is
required to re-enable iommu-groups. When the check happens in VFIO it is
a simple module-reload.
Joerg
--
AMD Operating System Research Center
Advanced Micro Devices GmbH Einsteinring 24 85609 Dornach
General Managers: Alberto Bozzo, Andrew Bowd
Registration: Dornach, Landkr. Muenchen; Registerger. Muenchen, HRB Nr. 43632
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/