Re: [RFC PATCH 10/10] vfio/type1: Register device notifier

From: Christoph Hellwig
Date: Fri Feb 26 2021 - 00:48:14 EST

Next message: wangyanan (Y): "Re: [RFC PATCH v2 6/7] KVM: selftests: Adapt vm_userspace_mem_region_add to new helpers"
Previous message: wangyanan (Y): "Re: [RFC PATCH v2 5/7] KVM: selftests: List all hugetlb src types specified with page sizes"
In reply to: Peter Xu: "Re: [RFC PATCH 10/10] vfio/type1: Register device notifier"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Feb 22, 2021 at 01:55:23PM -0400, Jason Gunthorpe wrote:
> > +static bool strict_mmio_maps = true;
> > +module_param_named(strict_mmio_maps, strict_mmio_maps, bool, 0644);
> > +MODULE_PARM_DESC(strict_mmio_maps,
> > + "Restrict to safe DMA mappings of device memory (true).");
>
> I think this should be a kconfig, historically we've required kconfig
> to opt-in to unsafe things that could violate kernel security. Someone
> building a secure boot trusted kernel system should not have an
> options for userspace to just turn off protections.

Agreed, but I'd go one step further: Why should we allow the unsafe
mode at all?

Next message: wangyanan (Y): "Re: [RFC PATCH v2 6/7] KVM: selftests: Adapt vm_userspace_mem_region_add to new helpers"
Previous message: wangyanan (Y): "Re: [RFC PATCH v2 5/7] KVM: selftests: List all hugetlb src types specified with page sizes"
In reply to: Peter Xu: "Re: [RFC PATCH 10/10] vfio/type1: Register device notifier"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]