Re: [PATCH v6 3/7] iommu: Validate that devices match domains

[Jason Gunthorpe]

On Tue, Nov 21, 2023 at 06:03:59PM +0000, Robin Murphy wrote:
> Before we can allow drivers to coexist, we need to make sure that one
> driver's domain ops can't misinterpret another driver's dev_iommu_priv
> data. To that end, add a token to the domain so we can remember how it
> was allocated - for now this may as well be the device ops, since they
> still correlate 1:1 with drivers. We can trust ourselves for internal
> default domain attachment, so add checks to cover all the public attach
> interfaces.
> 
> Reviewed-by: Lu Baolu <baolu.lu@xxxxxxxxxxxxxxx>
> Reviewed-by: Jason Gunthorpe <jgg@xxxxxxxxxx>
> Reviewed-by: Jerry Snitselaar <jsnitsel@xxxxxxxxxx>
> Signed-off-by: Robin Murphy <robin.murphy@xxxxxxx>
> 
> ---
> 
> v4: Cover iommu_attach_device_pasid() as well, and improve robustness
>     against theoretical attempts to attach a noiommu group.
> v6: Cover new iommu_domain_alloc_user() sites as well. I don't entirely
>     dislike the idea of tying this into the domain ops, but I'd rather
>     do the simple thing for now and revisit that in future, since domain
>     ops also deserve some other cleanup.

Looks good

Jason