[Intel-gfx] [PATCH v11 19/23] vfio: Add VFIO_DEVICE_BIND_IOMMUFD

Tian, Kevin kevin.tian at intel.com
Wed May 24 02:39:12 UTC 2023


> From: Liu, Yi L <yi.l.liu at intel.com>
> Sent: Wednesday, May 24, 2023 10:21 AM
> 
> > >
> > > vfio_device_open_file()
> > > {
> > > 	dev_warn(device->dev, "vfio-noiommu device opened by user "
> > > 		   "(%s:%d)\n", current->comm, task_pid_nr(current));
> > > }
> >
> > There needs to be a taint when VFIO_GROUP is disabled.  Thanks,
> I see. I misunderstood you. You are asking for a taint. 😊
> 
> Actually, I've considered it. But it appears to me the taint in
> vfio_group_find_or_alloc() is due to vfio allocates fake iommu_group.
> This seems to be a taint to kernel. But now, you are suggesting to add
> a taint as long as noiommu device is registered to vfio. Is it? If so,

taint is required because the kernel is exposed to user DMA attack
due to lacking of IOMMU protection.

fake iommu_group is just to meet vfio_group requirement.


More information about the Intel-gfx mailing list