[Intel-gfx] [PATCH v11 19/23] vfio: Add VFIO_DEVICE_BIND_IOMMUFD
Liu, Yi L
yi.l.liu at intel.com
Wed May 24 02:40:30 UTC 2023
> From: Tian, Kevin <kevin.tian at intel.com>
> Sent: Wednesday, May 24, 2023 10:39 AM
>
> > From: Liu, Yi L <yi.l.liu at intel.com>
> > Sent: Wednesday, May 24, 2023 10:21 AM
> >
> > > >
> > > > vfio_device_open_file()
> > > > {
> > > > dev_warn(device->dev, "vfio-noiommu device opened by user "
> > > > "(%s:%d)\n", current->comm, task_pid_nr(current));
> > > > }
> > >
> > > There needs to be a taint when VFIO_GROUP is disabled. Thanks,
> > I see. I misunderstood you. You are asking for a taint. 😊
> >
> > Actually, I've considered it. But it appears to me the taint in
> > vfio_group_find_or_alloc() is due to vfio allocates fake iommu_group.
> > This seems to be a taint to kernel. But now, you are suggesting to add
> > a taint as long as noiommu device is registered to vfio. Is it? If so,
>
> taint is required because the kernel is exposed to user DMA attack
> due to lacking of IOMMU protection.
>
> fake iommu_group is just to meet vfio_group requirement.
Got it. thanks.
Regards,
Yi Liu
More information about the Intel-gfx
mailing list