On Fri, Oct 30, 2015 at 11:32:06AM +0100, Arnd Bergmann wrote: > I wonder if the 'iommu=force' attribute is too coarse-grained though, > and if we should perhaps allow a per-device setting on architectures > that allow this. Yeah, definitly. Currently we only have iommu=pt to enable pass-through mode for _all_ devices. I think it makes sense to introduce a per-device opt-in for pass-through, but have it configured by the user and not by the device driver. If the user enables the IOMMU in his system, he expects to be secure against DMA attacks. If drivers could opt-out, every protection would be voided. Joerg -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
