On Thu, May 14, 2020 at 10:52:09AM -0600, Alex Williamson wrote: > vfio_unregister_iommu_driver(&vfio_noiommu_ops); > diff --git a/drivers/vfio/vfio_iommu_type1.c b/drivers/vfio/vfio_iommu_type1.c > index 62ba6bd8a486..8d6286d89230 100644 > +++ b/drivers/vfio/vfio_iommu_type1.c > @@ -61,6 +61,11 @@ module_param_named(dma_entry_limit, dma_entry_limit, uint, 0644); > MODULE_PARM_DESC(dma_entry_limit, > "Maximum number of user DMA mappings per container (65535)."); > > +static bool strict_mmio_maps = true; > +module_param_named(strict_mmio_maps, strict_mmio_maps, bool, 0644); > +MODULE_PARM_DESC(strict_mmio_maps, > + "Restrict DMA mappings of MMIO to those provided by vfio bus drivers supporting invalidation (true)."); > + This should probably explain that 'false' allows some kind of security issue and maybe taint the kernel? Do you think there is a reason to have this anyhow? Jason
