On Thu, Jun 03, 2021 at 04:26:08PM +1000, David Gibson wrote: > > There are global properties in the /dev/iommu FD, like what devices > > are part of it, that are important for group security operations. This > > becomes confused if it is split to many FDs. > > I'm still not seeing those. I'm really not seeing any well-defined > meaning to devices being attached to the fd, but not to a particular > IOAS. Kevin can you add a section on how group security would have to work to the RFC? This is the idea you can't attach a device to an IOASID unless all devices in the IOMMU group are joined to the /dev/iommu FD. The basic statement is that userspace must present the entire group membership to /dev/iommu to prove that it has the security right to manipulate their DMA translation. It is the device centric analog to what the group FD is doing for security. Jason
