> From: Tian, Kevin <kevin.tian@xxxxxxxxx>
> Sent: Wednesday, May 24, 2023 10:39 AM
>
> > From: Liu, Yi L <yi.l.liu@xxxxxxxxx>
> > Sent: Wednesday, May 24, 2023 10:21 AM
> >
> > > >
> > > > vfio_device_open_file()
> > > > {
> > > > dev_warn(device->dev, "vfio-noiommu device opened by user "
> > > > "(%s:%d)\n", current->comm, task_pid_nr(current));
> > > > }
> > >
> > > There needs to be a taint when VFIO_GROUP is disabled. Thanks,
> > I see. I misunderstood you. You are asking for a taint. 😊
> >
> > Actually, I've considered it. But it appears to me the taint in
> > vfio_group_find_or_alloc() is due to vfio allocates fake iommu_group.
> > This seems to be a taint to kernel. But now, you are suggesting to add
> > a taint as long as noiommu device is registered to vfio. Is it? If so,
>
> taint is required because the kernel is exposed to user DMA attack
> due to lacking of IOMMU protection.
>
> fake iommu_group is just to meet vfio_group requirement.
Got it. thanks.
Regards,
Yi Liu
