On Fri, Feb 18, 2022 at 08:55:10AM +0800, Lu Baolu wrote: > Hi folks, > > The iommu group is the minimal isolation boundary for DMA. Devices in > a group can access each other's MMIO registers via peer to peer DMA > and also need share the same I/O address space. > > Once the I/O address space is assigned to user control it is no longer > available to the dma_map* API, which effectively makes the DMA API > non-working. > > Second, userspace can use DMA initiated by a device that it controls > to access the MMIO spaces of other devices in the group. This allows > userspace to indirectly attack any kernel owned device and it's driver. This series has changed quite a lot since v1 - but I couldn't spot anything wrong with this. It is a small incremental step and I think it is fine now, so Reviewed-by: Jason Gunthorpe <jgg@xxxxxxxxxx> I hope you continue to work on the "Scrap iommu_attach/detach_group() interfaces" series and try to minimize all the special places testing against the default domain Thanks, Jason