On 2/18/22 11:51 PM, Jason Gunthorpe wrote:
On Fri, Feb 18, 2022 at 08:55:10AM +0800, Lu Baolu wrote:
Hi folks,
The iommu group is the minimal isolation boundary for DMA. Devices in
a group can access each other's MMIO registers via peer to peer DMA
and also need share the same I/O address space.
Once the I/O address space is assigned to user control it is no longer
available to the dma_map* API, which effectively makes the DMA API
non-working.
Second, userspace can use DMA initiated by a device that it controls
to access the MMIO spaces of other devices in the group. This allows
userspace to indirectly attack any kernel owned device and it's driver.
This series has changed quite a lot since v1 - but I couldn't spot
anything wrong with this. It is a small incremental step and I think
it is fine now, so
Reviewed-by: Jason Gunthorpe<jgg@xxxxxxxxxx>
I hope you continue to work on the "Scrap iommu_attach/detach_group()
interfaces" series and try to minimize all the special places testing
against the default domain
Sure.
Best regards,
baolu