On Mon, Nov 21, 2011 at 03:35:05PM -0800, Chris Wright wrote: > What is the value of a group w/out complete isolation? There is still isolation for DMA. This may be sufficient for non-KVM use-cases like a device driver partially implemented in userspace. There is no no guest then that can attack the host with wrong interrupts. > Is there a practical problem w/ conflating the subtleties above? Same argument as above. It ties the the iommu_group interface to the KVM use case. Another more pratical impact of this patch is that a reboot is required to re-enable iommu-groups. When the check happens in VFIO it is a simple module-reload. Joerg -- AMD Operating System Research Center Advanced Micro Devices GmbH Einsteinring 24 85609 Dornach General Managers: Alberto Bozzo, Andrew Bowd Registration: Dornach, Landkr. Muenchen; Registerger. Muenchen, HRB Nr. 43632 -- To unsubscribe from this list: send the line "unsubscribe linux-pci" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
