* Joerg Roedel (joerg.roedel@xxxxxxx) wrote: > On Mon, Nov 21, 2011 at 03:35:05PM -0800, Chris Wright wrote: > > > What is the value of a group w/out complete isolation? > > There is still isolation for DMA. This may be sufficient for non-KVM > use-cases like a device driver partially implemented in userspace. There > is no no guest then that can attack the host with wrong interrupts. There is a userspace process that could though. I think I'm missing the distinction. In either case there is unprivileged code that could program the hw to generate PCI write transactions that negatively effect the system. > > Is there a practical problem w/ conflating the subtleties above? > > Same argument as above. It ties the the iommu_group interface to the KVM > use case. I don't agree that it's the KVM use case. It's the unprivileged code owning a device use case. The promise of SR-IOV + IOMMU + PASID shows hw is trying to go there. > Another more pratical impact of this patch is that a reboot is > required to re-enable iommu-groups. When the check happens in VFIO it is > a simple module-reload. I suppose, however iommu itself is managed via kernel cmdline and reboot... I guess we agree that we need to be able to give the user some way of managing the risk they're willing to take, and just not on where the flag should go? thanks, -chris -- To unsubscribe from this list: send the line "unsubscribe linux-pci" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
