RE: [PATCH v11 19/23] vfio: Add VFIO_DEVICE_BIND_IOMMUFD

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> From: Liu, Yi L <yi.l.liu@xxxxxxxxx>
> Sent: Wednesday, May 24, 2023 10:21 AM
> 
> > >
> > > vfio_device_open_file()
> > > {
> > > 	dev_warn(device->dev, "vfio-noiommu device opened by user "
> > > 		   "(%s:%d)\n", current->comm, task_pid_nr(current));
> > > }
> >
> > There needs to be a taint when VFIO_GROUP is disabled.  Thanks,
> I see. I misunderstood you. You are asking for a taint. 😊
> 
> Actually, I've considered it. But it appears to me the taint in
> vfio_group_find_or_alloc() is due to vfio allocates fake iommu_group.
> This seems to be a taint to kernel. But now, you are suggesting to add
> a taint as long as noiommu device is registered to vfio. Is it? If so,

taint is required because the kernel is exposed to user DMA attack
due to lacking of IOMMU protection.

fake iommu_group is just to meet vfio_group requirement.




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Kernel Development]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite Info]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Linux Media]     [Device Mapper]

  Powered by Linux