RE: [PATCH v11 19/23] vfio: Add VFIO_DEVICE_BIND_IOMMUFD

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> From: Tian, Kevin <kevin.tian@xxxxxxxxx>
> Sent: Wednesday, May 24, 2023 10:39 AM
> 
> > From: Liu, Yi L <yi.l.liu@xxxxxxxxx>
> > Sent: Wednesday, May 24, 2023 10:21 AM
> >
> > > >
> > > > vfio_device_open_file()
> > > > {
> > > > 	dev_warn(device->dev, "vfio-noiommu device opened by user "
> > > > 		   "(%s:%d)\n", current->comm, task_pid_nr(current));
> > > > }
> > >
> > > There needs to be a taint when VFIO_GROUP is disabled.  Thanks,
> > I see. I misunderstood you. You are asking for a taint. 😊
> >
> > Actually, I've considered it. But it appears to me the taint in
> > vfio_group_find_or_alloc() is due to vfio allocates fake iommu_group.
> > This seems to be a taint to kernel. But now, you are suggesting to add
> > a taint as long as noiommu device is registered to vfio. Is it? If so,
> 
> taint is required because the kernel is exposed to user DMA attack
> due to lacking of IOMMU protection.
> 
> fake iommu_group is just to meet vfio_group requirement.

Got it. thanks.

Regards,
Yi Liu




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Kernel Development]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite Info]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Linux Media]     [Device Mapper]

  Powered by Linux