RE: [PATCH v11 19/23] vfio: Add VFIO_DEVICE_BIND_IOMMUFD

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> From: Liu, Yi L <yi.l.liu@xxxxxxxxx>
> Sent: Wednesday, May 24, 2023 10:41 AM
> 
> > From: Tian, Kevin <kevin.tian@xxxxxxxxx>
> > Sent: Wednesday, May 24, 2023 10:39 AM
> >
> > > From: Liu, Yi L <yi.l.liu@xxxxxxxxx>
> > > Sent: Wednesday, May 24, 2023 10:21 AM
> > >
> > > > >
> > > > > vfio_device_open_file()
> > > > > {
> > > > > 	dev_warn(device->dev, "vfio-noiommu device opened by user "
> > > > > 		   "(%s:%d)\n", current->comm, task_pid_nr(current));
> > > > > }
> > > >
> > > > There needs to be a taint when VFIO_GROUP is disabled.  Thanks,
> > > I see. I misunderstood you. You are asking for a taint. 😊
> > >
> > > Actually, I've considered it. But it appears to me the taint in
> > > vfio_group_find_or_alloc() is due to vfio allocates fake iommu_group.
> > > This seems to be a taint to kernel. But now, you are suggesting to add
> > > a taint as long as noiommu device is registered to vfio. Is it? If so,
> >
> > taint is required because the kernel is exposed to user DMA attack
> > due to lacking of IOMMU protection.
> >
> > fake iommu_group is just to meet vfio_group requirement.
> 
> Got it. thanks.

Please refer to the proposed change in [1]. The noiommu taint is
moved to the end of __vfio_register_dev() rely on the noiommu
flag set by vfio_device_set_noiommu().

[1] https://lore.kernel.org/kvm/DS0PR11MB752907D211E3703145503A12C3419@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/

Regards,
Yi Liu




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Kernel Development]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite Info]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Linux Media]     [Device Mapper]

  Powered by Linux