On Sun, May 30, 2010 at 03:27:05PM +0300, Avi Kivity wrote:
On 05/30/2010 03:19 PM, Michael S. Tsirkin wrote:Force assigning to iommu before we allow any other operation?
On Fri, May 28, 2010 at 04:07:38PM -0700, Tom Lyon wrote:How do we enforce security then? We need to ensure that unprivileged
The VFIO "driver" is used to allow privileged AND non-privileged processes toIMO this was because this driver does two things: programming iommu and
implement user-level device drivers for any well-behaved PCI, PCI-X, and PCIe
devices.
Signed-off-by: Tom Lyon<pugs@xxxxxxxxx>
---
This patch is the evolution of code which was first proposed as a patch to
uio/uio_pci_generic, then as a more generic uio patch. Now it is taken entirely
out of the uio framework, and things seem much cleaner. Of course, there is
a lot of functional overlap with uio, but the previous version just seemed
like a giant mode switch in the uio code that did not lead to clarity for
either the new or old code.
handling interrupts. uio does interrupt handling.
We could have moved iommu / DMA programming to
a separate driver, and have uio work with it.
This would solve limitation of the current driver
that is needs an iommu domain per device.
users can only use the device with an iommu.