Re: [PATCH] intel_iommu: Disable vfio and kvm interrupt assignmentwhen unsafe

[Andy Lutomirski]

On Wed, Feb 6, 2013 at 7:08 PM, Andy Lutomirski <luto@xxxxxxxxxxxxxx> wrote:
> We currently report IOMMU_CAP_INTR_REMAP whenever interrupt remapping
> is enabled.  Users of that capability expect it to mean that remapping
> is secure (i.e. compatibility format interrupts are blocked).  Explicitly
> check whether CFIs are blocked and, if not, don't report the capability.

FWIW, I've wanted a feature IOMMU_CAP_SECURE that means that all DMA
and MSI from the domain is secure (i.e. only does what is explicitly
requested via the iommu api).  The current situation is hard to
understand, as evidenced by the iommu type 1 stuff in vfio.  But I
don't even understand what an iommu group is, and I've read a decent
chunk of the code.  But that's not really relevant to this patch.

--Andy
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/