Re: [PATCH V4 05/18] iommu/ioasid: Redefine IOASID set and allocation APIs

From: Jason Gunthorpe
Date: Tue May 25 2021 - 15:53:06 EST

Next message: Guenter Roeck: "Re: [PATCH 2/3] watchdog: Add Mstar MSC313e WDT driver"
Previous message: Guenter Roeck: "Re: [PATCH 2/3] watchdog: Add Mstar MSC313e WDT driver"
In reply to: Kirti Wankhede: "Re: [PATCH V4 05/18] iommu/ioasid: Redefine IOASID set and allocation APIs"
Next in thread: Kirti Wankhede: "Re: [PATCH V4 05/18] iommu/ioasid: Redefine IOASID set and allocation APIs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, May 26, 2021 at 12:56:30AM +0530, Kirti Wankhede wrote:

> 2. iommu backed mdev devices for SRIOV where mdev device is created per
> VF (mdev device == VF device) then that mdev device has same iommu
> protection scope as VF associated to it.

This doesn't require, and certainly shouldn't create, a fake group.

Only the VF's real IOMMU group should be used to model an iommu domain
linked to a VF. Injecting fake groups that are proxies for real groups
only opens the possibility of security problems like David is
concerned with.

Max's series approaches this properly by fully linking the struct
pci_device of the VF throughout the entire VFIO scheme, including the
group and container, while still allowing override of various VFIO
operations.

Jason

Next message: Guenter Roeck: "Re: [PATCH 2/3] watchdog: Add Mstar MSC313e WDT driver"
Previous message: Guenter Roeck: "Re: [PATCH 2/3] watchdog: Add Mstar MSC313e WDT driver"
In reply to: Kirti Wankhede: "Re: [PATCH V4 05/18] iommu/ioasid: Redefine IOASID set and allocation APIs"
Next in thread: Kirti Wankhede: "Re: [PATCH V4 05/18] iommu/ioasid: Redefine IOASID set and allocation APIs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]