Re: [RFC] /dev/ioasid uAPI proposal
From: Jason Gunthorpe
Date: Thu Jun 03 2021 - 08:46:13 EST
On Thu, Jun 03, 2021 at 04:26:08PM +1000, David Gibson wrote:
> > There are global properties in the /dev/iommu FD, like what devices
> > are part of it, that are important for group security operations. This
> > becomes confused if it is split to many FDs.
>
> I'm still not seeing those. I'm really not seeing any well-defined
> meaning to devices being attached to the fd, but not to a particular
> IOAS.
Kevin can you add a section on how group security would have to work
to the RFC? This is the idea you can't attach a device to an IOASID
unless all devices in the IOMMU group are joined to the /dev/iommu FD.
The basic statement is that userspace must present the entire group
membership to /dev/iommu to prove that it has the security right to
manipulate their DMA translation.
It is the device centric analog to what the group FD is doing for
security.
Jason