RE: [RFC] /dev/ioasid uAPI proposal

From: Tian, Kevin
Date: Fri Jun 04 2021 - 02:27:41 EST

Next message: Hongbo Li: "[PATCH v2] crypto: sm2 - fix a memory leak in sm2"
Previous message: Neil Armstrong: "Re: [PATCH] clk: meson: g12a: Add missing NNA source clocks for g12b"
In reply to: Jason Gunthorpe: "Re: [RFC] /dev/ioasid uAPI proposal"
Next in thread: Tian, Kevin: "RE: [RFC] /dev/ioasid uAPI proposal"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> From: Jason Gunthorpe <jgg@xxxxxxxxxx>
> Sent: Thursday, June 3, 2021 8:46 PM
>
> On Thu, Jun 03, 2021 at 04:26:08PM +1000, David Gibson wrote:
>
> > > There are global properties in the /dev/iommu FD, like what devices
> > > are part of it, that are important for group security operations. This
> > > becomes confused if it is split to many FDs.
> >
> > I'm still not seeing those. I'm really not seeing any well-defined
> > meaning to devices being attached to the fd, but not to a particular
> > IOAS.
>
> Kevin can you add a section on how group security would have to work
> to the RFC? This is the idea you can't attach a device to an IOASID
> unless all devices in the IOMMU group are joined to the /dev/iommu FD.
>
> The basic statement is that userspace must present the entire group
> membership to /dev/iommu to prove that it has the security right to
> manipulate their DMA translation.
>
> It is the device centric analog to what the group FD is doing for
> security.
>

Yes, will do.

Thanks
Kevin

Next message: Hongbo Li: "[PATCH v2] crypto: sm2 - fix a memory leak in sm2"
Previous message: Neil Armstrong: "Re: [PATCH] clk: meson: g12a: Add missing NNA source clocks for g12b"
In reply to: Jason Gunthorpe: "Re: [RFC] /dev/ioasid uAPI proposal"
Next in thread: Tian, Kevin: "RE: [RFC] /dev/ioasid uAPI proposal"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]