[PATCH 3/4] KVM: PPC: Add support for IOMMU in-kernel handling
Benjamin Herrenschmidt
benh at kernel.crashing.org
Mon Jun 17 13:56:01 EST 2013
On Sun, 2013-06-16 at 21:13 -0600, Alex Williamson wrote:
> IOMMU groups themselves don't provide security, they're accessed by
> interfaces like VFIO, which provide the security. Given a brief look, I
> agree, this looks like a possible backdoor. The typical VFIO way to
> handle this would be to pass a VFIO file descriptor here to prove that
> the process has access to the IOMMU group. This is how /dev/vfio/vfio
> gains the ability to setup an IOMMU domain an do mappings with the
> SET_CONTAINER ioctl using a group fd. Thanks,
How do you envision that in the kernel ? IE. I'm in KVM code, gets that
vfio fd, what do I do with it ?
Basically, KVM needs to know that the user is allowed to use that iommu
group. I don't think we want KVM however to call into VFIO directly
right ?
Cheers,
Ben.
More information about the Linuxppc-dev
mailing list