From mboxrd@z Thu Jan 1 00:00:00 1970 From: Benjamin Herrenschmidt Date: Mon, 17 Jun 2013 03:56:01 +0000 Subject: Re: [PATCH 3/4] KVM: PPC: Add support for IOMMU in-kernel handling Message-Id: <1371441361.21896.152.camel@pasglop> List-Id: References: <1370412673-1345-1-git-send-email-aik@ozlabs.ru> <1370412673-1345-4-git-send-email-aik@ozlabs.ru> <1371422343.21896.143.camel@pasglop> <1371438800.22681.38.camel@ul30vt.home> In-Reply-To: <1371438800.22681.38.camel@ul30vt.home> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: Alex Williamson Cc: Alexey Kardashevskiy , linuxppc-dev@lists.ozlabs.org, David Gibson , Alexander Graf , Paul Mackerras , kvm@vger.kernel.org, linux-kernel@vger.kernel.org, kvm-ppc@vger.kernel.org On Sun, 2013-06-16 at 21:13 -0600, Alex Williamson wrote: > IOMMU groups themselves don't provide security, they're accessed by > interfaces like VFIO, which provide the security. Given a brief look, I > agree, this looks like a possible backdoor. The typical VFIO way to > handle this would be to pass a VFIO file descriptor here to prove that > the process has access to the IOMMU group. This is how /dev/vfio/vfio > gains the ability to setup an IOMMU domain an do mappings with the > SET_CONTAINER ioctl using a group fd. Thanks, How do you envision that in the kernel ? IE. I'm in KVM code, gets that vfio fd, what do I do with it ? Basically, KVM needs to know that the user is allowed to use that iommu group. I don't think we want KVM however to call into VFIO directly right ? Cheers, Ben.