From mboxrd@z Thu Jan  1 00:00:00 1970
From: Jason Gunthorpe <jgg@nvidia.com>
Date: Mon, 11 Jul 2022 18:46:37 +0000
Subject: Re: [PATCH kernel] powerpc/iommu: Add iommu_ops to report capabilities and allow blocking domains
Message-Id: <YsxwDTBLxyo5W3uQ@nvidia.com>
List-Id: <kvm-ppc.vger.kernel.org>
References: <20220707135552.3688927-1-aik@ozlabs.ru>
 <20220707151002.GB1705032@nvidia.com>
 <bb8f4c93-6cbc-0106-d4c1-1f3c0751fbba@ozlabs.ru>
 <bbe29694-66a3-275b-5a79-71237ad7388f@ozlabs.ru>
 <20220708115522.GD1705032@nvidia.com>
 <8329c51a-601e-0d93-41b4-2eb8524c9bcb@ozlabs.ru>
 <Yspx307fxRXT67XG@nvidia.com>
 <861e8bd1-9f04-2323-9b39-d1b46bf99711@ozlabs.ru>
 <64bc8c04-2162-2e4b-6556-03b9dde051e2@ozlabs.ru>
In-Reply-To: <64bc8c04-2162-2e4b-6556-03b9dde051e2@ozlabs.ru>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
To: Alexey Kardashevskiy <aik@ozlabs.ru>
Cc: linuxppc-dev@lists.ozlabs.org, Robin Murphy <robin.murphy@arm.com>, Michael Ellerman <mpe@ellerman.id.au>, Joerg Roedel <jroedel@suse.de>, Joel Stanley <joel@jms.id.au>, Alex Williamson <alex.williamson@redhat.com>, Oliver O'Halloran <oohall@gmail.com>, kvm-ppc@vger.kernel.org, kvm@vger.kernel.org, Daniel Henrique Barboza <danielhb413@gmail.com>, Fabiano Rosas <farosas@linux.ibm.com>, Murilo Opsfelder Araujo <muriloo@linux.ibm.com>, Nicholas Piggin <npiggin@gmail.com>, David Gibson <david@gibson.dropbear.id.au>

On Mon, Jul 11, 2022 at 11:24:32PM +1000, Alexey Kardashevskiy wrote:

> I really think that for 5.19 we should really move this blocked domain
> business to Type1 like this:
> 
> https://github.com/aik/linux/commit/96f80c8db03b181398ad355f6f90e574c3ada4bf

This creates the same security bug for power we are discussing here. If you
don't want to fix it then lets just merge this iommu_ops patch as is rather than
mangle the core code.

Jason