From mboxrd@z Thu Jan  1 00:00:00 1970
From: Avi Kivity <avi@redhat.com>
Subject: Re: [PATCH] VFIO driver: Non-privileged user level PCI drivers
Date: Sun, 30 May 2010 16:13:59 +0300
Message-ID: <4C026497.8070901@redhat.com>
References: <4c004cba.Z/2Hpd7reetFaFC5%pugs@cisco.com> <20100530121944.GH27611@redhat.com> <4C025999.7080706@redhat.com> <20100530124949.GI27611@redhat.com> <4C0261C1.9090204@redhat.com> <20100530130332.GM27611@redhat.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: Tom Lyon <pugs@cisco.com>, linux-kernel@vger.kernel.org,
	kvm@vger.kernel.org, chrisw@sous-sol.org, joro@8bytes.org,
	hjk@linutronix.de, gregkh@suse.de, aafabbri@cisco.com,
	scofeldm@cisco.com
To: "Michael S. Tsirkin" <mst@redhat.com>
Return-path: <kvm-owner@vger.kernel.org>
Received: from mx1.redhat.com ([209.132.183.28]:47120 "EHLO mx1.redhat.com"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1752529Ab0E3NOK (ORCPT <rfc822;kvm@vger.kernel.org>);
	Sun, 30 May 2010 09:14:10 -0400
In-Reply-To: <20100530130332.GM27611@redhat.com>
Sender: kvm-owner@vger.kernel.org
List-ID: <kvm.vger.kernel.org>

On 05/30/2010 04:03 PM, Michael S. Tsirkin wrote:
>
>    
>>>>> IMO this was because this driver does two things: programming iommu and
>>>>> handling interrupts. uio does interrupt handling.
>>>>> We could have moved iommu / DMA programming to
>>>>> a separate driver, and have uio work with it.
>>>>> This would solve limitation of the current driver
>>>>> that is needs an iommu domain per device.
>>>>>
>>>>>
>>>>>            
>>>> How do we enforce security then?  We need to ensure that unprivileged
>>>> users can only use the device with an iommu.
>>>>
>>>>          
>>> Force assigning to iommu before we allow any other operation?
>>>
>>>        
>> That means the driver must be aware of the iommu.
>>      
> The userspace driver? Yes. And It is a good thing to be explicit
> there anyway, since this lets userspace map a non-contigious
> virtual address list into a contiguous bus address range.
>    

No, the kernel driver.  It cannot allow userspace to enable bus 
mastering unless it knows the iommu is enabled for the device and remaps 
dma to user pages.


-- 
error compiling committee.c: too many arguments to function