Re: [RFC] /dev/ioasid uAPI proposal
From: Jason Gunthorpe <jgg@nvidia.com>
Date: 2021-06-03 12:46:13
Also in:
linux-iommu, lkml
From: Jason Gunthorpe <jgg@nvidia.com>
Date: 2021-06-03 12:46:13
Also in:
linux-iommu, lkml
On Thu, Jun 03, 2021 at 04:26:08PM +1000, David Gibson wrote:
quoted
There are global properties in the /dev/iommu FD, like what devices are part of it, that are important for group security operations. This becomes confused if it is split to many FDs.I'm still not seeing those. I'm really not seeing any well-defined meaning to devices being attached to the fd, but not to a particular IOAS.
Kevin can you add a section on how group security would have to work to the RFC? This is the idea you can't attach a device to an IOASID unless all devices in the IOMMU group are joined to the /dev/iommu FD. The basic statement is that userspace must present the entire group membership to /dev/iommu to prove that it has the security right to manipulate their DMA translation. It is the device centric analog to what the group FD is doing for security. Jason