• Lu Baolu's avatar
    vfio: Set DMA ownership for VFIO devices · 70693f47
    Lu Baolu authored
    Claim group dma ownership when an IOMMU group is set to a container,
    and release the dma ownership once the iommu group is unset from the
    container.
    
    This change disallows some unsafe bridge drivers to bind to non-ACS
    bridges while devices under them are assigned to user space. This is an
    intentional enhancement and possibly breaks some existing
    configurations. The recommendation to such an affected user would be
    that the previously allowed host bridge driver was unsafe for this use
    case and to continue to enable assignment of devices within that group,
    the driver should be unbound from the bridge device or replaced with the
    pci-stub driver.
    
    For any bridge driver, we consider it unsafe if it satisfies any of the
    following conditions:
    
      1) The bridge driver uses DMA. Calling pci_set_master() or calling any
         kernel DMA API (dma_map_*() and etc.) is an indicate that the
         driver is doing DMA.
    
      2) If the bridge driver uses MMIO, it should be tolerant to hostile
         userspace also touching the same MMIO registers via P2P DMA
         attacks.
    
    If the bridge driver turns out to be a safe one, it could be used as
    before by setting the driver's .driver_managed_dma field, just like what
    we have done in the pcieport driver.
    Signed-off-by: default avatarLu Baolu <baolu.lu@linux.intel.com>
    Reviewed-by: default avatarJason Gunthorpe <jgg@nvidia.com>
    Acked-by: default avatarAlex Williamson <alex.williamson@redhat.com>
    Link: https://lore.kernel.org/r/20220418005000.897664-8-baolu.lu@linux.intel.comSigned-off-by: default avatarJoerg Roedel <jroedel@suse.de>
    70693f47
vfio_platform.c 2.17 KB