On Mon, May 10, 2021 at 06:25:08AM -0700, Jacob Pan wrote: > The mm parameter in iommu_sva_bind_device() is intended for privileged > process perform bind() on behalf of other processes. This use case has > yet to be materialized, let alone potential security implications of > adding kernel hooks without explicit user consent. > In addition, with the agreement that IOASID allocation shall be subject > cgroup limit. It will be inline with misc cgroup proposal if IOASID > allocation as part of the SVA bind is limited to the current task. > > Link: > https://lore.kernel.org/linux-iommu/20210303160205.151d114e@jacob-builder/ > Link: https://lore.kernel.org/linux-iommu/YFhiMLR35WWMW%2FHu@myrica/ > Signed-off-by: Jacob Pan <[email protected]>
I'm not particularly enthusiastic about this change, because restoring the mm parameter will be difficult after IOMMU drivers start assuming everything is on current. Regardless, it looks correct and makes my life easier (and lightens my test suite quite a bit). Reviewed-by: Jean-Philippe Brucker <[email protected]> _______________________________________________ iommu mailing list [email protected] https://lists.linuxfoundation.org/mailman/listinfo/iommu
