lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 21 Oct 2011 13:55:58 -0600
From:	Alex Williamson <alex.williamson@...hat.com>
To:	joerg.roedel@....com, dwmw2@...radead.org,
	iommu@...ts.linux-foundation.org
Cc:	linux-kernel@...r.kernel.org, chrisw@...hat.com, agraf@...e.de,
	dwg@....ibm.com, scottwood@...escale.com, B08248@...escale.com,
	benh@...nel.crashing.org, alex.williamson@...hat.com
Subject: [PATCH 0/4] iommu: iommu_ops group interface

IOMMUs can't always distiguish transactions from each individual
device in a system.  Sometimes this is by design (such as powerpc
partitionable endpoints), other times by topology (PCIe-to-PCI
bridges masking downstream devices).  We call these sets of
indistinguishable devices "groups".

In order to support secure userspace drivers, like vfio, we need
an interface to expose the device-to-group relationship.  This
allows us to create policies ensuring that userspace controls all
of the devices in the group before allowing individual device
access.

This series implements the iommu_ops API interface and sysfs
interface for exposing groups to userspace.  This also includes
the intel-iommu and amd-iommu backend implementations.  It's
intended that the vfio driver will make use of these interfaces
to support generic device assignment for virtual machines.  See
git://github.com/awilliam/linux-vfio.git (vfio-ng) for a working
example using this interface.

Patches based on Joerg's next branch to support per-bus iommu_ops.

Note the amd-iommu is untested, I'm still working on setting up
an AMD-Vi capable system.  Thanks,

Alex

---

Alex Williamson (4):
      iommu: Add option to group multi-function devices
      amd-iommu: Implement iommu_device_group
      intel-iommu: Implement iommu_device_group
      iommu: Add iommu_device_group callback and iommu_group sysfs entry


 Documentation/kernel-parameters.txt |    4 ++
 arch/ia64/include/asm/iommu.h       |    2 +
 arch/ia64/kernel/pci-dma.c          |    1 +
 arch/x86/include/asm/iommu.h        |    1 +
 arch/x86/kernel/pci-dma.c           |   11 ++++++
 drivers/iommu/amd_iommu.c           |   21 ++++++++++++
 drivers/iommu/intel-iommu.c         |   47 +++++++++++++++++++++++++++
 drivers/iommu/iommu.c               |   61 +++++++++++++++++++++++++++++++++++
 include/linux/iommu.h               |    7 ++++
 9 files changed, 154 insertions(+), 1 deletions(-)
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ