On Wed, Feb 6, 2013 at 7:08 PM, Andy Lutomirski <l...@amacapital.net> wrote: > We currently report IOMMU_CAP_INTR_REMAP whenever interrupt remapping > is enabled. Users of that capability expect it to mean that remapping > is secure (i.e. compatibility format interrupts are blocked). Explicitly > check whether CFIs are blocked and, if not, don't report the capability.
FWIW, I've wanted a feature IOMMU_CAP_SECURE that means that all DMA and MSI from the domain is secure (i.e. only does what is explicitly requested via the iommu api). The current situation is hard to understand, as evidenced by the iommu type 1 stuff in vfio. But I don't even understand what an iommu group is, and I've read a decent chunk of the code. But that's not really relevant to this patch. --Andy -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
