git.samba.org - sfrench/cifs-2.6.git/commit

author	Jason Gunthorpe <jgg@nvidia.com>
	Wed, 4 May 2022 19:14:45 +0000 (16:14 -0300)
committer	Alex Williamson <alex.williamson@redhat.com>
	Fri, 13 May 2022 16:14:20 +0000 (10:14 -0600)
commit	3e5449d5f954f537522906dfcb6a76e2b035521f
tree	aa2419991cf9350a29dbb1c03f18eee3834541db	tree
parent	ba70a89f3c2a8279809ea0fc7684857c91938b8a	commit \| diff

kvm/vfio: Remove vfio_group from kvm

None of the VFIO APIs take in the vfio_group anymore, so we can remove it
completely.

This has a subtle side effect on the enforced coherency tracking. The
vfio_group_get_external_user() was holding on to the container_users which
would prevent the iommu_domain and thus the enforced coherency value from
changing while the group is registered with kvm.

It changes the security proof slightly into 'user must hold a group FD
that has a device that cannot enforce DMA coherence'. As opening the group
FD, not attaching the container, is the privileged operation this doesn't
change the security properties much.

On the flip side it paves the way to changing the iommu_domain/container
attached to a group at runtime which is something that will be required to
support nested translation.

Reviewed-by: Kevin Tian <kevin.tian@intel.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>i
Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
Link: https://lore.kernel.org/r/7-v3-f7729924a7ea+25e33-vfio_kvm_no_group_jgg@nvidia.com
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>