On 24/12/2015 15:51, Alex Williamson wrote: > No. A privileged entity needs to grant a user ownership of a group and > sufficient locked memory limits to make it useful, but then use of the > group does not require root permission.
So we're thinking how we can force the VFs in these cases to be in the same IOMMU group with the PF, and make sure it is vfio-pci that probes them. We thought about the following: We could add a flag to pci_dev->dev_flags on the PF, that says that the PF's VFs must be in the same IOMMU group with it. Modify iommu_group_get_for_pci_dev() so that it will return the PFs group for VFs whose PF has that flag set. In the vfio_group_nb_add_dev() function set driver_override to "vfio-pci" for PCI devices that are added to a live group. That would prevent the host from probing these devices with the default driver. What do you think? Regards, Haggai and Ilya -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
