KVM: Remove ability to assign a device without iommu support This option has no users and it exposes a security hole that we can allow devices to be assigned without iommu protection. Make KVM_DEV_ASSIGN_ENABLE_IOMMU a mandatory option. Signed-off-by: Alex Williamson <alex.williamson@redhat.com> Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>

commit: 423873736b78f549fbfa2f715f2e4de7e6c5e1e9 [log] [tgz]
author: Alex Williamson <alex.williamson@redhat.com> Tue Dec 20 21:59:03 2011 -0700
committer: Avi Kivity <avi@redhat.com> Sun Dec 25 17:13:31 2011 +0200
tree: 62526563ccca81957a4c100aa0bc359dcd10af08
parent: 0924ab2cfa98b1ece26c033d696651fd62896c69 [diff] [blame]
diff --git a/Documentation/virtual/kvm/api.txt b/Documentation/virtual/kvm/api.txt
index 7945b0b..ee2c96b 100644
--- a/Documentation/virtual/kvm/api.txt
+++ b/Documentation/virtual/kvm/api.txt

@@ -1151,6 +1151,9 @@
 /* Depends on KVM_CAP_IOMMU */
 #define KVM_DEV_ASSIGN_ENABLE_IOMMU	(1 << 0)
 
+The KVM_DEV_ASSIGN_ENABLE_IOMMU flag is a mandatory option to ensure
+isolation of the device.  Usages not specifying this flag are deprecated.
+
 4.49 KVM_DEASSIGN_PCI_DEVICE
 
 Capability: KVM_CAP_DEVICE_DEASSIGNMENT
commit	423873736b78f549fbfa2f715f2e4de7e6c5e1e9	[log] [tgz]
author	Alex Williamson <alex.williamson@redhat.com>	Tue Dec 20 21:59:03 2011 -0700
committer	Avi Kivity <avi@redhat.com>	Sun Dec 25 17:13:31 2011 +0200
tree	62526563ccca81957a4c100aa0bc359dcd10af08
parent	0924ab2cfa98b1ece26c033d696651fd62896c69 [diff] [blame]