[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [vfio-users] DMA restriction in VM's?



On Thu, 13 Apr 2017 19:58:05 -0400
"Taiidan gmx com" <Taiidan gmx com> wrote:

> Do VM's receive IOMMU protection or is that only for the VMM? to prevent 
> unauthorized peer>peer DMA and of course device>host DMA.

The VM itself is isolated with the IOMMU by default, devices within the
VM can only DMA to guest memory.  We do configure translations to allow
peer-to-peer for devices assigned to the same VM, but whether this
actually works depends on the hardware support.  There is emulated VT-d
support for vfio under development which will probably enter QEMU after
the 2.9 release.  This will isolate individual devices within the VM,
but there's a pretty significant performance cost in the DMA mapping
and unmapping path for dynamic DMA mapping within the VM.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]