On Sat, Jun 29, 2019 at 12:17:22AM +0200, Paolo Bonzini wrote: > On 28/06/19 16:06, Michael S. Tsirkin wrote: > >> + assert(kvm_irqchip_in_kernel()); > > Hmm - irqchip in kernel actually increases the attack surface, > > does it not? Or at least, the severity of the attacks. > > Yeah, we should at least support split irqchip. But, irqchip completely > in userspace is slow when it is not broken, and it does not support > APICv. So it's not really feasible. > > Paolo
Right, I meant split. -- MST
