On Thu, 13 Apr 2017 19:58:05 -0400 "taii...@gmx.com" <taii...@gmx.com> wrote:
> Do VM's receive IOMMU protection or is that only for the VMM? to prevent > unauthorized peer>peer DMA and of course device>host DMA. The VM itself is isolated with the IOMMU by default, devices within the VM can only DMA to guest memory. We do configure translations to allow peer-to-peer for devices assigned to the same VM, but whether this actually works depends on the hardware support. There is emulated VT-d support for vfio under development which will probably enter QEMU after the 2.9 release. This will isolate individual devices within the VM, but there's a pretty significant performance cost in the DMA mapping and unmapping path for dynamic DMA mapping within the VM. _______________________________________________ vfio-users mailing list vfio-users@redhat.com https://www.redhat.com/mailman/listinfo/vfio-users