On Thu, 13 Apr 2017 19:58:05 -0400
"taii...@gmx.com" <taii...@gmx.com> wrote:

> Do VM's receive IOMMU protection or is that only for the VMM? to prevent 
> unauthorized peer>peer DMA and of course device>host DMA.

The VM itself is isolated with the IOMMU by default, devices within the
VM can only DMA to guest memory.  We do configure translations to allow
peer-to-peer for devices assigned to the same VM, but whether this
actually works depends on the hardware support.  There is emulated VT-d
support for vfio under development which will probably enter QEMU after
the 2.9 release.  This will isolate individual devices within the VM,
but there's a pretty significant performance cost in the DMA mapping
and unmapping path for dynamic DMA mapping within the VM.

_______________________________________________
vfio-users mailing list
vfio-users@redhat.com
https://www.redhat.com/mailman/listinfo/vfio-users

Reply via email to