On Tue, 2016-04-19 at 19:20 +0300, Michael S. Tsirkin wrote: > > > I thought that PLATFORM served that purpose. Woudn't the host > > advertise PLATFORM support and, if the guest doesn't ack it, the host > > device would skip translation? Or is that problematic for vfio? > > Exactly that's problematic for security. > You can't allow guest driver to decide whether device skips security. Right. Because fundamentally, this *isn't* a property of the endpoint device, and doesn't live in virtio itself. It's a property of the platform IOMMU, and lives there. -- dwmw2
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
