On Tue, Apr 19, 2016 at 12:26:44PM -0400, David Woodhouse wrote: > On Tue, 2016-04-19 at 19:20 +0300, Michael S. Tsirkin wrote: > > > > > I thought that PLATFORM served that purpose. Woudn't the host > > > advertise PLATFORM support and, if the guest doesn't ack it, the host > > > device would skip translation? Or is that problematic for vfio? > > > > Exactly that's problematic for security. > > You can't allow guest driver to decide whether device skips security. > > Right. Because fundamentally, this *isn't* a property of the endpoint > device, and doesn't live in virtio itself. > > It's a property of the platform IOMMU, and lives there. It's a property of the hypervisor virtio implementation, and lives there. -- MST -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
