Sorry, I was thinking of kernel modules and said packages (virtio-X are
kernel modules) . Thanks,
Steve Novakov
B.A.Sc Engineering Physics
PhD Student - Physics
University of Michigan - Ann Arbor
On 6/11/2016 10:54 PM, Steve Novakov wrote:
Hello Yang,
To add to this, a list of mandatory packages would be helpful as well
(like if I need some additional virtio- packages). Thank you,
Steve Novakov
B.A.Sc Engineering Physics
PhD Student - Physics
University of Michigan - Ann Arbor
On 6/11/2016 9:55 PM, Steve Novakov wrote:
Hello Yang,
allow_unsafe_interupts actually means the interrupt remapping on
Intel IOMMU which is a security feature. Without it, a malicious VM
can attack the host, see below document for more details:
http://invisiblethingslab.com/resources/2011/Software%20Attacks%20on%20Intel%20VT-d.pdf
Should I take that to mean that "allow_unsafe_interrupts" is actually
a security feature??? Is this the discussed "interrupt remapping" in
the whitepaper? I am interpreting that paper as saying that this
interrupt remapping does *not* use the supplied DMAR table. Is that
correct?
Also, you can try to upgrade your BIOS to fix it.
I'll take a look but I think I have the latest (which means, from
~2011 probably) BIOS version.
Could I also ask you outright what entire set of boot options you
would pass when booting into a kvm system with IOMMU enabled? I would
love some "default" set of boot options to compare to, as opposed to
random ones from assorted forums.
Thank you for the prompt reply!
Steve Novakov
B.A.Sc Engineering Physics
PhD Student - Physics
University of Michigan - Ann Arbor
On 6/11/2016 9:46 PM, Yang Zhang wrote:
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html