Fitment/Use of IOMMU in KVM world when using PCI-devices

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi All.

I have been learning about a lot of inter-related things, kindly
correct me if I am wrong anywhere.
Till now, following have been broad observations :

a)
If we have IOMMU disabled on the host, things work fine in general on
a guest. But we cannot a attach a pci-device (physically attached to
host) to a guest.

b)
If we have IOMMU enabled on the host, we can attach a pci-device
(physically attached to a host) to a guest.




Going through the literature on the internet, it looks that we have
two modes supported by KVM / QEMU :

1.
Conventional shadow-mapping, which works in the most general case, for
GVA => GPA => HVA => HPA translations.

2.
EPT/NPT shadow-mapping, which works only if hardware-virtualization is
supported. As usual, the main purpose is to setup GVA => GPA => HVA =>
HPA translations.


In all the literature that mentioned the above modes, there were roles
of software-assisted MMU page-tables (at host-OS / guest-OS / kvm /
qemu).
The only mention of the IOMMU was with regard to pci-devices, to
maintain security and not letting guest-OSes create havoc on a
pci-device.





So, is the role of IOMMU to provide security/containership only?
In other words, if security was not a concern, would it still have
been possible to attach pci-devices on the guest-devices without
needing to enable the iommu?


Will be grateful to get pointers.


Thanks and Regards,
Ajay



[Index of Archives]     [KVM ARM]     [KVM ia64]     [KVM ppc]     [Virtualization Tools]     [Spice Development]     [Libvirt]     [Libvirt Users]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite Questions]     [Linux Kernel]     [Linux SCSI]     [XFree86]

  Powered by Linux