On 15.01.2010, at 14:11, Pasi Kärkkäinen wrote: > On Thu, Jan 14, 2010 at 12:31:32PM -0600, Ryan C. Underwood wrote: >> >> >> On Thu, Jan 14, 2010 at 05:54:51PM +0200, Avi Kivity wrote: >>> On 01/14/2010 05:47 PM, Michael S. Tsirkin wrote: >>>> >>>>> Michael, I think 'DisINTx-' means the device is not PCI 2.3 compliant? >>>> No it doesn't, just that interrupt disable bit is not set. >>> >>> Thanks. Ryan, while kvm doesn't support assigning a device with >>> shared interrupts now, in the future it will likely be possible to >>> share it. You'll still need an iommu. >> >> No IOMMU on this machine and this is all integrated hardware. >> >> This IOMMU requirement seems so strange. I used to pass through PCI >> devices ages ago when using the DOSEMU emulator. It emulated PCI BIOS >> functions and mapped the PCI config space and memory regions into the >> emulator process. The device interrupt was grabbed and handled in the >> emulator's kernel support, waking up the emulator when an interrupt came >> in. >> >> I don't really know anything about kvm internals, but I'd like to >> understand more about the particulars of the IOMMU requirement if you >> don't mind. >> > > Xen supports PCI passthrough to PV guests without IOMMU. This can create > security problems, since the guests get DMA access to physical hardware, > but that's usually OK in the situations where you want to use PCI > passthrough on your desktop or on your development box. That's why there way PV support for DMA in KVM too, but it turned out to be rather unmaintained and hard to detect if it actually works. Because if the guest then just didn't use the PV parts to remap its DMA regions, your PCI card ended up writing into random host memory regions. WIthout you knowing. Xen doesn't have that problem as badly as we do, because it can guarantee that a PV guest is PV aware. On KVM PV is an optional add-in. All guests start off being fully virtualized. So we voted for dropping PV DMA support in KVM and just went with the IOMMU only approach. In the long run that's a pretty straight-forward hardware requirement. And if you're using KVM you're used to hardware requirements already anyways ;-). Alex-- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
