On Mon, Jul 22, 2024, privacymiscoccasion@xxxxxxx wrote: > Hi everyone, > > I'm coming over from reading about Qubes OS, which uses the Xen hypervisor. > In Qubes, the way that untrusted devices like USBs are handled is that they > are pass through to a VM, which then (I presume) allows other guests to > access them using virtual drivers. > > I'm looking for a theoretical explanation on how this would be possible with > KVM. I am not a developer and thus am having difficulty understanding how > one would let a guest access virtual drivers connecting to hardware devices > like USB and PCIe from another guest. > > Any help/practical examples of this would be greatly appreciated. This seems > to be a hard topic to find and so far I haven't come across anything like > this. In Linux, this would be done via VFIO[1]. VFIO allows assigning devices to host userspace, and thus to KVM guests. Very rougly speaking, most assets that get exposed to KVM guests are proxied through host userspace. I haven't actually read the DPDK docs[2], but if you get stuck with VFIO in particular, my guess is that they're a good starting point (beyond any VFIO+KVM tutorials). [1] https://docs.kernel.org/driver-api/vfio.html [2] https://doc.dpdk.org/guides/linux_gsg/linux_drivers.html
