On Wed, 2013-09-04 at 19:58 +0100, David Woodhouse wrote: > On Wed, 2013-09-04 at 17:04 +0000, Matthew Garrett wrote: > > How does virt passthrough work in this case? The current situation > > appears to be that qemu just passes the BARs through to the guest, and > > it's the guest that sets things up. We'd need to be able to ensure that > > there's no way the guest driver can cause DMA into the host kernel. > > We set up the IOMMU page tables so that the virtual bus addresses seen > by the PCI device are 1:1 mapped to the guest "physical" address space. > > That is, what the PCI device sees as a "physical" address is equivalent > to what the guest sees as a "physical" address space. It can access > memory which belongs to that guest, and nothing else. So that should be > fine. But presumably the guest's view of RAM is what gets written to the BARs? I guess if we know it's constrained then there's no need to restrict the addresses that can be set - we know that they'll be unable to overlap the host RAM. -- Matthew Garrett <matthew.garrett@xxxxxxxxxx> ��.n��������+%������w��{.n�����{����*jg��������ݢj����G�������j:+v���w�m������w�������h�����٥