On Fri, Nov 18, 2011 at 09:32:36AM -0700, Alex Williamson wrote: > I guess I fail to see the difference. We group devices behind certain > bridges together because we can't distinguish DMA from those devices. > MSI presents an address window across all devices for which we > potentially can't distinguish between any of them. With an IOMMU the address window is per-device and not shared between all devices. A MSI message is nothing more than a DMA write transaction to a specific address. This message has a requestor-id so an IOMMU can distinguish between devices. The AMD IOMMU for example uses that to implement per-device remapping tables. > The trouble is that interrupt remapping closing a hole in DMA isolation > is a platform issue. Is vfio supposed to know that on architecture foo > we don't have such a hole and we don't need to look for interrupt > remapping. Or maybe that platform bar solved it differently and we need > to instead check flag MSI_OK. Current KVM doesn't care about this > because it only does device assignment on x86. >From device standpoint a MSI transaction is always a DMA memory write to a given address range. The IOMMU-API should export a feature flag whether it supports filtering on those transaction or not. We have that today with the IOMMU_CAP_INTR_REMAP. I agree that the interface to get this information is ugly because a domain is needed. But the interface can be fixed. While doing this I suggest to rename that feature IOMMU_CAP_INTR_ISOLATION or something like that. VFIO can then check for this flag on module-load and refuse to load if it is not available. Regards, Joerg -- To unsubscribe from this list: send the line "unsubscribe linux-pci" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
