On Sun, Nov 22, 2015 at 10:21:34PM -0000, David Woodhouse wrote: > > > > There's that, and there's an "I care about security, but > > do not want to burn up cycles on fake protections that > > do not work" case. > > It would seem to make most sense for this use case simply *not* to expose > virtio devices to guests as being behind an IOMMU at all. Sure, there are > esoteric use cases where the guest actually nests and runs further guests > inside itself and wants to pass through the virtio devices from the real > hardware host. But presumably those configurations will have multiple > virtio devices assigned by the host anyway, and further tweaking the > configuration to put them behind an IOMMU shouldn't be hard. Unfortunately it's a no-go: this breaks the much less esoteric usecase of DPDK: using virtio devices with userspace drivers. Well - not breaks as such as this doesn't currently work, but this approach would prevent us from making it work. > > -- > dwmw2 _______________________________________________ Virtualization mailing list Virtualization@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linuxfoundation.org/mailman/listinfo/virtualization
