On Tue, Apr 19, 2016 at 12:26:44PM -0400, David Woodhouse wrote: > On Tue, 2016-04-19 at 19:20 +0300, Michael S. Tsirkin wrote: > > > > > I thought that PLATFORM served that purpose. Woudn't the host > > > advertise PLATFORM support and, if the guest doesn't ack it, the host > > > device would skip translation? Or is that problematic for vfio? > > > > Exactly that's problematic for security. > > You can't allow guest driver to decide whether device skips security. > > Right. Because fundamentally, this *isn't* a property of the endpoint > device, and doesn't live in virtio itself. > > It's a property of the platform IOMMU, and lives there. It's a property of the hypervisor virtio implementation, and lives there. -- MST _______________________________________________ Virtualization mailing list Virtualization@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linuxfoundation.org/mailman/listinfo/virtualization
