| commit | d70a8e471718c5680615381738bb4d086b513675 | |
| author | Alex Williamson <alex.williamson@redhat.com> | |
| Thu, 14 Jul 2011 19:27:03 +0000 (14 13:27 -0600) | ||
| committer | Marcelo Tosatti <mtosatti@redhat.com> | |
| Tue, 19 Jul 2011 14:42:46 +0000 (19 11:42 -0300) | ||
| tree | 6a47d689fef85b41f58790dda6e6ff00275c2bd5 | treesnapshot (tar.gz zip) |
| parent | 6942190c5db3934744760cbbe71d9170d4049ce7 | commitdiff |
kvm: Disable device assignment without interrupt remapping
IOMMU interrupt remapping support provides a further layer of
isolation for device assignment by preventing arbitrary interrupt
block DMA writes by a malicious guest from reaching the host. By
default, we should require that the platform provides interrupt
remapping support, with an opt-in mechanism for existing behavior.
Both AMD IOMMU and Intel VT-d2 hardware support interrupt
remapping, however we currently only have software support on
the Intel side. Users wishing to re-enable device assignment
when interrupt remapping is not supported on the platform can
use the "allow_unsafe_assigned_interrupts=1" module option.
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
IOMMU interrupt remapping support provides a further layer of
isolation for device assignment by preventing arbitrary interrupt
block DMA writes by a malicious guest from reaching the host. By
default, we should require that the platform provides interrupt
remapping support, with an opt-in mechanism for existing behavior.
Both AMD IOMMU and Intel VT-d2 hardware support interrupt
remapping, however we currently only have software support on
the Intel side. Users wishing to re-enable device assignment
when interrupt remapping is not supported on the platform can
use the "allow_unsafe_assigned_interrupts=1" module option.
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
| virt/kvm/iommu.c | diffblobblamehistory |