• Alex Williamson's avatar
    KVM: IOMMU: Disable device assignment without interrupt remapping · 3f68b031
    Alex Williamson authored
    IOMMU interrupt remapping support provides a further layer of
    isolation for device assignment by preventing arbitrary interrupt
    block DMA writes by a malicious guest from reaching the host.  By
    default, we should require that the platform provides interrupt
    remapping support, with an opt-in mechanism for existing behavior.
    
    Both AMD IOMMU and Intel VT-d2 hardware support interrupt
    remapping, however we currently only have software support on
    the Intel side.  Users wishing to re-enable device assignment
    when interrupt remapping is not supported on the platform can
    use the "allow_unsafe_assigned_interrupts=1" module option.
    
    [avi: break long lines]
    Signed-off-by: default avatarAlex Williamson <alex.williamson@redhat.com>
    Signed-off-by: default avatarMarcelo Tosatti <mtosatti@redhat.com>
    Signed-off-by: default avatarAvi Kivity <avi@redhat.com>
    3f68b031
iommu.c 7.81 KB