3

I have several assumptions in mind please correct me if I'm wrong:

  1. Without a real IOMMU a DMA-Transfer would be a security risk, because a guest could transfer garbage in Host Memory.
  2. A valid DMA-Transfer between guest memory and passthrough device without a real IOMMU is not possible.
  3. The Host-OS is not aware of any DMA-related things related to the passthrough device

An now some questions:

  • related to Point 3: Is there a way to get any information about a DMA-Transfer with a passthrough device?
  • If I don't have DMA-Remapping on, would KVM complain about it?
  • Is there a possibillity to deny any DMA-related stuff for the guest with the passthrough device?
4

1 回答 1

3

在进行一些研究时遇到了这个老问题,并认为我会为任何感兴趣的人发布答案。

关于第 1 点。没有 IOMMU,您根本无法进行直通。I/O 设备位于内核空间中。来宾内核是一个用户进程,它只认为它在内核空间中运行。

至于问题:

使用仿真设备,仿真器代码会拦截所有 DMA 设置并确保它们有效。使用 PCI 直通,寄存器读取和写入将直接发送到设备,或发送到设备上的 VF 以用于 SR-IOV,因此 KVM 或客户机之外的任何其他代码没有机会验证、给出错误或抱怨。

于 2013-03-29T22:53:26.027 回答