3

I have several assumptions in mind please correct me if I'm wrong:

  1. Without a real IOMMU a DMA-Transfer would be a security risk, because a guest could transfer garbage in Host Memory.
  2. A valid DMA-Transfer between guest memory and passthrough device without a real IOMMU is not possible.
  3. The Host-OS is not aware of any DMA-related things related to the passthrough device

An now some questions:

  • related to Point 3: Is there a way to get any information about a DMA-Transfer with a passthrough device?
  • If I don't have DMA-Remapping on, would KVM complain about it?
  • Is there a possibillity to deny any DMA-related stuff for the guest with the passthrough device?
stark
  • 12,615
  • 3
  • 33
  • 50
Max Mustermann
  • 351
  • 2
  • 12

1 Answers1

3

Ran across this old question while doing some research and figured I'd post an answer for anyone interested.

About point 1. Without an IOMMU you can't do passthrough at all. I/O devices are in the kernel space. The guest kernel is a user process that only thinks it is running in kernel space.

As to the questions:

With an emulated device the emulator code intercepts all of the DMA setup and can make sure they are valid. With PCI passthrough, the register reads and writes are going directly to the device, or to a VF on the device for SR-IOV, so there is no opportunity for KVM or any other code outside the guest to validate, give errors or complain.

stark
  • 12,615
  • 3
  • 33
  • 50