On Sun, May 04, 2008 at 11:11:46PM +0300, Shachar Shemesh wrote: > Dan Armak wrote: >> >> It does work without an IOMMU, it just doesn't protect you from a buggy >> driver causing DMA access to the wrong address. For other kinds of driver >> bugs, this might still be better than no virtualization. >> > Thing is, a real (as opposed to para-virtualized) kernel does not > know what physical addresses it runs on. It does not have to be > buggy in order to give the DMA controller the wrong addresses. > > You are right that I did not account for para-virtualized > domains. As far as I know, of the three, only Xen supports those.
KVM supports various PV domains too, although it takes a different approach than Xen. Instead of para-virtualizing everything like Xen did, it relies on Intel's VT or AMD's SVM for virtualizing the CPU, and then uses PV to optimize or enhance the domain's capabilities, e.g., installing PV drivers, a PV clock-source, or adding a para-virtualized DMA interface for solving the problem you mention above. There is another approach for direct access without an IOMMU which works for FV domains, the so-called "reserved mem" approach. With "reserved mem", a single domain is mapped in host physical memory such that guest physical addresses == host physical addresses, which lets that single domain access hardware devices directly. KVM--you guessed it--supports this too. On a side note, VMware has PV drivers too, so in that sense, it supports a limited form of PV as well. Cheers, Muli ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
