On Thu, Mar 19, 2020 at 02:54:11PM +0100, David Hildenbrand wrote: > Why does the balloon driver not support VIRTIO_F_IOMMU_PLATFORM? It is > absolutely not clear to me. The introducing commit mentioned that it > "bypasses DMA". I fail to see that.
Well sure one can put the balloon behind an IOMMU. If will shuffle PFN lists through a shared page. Problem is, you can't run an untrusted driver with it since if you do it can corrupt guest memory. And VIRTIO_F_IOMMU_PLATFORM so far meant that you can run a userspace driver. Maybe we need a separate feature bit for this kind of thing where you assume the driver is trusted? Such a bit - unlike VIRTIO_F_IOMMU_PLATFORM - would allow legacy guests ... -- MST
