search

projectacrn / acrn-hypervisor

Project ACRN hypervisor
BSD 3-Clause "New" or "Revised" License
1.14k stars 520 forks source link

Service VM shall not have capability to access IOMMU #6677

Closed yonghuah closed 2 years ago

yonghuah commented 3 years ago

The IOMMU is actually owned by hypervisor, while its MMIO is not blocked for service VM.

Requirements:

  1. Service VM need to access native ACPI table fully, hence can't not hide dmar in ACPI table of Service VM.
  2. Need to block Service VM from accessing dmar hardware even it can be detected in ACPI table.
  3. there is no such restriction on pre-launched & post launched VM.
yonghuah commented 3 years ago

[External_System_ID] ACRN-7331

NanlinXie commented 2 years ago

Closed since patch merged without regression.