From mboxrd@z Thu Jan 1 00:00:00 1970 From: Steve Novakov Subject: Re: X58 Virtualization w/ Linux Date: Sat, 11 Jun 2016 22:57:03 -0400 Message-ID: References: <03f27bbf-f8ad-b377-c194-adaefe808077@stevenovakov.com> <16de4d42-d7ef-a996-842e-34e4c85dfcb7@stevenovakov.com> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit To: Yang Zhang , kvm@vger.kernel.org Return-path: Received: from gateway21.websitewelcome.com ([192.185.45.228]:55768 "EHLO gateway21.websitewelcome.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753346AbcFLDVi (ORCPT ); Sat, 11 Jun 2016 23:21:38 -0400 Received: from cm6.websitewelcome.com (cm6.websitewelcome.com [108.167.139.19]) by gateway21.websitewelcome.com (Postfix) with ESMTP id 920F5C6DA07E6 for ; Sat, 11 Jun 2016 21:57:09 -0500 (CDT) In-Reply-To: <16de4d42-d7ef-a996-842e-34e4c85dfcb7@stevenovakov.com> Sender: kvm-owner@vger.kernel.org List-ID: Sorry, I was thinking of kernel modules and said packages (virtio-X are kernel modules) . Thanks, Steve Novakov B.A.Sc Engineering Physics PhD Student - Physics University of Michigan - Ann Arbor On 6/11/2016 10:54 PM, Steve Novakov wrote: > Hello Yang, > > To add to this, a list of mandatory packages would be helpful as well > (like if I need some additional virtio- packages). Thank you, > > Steve Novakov > B.A.Sc Engineering Physics > PhD Student - Physics > University of Michigan - Ann Arbor > > On 6/11/2016 9:55 PM, Steve Novakov wrote: >> Hello Yang, >> >>> allow_unsafe_interupts actually means the interrupt remapping on >>> Intel IOMMU which is a security feature. Without it, a malicious VM >>> can attack the host, see below document for more details: >>> http://invisiblethingslab.com/resources/2011/Software%20Attacks%20on%20Intel%20VT-d.pdf >>> >> >> Should I take that to mean that "allow_unsafe_interrupts" is actually >> a security feature??? Is this the discussed "interrupt remapping" in >> the whitepaper? I am interpreting that paper as saying that this >> interrupt remapping does *not* use the supplied DMAR table. Is that >> correct? >> >>> Also, you can try to upgrade your BIOS to fix it. >> >> I'll take a look but I think I have the latest (which means, from >> ~2011 probably) BIOS version. >> >> Could I also ask you outright what entire set of boot options you >> would pass when booting into a kvm system with IOMMU enabled? I would >> love some "default" set of boot options to compare to, as opposed to >> random ones from assorted forums. >> >> Thank you for the prompt reply! >> >> Steve Novakov >> B.A.Sc Engineering Physics >> PhD Student - Physics >> University of Michigan - Ann Arbor >> On 6/11/2016 9:46 PM, Yang Zhang wrote: >> >