kvm: x86: default legacy PCI device assignment support to "n"

VFIO has proved itself a much better option than KVM's built-in device assignment. It is mature, provides better isolation because it enforces ACS, and even the userspace code is being tested on a wider variety of hardware these days than the legacy support. Disable legacy device assignment by default. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-06-04 09:51:50 +02:00 · 2015-06-04 09:51:50 +02:00 · e194bbdf36
parent f71f81d70a
commit e194bbdf36
1 changed files with 4 additions and 3 deletions
--- a/arch/x86/kvm/Kconfig
+++ b/arch/x86/kvm/Kconfig
@ -88,13 +88,14 @@ config KVM_MMU_AUDIT
 config KVM_DEVICE_ASSIGNMENT
 	bool "KVM legacy PCI device assignment support"
 	depends on KVM && PCI && IOMMU_API
-	default y
+	default n
 	---help---
 	  Provide support for legacy PCI device assignment through KVM.  The
 	  kernel now also supports a full featured userspace device driver
-	  framework through VFIO, which supersedes much of this support.
+	  framework through VFIO, which supersedes this support and provides
+	  better security.

-	  If unsure, say Y.
+	  If unsure, say N.

 # OK, it's a little counter-intuitive to do this, but it puts it neatly under
 # the virtualization menu.