IOMMU groups – security impact

When looking at howtos for GPU passthrough, I’ve seen mentions about checking the IOMMU groups, without much explanation. IIUC, IOMMU is important for preventing DMA attacks.

Why are IOMMU groups so important with GPU passthrough? When I assign PCI devices within the same IOMMU group to multiple VMs (especially to dom0), does it mean that all those VMs can affect each other with DMA?

And if it is so important with GPU, is it also important with other PCIe devices? If not, what makes them so different from GPUs?

1 Like

This should answer some of your questions: