Specifically, devices that do not support PCI-e FLR and were not
gracefully shutdown by the guest OS could continue to issue DMA
requests after the VM was terminated. The changes in r305485 meant
that those DMA requests were completed against the host's memory which
could result in random memory corruption. Instead, leave ppt devices
that are not attached to a VM disabled in the IOMMU and only restore
the devices to the host domain if the ppt(4) driver is detached from a
As an added safety belt, disable busmastering for a pass-through device
when before adding it to the host domain during ppt(4) detach.
Tested by: Harry Schmalzbauer <firstname.lastname@example.org>
Perhaps the busmaster disable should be done when detaching a ppt
device from a VM in case the reset fails to disable busmastering?