xen-devel
RE: [Xen-devel] [PATCH 0/5] VT-d support for PV guests
>-----Original Message-----
>From: Yang, Xiaowei
>Sent: Tuesday, May 20, 2008 3:54 PM
>To: Yang, Xiaowei
>Subject: FW: [Xen-devel] [PATCH 0/5] VT-d support for PV guests
>
>
>
>Thanks,
>Xiaowei
>________________________________________
>From: Yang Xiaowei [mailto:xiaowei.yang@xxxxxxxxx]
>Sent: Tuesday, May 20, 2008 3:53 PM
>To: Yang, Xiaowei
>Subject: Fwd: [Xen-devel] [PATCH 0/5] VT-d support for PV guests
>
>
>---------- Forwarded message ----------
>From: Keir Fraser <keir.fraser@xxxxxxxxxxxxx>
>Date: Tue, May 20, 2008 at 3:39 PM
>Subject: Re: [Xen-devel] [PATCH 0/5] VT-d support for PV guests
>To: Espen Skoglund <espen.skoglund@xxxxxxxxxxxxx>,
>xen-devel@xxxxxxxxxxxxxxxxxxx
>
>On 19/5/08 21:27, "Espen Skoglund" <espen.skoglund@xxxxxxxxxxxxx> wrote:
>
>> I've added some preliminary support for VT-d for paravirtualized
>> guests. This must be enabled using an 'iommu_pv' boot parameter
>> (disabled by default).
>>
>> I've added some python bindigs to allow xend to assign PCI devices to
>> IOMMU for PV guests. For HVM guests this is handled in ioemu. Not
>> sure if it makes sense to handle both cases in one place.
>>
>> The changes currently hook into get_page_type() in xen/arch/x86/mm.c
>> to map/unmap IOMMU pages when the page types change. This might
>> not be the apropriate place to hook these calls.
>What functionality does this patchset enable, Espen? Is this a security
>enhancement (isolation/containment) for PV guests with direct hardware
>access? For example: can access all its own memory except that which has
>pagetable/GDT type, and only foreign memory which is granted to it?
>
Yes to me. VTd support for PV guest can prevent one domain from accessing other
domains' pages without permission.
Thanks,
Xiaowei
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
|
|
|