WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-devel] [PATCH 0/5] VT-d support for PV guests

from [Espen Skoglund] [Permanent Link][Original]
To: Keir Fraser <keir.fraser@xxxxxxxxxxxxx>
Subject: Re: [Xen-devel] [PATCH 0/5] VT-d support for PV guests
From: Espen Skoglund <espen.skoglund@xxxxxxxxxxxxx>
Date: Tue, 20 May 2008 11:43:08 +0100
Cc: xen-devel@xxxxxxxxxxxxxxxxxxx, Espen Skoglund <espen.skoglund@xxxxxxxxxxxxx>
Delivery-date: Tue, 20 May 2008 03:44:24 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <C4583ED4.18C1B%keir.fraser@xxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <18481.58026.284129.700801@xxxxxxxxxxxxxxxxxx> <C4583ED4.18C1B%keir.fraser@xxxxxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx 
[Keir Fraser]
> On 19/5/08 21:27, "Espen Skoglund" <espen.skoglund@xxxxxxxxxxxxx> wrote:
>> I've added some preliminary support for VT-d for paravirtualized
>> guests.  This must be enabled using an 'iommu_pv' boot parameter
>> (disabled by default).
>> 
>> I've added some python bindigs to allow xend to assign PCI devices to
>> IOMMU for PV guests.  For HVM guests this is handled in ioemu.  Not
>> sure if it makes sense to handle both cases in one place.
>> 
>> The changes currently hook into get_page_type() in xen/arch/x86/mm.c
>> to map/unmap IOMMU pages when the page types change.  This might
>> not be the apropriate place to hook these calls.

> What functionality does this patchset enable, Espen? Is this a
> security enhancement (isolation/containment) for PV guests with
> direct hardware access? For example: can access all its own memory
> except that which has pagetable/GDT type, and only foreign memory
> which is granted to it?

> Is there a good reason to hide this behind a boot option?

The patchset does, as you guessed, enable isolation for PV guests with
direct hardware access.  If you assign a PCI device to a guest you are
guaranteed that the assigned device can't access the memory of other
guests or Xen itself.  The patchseet allows the device to access all
its own memory which it has write access to, and memory which is
granted to it.

The only reason for making it a boot option was to allow for the old
behaviour (i.e., complete access) to be the default behaviour until
people get more confident with the patches.

        eSk



_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  No test, No class, buy yourself Bacheelor/MasteerMBA/Doctoraate dip1omas, VALID in all countries orfwv 4hi, Tamiko Ruthie
Next by Date:  Re: [Xen-devel] [PATCH 0/5] VT-d support for PV guests, Keir Fraser
Previous by Thread:  Re: [Xen-devel] [PATCH 0/5] VT-d support for PV guests, Keir Fraser
Next by Thread:  Re: [Xen-devel] [PATCH 0/5] VT-d support for PV guests, Keir Fraser
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy