On Fri, Feb 26, 2010 at 11:29:22PM +0100, Jan ?eš?ut wrote:
> As I read XEN supports assigning a pci device to an unprivileged domain
> without hardware supporting it. Has anyone already tried it? Are there any
> security risks? If I understand correctly how PCI passthrough works the
> performance should be the same as using the pci device in native mode. Is
> it so? I have a PCI video card which would like to use inside a VM running
> Windows XP.
>
Xen supports PCI passthrough to _PV_ (paravirtual) guests without VT-d,
and has actually supported that for years. There are some potential security
risks in this, since the PV guest gets full DMA control of the PCI device
and could use it for malicious purposes.
Xen PCI passthrough to HVM guests (=Windows) requires VT-d hardware support.
Also, PCI passthrough of a VGA/video card is not as simple as PCI passthrough
of other cards (nic, disk controller, usb controller).
VGA has lots of legacy stuff related to it, some memory ranges, IO ports, VGA
BIOS,
etc that have to be 'passed through' aswell, and emulated.
Xen 4.0.0 will have PCI passthrough support of primary VGA adapters, but it
requires
VT-d support as stated already earlier.
-- Pasi
ps. There is actually a hack/patch available that allows PCI passthrough to HVM
guest
without VT-d, but that only works for the _first_ started HVM guest, and it's
experimental
and not supported in any way. iirc the patch is available in xen-devel archives.
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
|
Home