Re: [Xen-users] Simple Query on PCI passthrough I/O
> Thanks a lot for all your responses - Chris, Mark and Joseph. They really
> help me.
> A few followup questions from your responses.
> > * ... unless you are using VT-d, in which case you can pass the PCI
> > device to
> > an HVM guest without that guest being able to stomp all over memory.
> > Patches
> > to support this for PV guests are in development but not done yet.
> I'm running a PV. Does this mean I wont be able to do pass through I/O?
Under PV you can pass through IO. It just means that the guest with the
passed-through card is as trusted as dom0. i.e. the guest with the PCI card
can potentially read and write all memory in the machine, take control of
anything, etc, if controlled by a sufficiently determined attacker.
Dom0 already has this much power. Giving a domU a PCI device does not give it
*permission* to do these things, so it's technically more limited than dom0.
However, it can (in principle) abuse the PCI device to break the system and
thereby get these powers. This is not a problem as long as you trust the
administrator in the domU and it does not get hacked. Otherwise, it could
try to escalate its privileges.
Patches to limit PV guests using VT-d hardware where available have been
reposted to the mailing list today, so that capability may be in the next Xen
release. Not helpful to people without that hardware, sadly.
> > * Don't try to xm pause, save or suspend the guest with the PCI card!
> > Bad things may well happen ;-)
You shouldn't pause a guest with a PCI card (or save or suspend it) because
you might interrupt it whilst it's doing something important with the
hardware. Potentially this can break your system. Migrating has the same
problem but also the guest would be confused to arrive on another machine
without the PCI device it was using, so it wouldn't be a good idea anyhow.
Occasionally people have accidentally suspended a domU (the Xendomains init
script does this on dom0 shutdown on some systems, for instance - it's worth
making sure this won't happen!) that had a PCI device attached. This caused
problems - most recently, I guy had dom0 lose access to the hard disk. The
reason was that the guest was leaving an interrupt line masked when it
shutdown - that interrupt line was shared with dom0's hard drive controller.
Best to just assume that any domain with hardware access needs to either be
running or shut down cleanly. xm destroy-ing one is possible but probably
not recommended unless necessary, because similar problems could occur. This
was never a problem on my own test machine but your mileage may vary on
> > * You need to be running a dom0 kernel in the guest with the PCI card.
> Whoa! I did not know this either. Again what are the reasons? Kindly let me
Regarding the kernel version. You don't necessarily need to be running the
same kernel as dom0. But you do need to be running a dom0-capable kernel
because domU-only kernels lack hardware support.
Finally, I'll note that you can't run a really old kernel in a domU with PCI
passthrough because the dom0 (aka privileged) interfaces were stabilised
later on than the domU interfaces, so if your kernel is too old it may not
Sorry if that all sounds horribly dire. Plenty of people have been using PCI
passthrough on all sorts of systems for years now, quite happily. It's not
like it's a highly dangerous activity. But it's one of the more technical
aspects of Xen to set up and it's worth you knowing the various issues
associated with deploying it.
Push Me Pull You - Distributed SCM tool (http://www.cl.cam.ac.uk/~maw48/pmpu/)
Xen-users mailing list