Xen project Mailing List

RE: [Xen-devel] Can I expose a pci device to HVM domU?

To: "Mark Williamson" <mark.williamson@xxxxxxxxxxxx>, <xen-devel@xxxxxxxxxxxxxxxxxxx>

From: "Caitlin Bestler" <Caitlin.Bestler@xxxxxxxxxxxx>

Date: Thu, 21 Feb 2008 12:45:07 -0500

Delivery-date: Fri, 22 Feb 2008 07:46:38 -0800

List-id: Xen developer discussion <xen-devel.lists.xensource.com>

Thread-index: Ach0LfItWSwlDNDkQkCqT0qPAsRiXAAgekMg

Thread-topic: [Xen-devel] Can I expose a pci device to HVM domU?

> -----Original Message----- > From: M.A. Williamson [mailto:maw48@xxxxxxxxxxxxxxxx] On Behalf Of Mark > Williamson > Sent: Wednesday, February 20, 2008 6:03 PM > To: xen-devel@xxxxxxxxxxxxxxxxxxx > Cc: Caitlin Bestler; pradeep singh rautela > Subject: Re: [Xen-devel] Can I expose a pci device to HVM domU? > > > > Can i assign a PCI device(e.g a NIC) exclusively to a Linux HVM > > > domainU after hiding it from domain 0? > > > > > > I know that only PV guests are the best candidates for this but I > > > still want to ask, hoping someone might have done some work in > latest > > > xen-unstable. > > > > > > Is there any known way to do this? > > > > > > PS:- NIC Is does not have Intel's VT-d. > > > > If the Guest is HVM, how would it know how to give usable > > DMA addresses to the NIC? (Whether it should be trusted to > > in the absence of an Address Translation Service is the next > > question, but first is whether it could even do it at all). > > > > A PV Guest, by contrast, would know the distinction between > > GPAs and SPAs (not that it makes it any more trustworthy). > > Guys from Neocleus (I think) have been working on making PCI > passthrough to HVM guests happen, without using an IOMMU. > There is code out there that these guys have released. > It's a clever bit of lateral thinking that makes this > possible :-) > Ultimately *some* form of Address Translation Service is required. Stacking the deck so that a null translation works is still a form of Address Translation Service. Translating work requests in a backend driver is also an Address Translation Service. I see no problem of embracing multiple Address Translation solutions, as long as the caveats with each are clear and unambiguous. But I think it would be a mistake for a Hypervisor to take extra steps to facilitate solutions that do not provide the full equivalent of a PCI-SIG defined IOMMU. In this case, I would not recommend taking extra steps to enable direct access to a NIC from an HVM Guest. Trusting a guest to refrain from accessing memory it does not own is a major act of faith that is rarely justified, but an HVM Guest would not even understand what it has been entrusted with. That sounds very risky to me.

_______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.