[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] feature suggestion: DMAR table emulation for Xen

On 05/14/2010 12:48 PM, Keir Fraser wrote:
> On 14/05/2010 11:15, "Joanna Rutkowska" <joanna@xxxxxxxxxxxxxxxxxxxxxx>
> wrote:
>>> Yeah, actually the integrated graphics can implement all sorts of dirty
>>> tricks between OS driver, video BIOS, and SMM. This can rely on fixed memory
>>> areas for communication -- both for host accesses and DMA, the latter
>>> requiring RMRR setup. Maybe the RMRRs are static per-chipset, but I wouldn't
>>> be too sure of it.
>> Hmmm... Shouldn't this affect only (and potentially) the text mode
>> display? I would expect that once Dom0 Linux takes over, it would be
>> using its own IGD driver that is VT-d aware and is not on the mercy of
>> the evil BIOS?
> Well, if you do not pass through the IGD to a domU then the issue is moot.
> Dom0 gets an all-inclusive mapping below 4GB, which should be a superset of
> anything the RMRRs would specify. It's when passing through to a domU that
> the RMRRs matter, especially if you pass through as the primary adaptor and
> hence re-execute the video BIOS in domU context.

Well, we don't do graphics passthrough in Qubes, mostly for two reasons:

1) We believe users prefer seamless integration of all apps onto one
desktop (and that requires only one domain, e.g. Dom0, to have access to
the graphics card),

2) Giving a potentially untrusted domain full access to the graphics
device creates a potential security risk. In fact, you cannot make such
an architecture secure without using TXT (yes, TXT in addition to VT-d).

Do you do IGD passthrough in Xen Client?


Attachment: signature.asc
Description: OpenPGP digital signature

Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.