Xen project Mailing List

Re: [Xen-devel] [Hackathon minutes] PV network improvements

From: Ian Campbell <Ian.Campbell@xxxxxxxxxx>

Date: Tue, 21 May 2013 09:22:35 +0100

Cc: George Dunlap <George.Dunlap@xxxxxxxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxx>, Stefano Stabellini <stefano.stabellini@xxxxxxxxxxxxx>

Delivery-date: Tue, 21 May 2013 08:22:53 +0000

List-id: Xen developer discussion <xen-devel.lists.xen.org>

On Mon, 2013-05-20 at 19:33 +0100, Wei Liu wrote: > On Mon, May 20, 2013 at 03:49:32PM +0100, George Dunlap wrote: > [...] > > > J) Map the whole physical memory of the machine in dom0 > > > If mapping/unmapping or copying slows us down, could we just keep the > > > whole physical memory of the machine mapped in dom0 (with corresponding > > > IOMMU entries)? > > > At that point the frontend could just pass mfn numbers to the backend, > > > and the backend would already have them mapped. > > > >From a security perspective it doesn't change anything when running > > > the backend in dom0, because dom0 is already capable of mapping random > > > pages of any guests. QEMU instances do that all the time. > > > But it would take away one of the benefits of deploying driver domains: > > > we wouldn't be able to run the backends at a lower privilege level. > > > However it might still be worth considering as an option? The backend is > > > still trusted and protected from the frontend, but the frontend wouldn't > > > be protected from the backend. > > > > What's missing from this was my side of the discussion: > > > > I was saying that if TLB flushes from grant-unmap is indeed the > > problem, then maybe we could have the *front-end* in charge of > > requesting a TLB flush for its pages. The strict TLB flushing is to > > protect a frontend from rogue back-ends from reading sensitive data; > > if the front-end were willing to just not use the pages for a short > > amount of time, and issue a flush say every second or so, that would > > reduce the TLB flushes greatly while maintaining the safety advantages > > of driver domains. > > > > I'm not sure I get what you mean here. Are you saying DomU flushes > Dom0's TLB entries? The gnt_unmap made by dom0 needs to flush the TLB of any physical processor which may have seen the mapping, which means approximately all dom0 vcpus. _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.