[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Discussion about virtual iommu support for Xen guest

To: Stefano Stabellini <sstabellini@xxxxxxxxxx>
From: "Tian, Kevin" <kevin.tian@xxxxxxxxx>
Date: Wed, 8 Jun 2016 08:11:06 +0000
Accept-language: en-US
Cc: "Lan, Tianyu" <tianyu.lan@xxxxxxxxx>, "yang.zhang.wz@xxxxxxxxx" <yang.zhang.wz@xxxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxx>, "jbeulich@xxxxxxxx" <jbeulich@xxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, "Dong, Eddie" <eddie.dong@xxxxxxxxx>, "Nakajima, Jun" <jun.nakajima@xxxxxxxxx>, "anthony.perard@xxxxxxxxxx" <anthony.perard@xxxxxxxxxx>, "ian.jackson@xxxxxxxxxxxxx" <ian.jackson@xxxxxxxxxxxxx>, Roger Pau Monne <roger.pau@xxxxxxxxxx>
Delivery-date: Wed, 08 Jun 2016 08:11:17 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>
Thread-index: AQHRvN/jV7s2nYK/LEeoYcRc2LHRWp/WAboAgAFq2hD//9G5AIAAOKaAgAXiNJD//++oAIAB8uFg
Thread-topic: [Xen-devel] Discussion about virtual iommu support for Xen guest

> From: Stefano Stabellini [mailto:sstabellini@xxxxxxxxxx]
> Sent: Tuesday, June 07, 2016 6:07 PM
> 
> On Tue, 7 Jun 2016, Tian, Kevin wrote:
> > > I think of QEMU as a provider of complex, high level emulators, such as
> > > the e1000, Cirrus VGA, SCSI controllers, etc., which don't necessarily
> > > need to be fast.
> >
> > Earlier you said Qemu imposes security issues. Here you said Qemu can
> > still provide complex emulators. Does it mean that security issue in Qemu
> > simply comes from the part which should be moved into Xen? Any
> > elaboration here?
> 
> It imposes security issues because, although it doesn't have to run as
> root anymore, QEMU still has to run with fully privileged libxc and
> xenstore handles. In other words, a malicious guest breaking into QEMU
> would have relatively easy access to the whole host. There is a design
> to solve this, see Ian Jackson's talk at FOSDEM this year:
> 
> https://fosdem.org/2016/schedule/event/virt_iaas_qemu_for_xen_secure_by_default/
> https://fosdem.org/2016/schedule/event/virt_iaas_qemu_for_xen_secure_by_default/a
> ttachments/other/921/export/events/attachments/virt_iaas_qemu_for_xen_secure_by_
> default/other/921/talk.txt
> 
> Other solutions to solve this issue are stubdoms or simply using PV
> guests and HVMlite guests only.
> 
> Irrespective of the problematic security angle, which is unsolved, I
> think of QEMU as a provider of complex emulators, as I wrote above.
> 
> Does it make sense?

It makes sense... I thought you used this security issue against placing 
vIOMMU in Qemu, which made me a bit confused earlier. :-)

We are still thinking feasibility of some staging plan, e.g. first implementing
some vIOMMU features w/o dependency on root-complex in Xen (HVM only)
and then later enabling full vIOMMU feature w/ root-complex in Xen (covering 
HVMLite). If we can reuse most code between two stages while shorten 
time-to-market by half (e.g. from 2yr to 1yr), it's still worthy of pursuing.
will report back soon once the idea is consolidated...

Thanks
Kevin

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

Follow-Ups:
- Re: [Xen-devel] Discussion about virtual iommu support for Xen guest
  - From: Lan, Tianyu

References:
- Re: [Xen-devel] Discussion about virtual iommu support for Xen guest
  - From: Lan, Tianyu
- Re: [Xen-devel] Discussion about virtual iommu support for Xen guest
  - From: Andrew Cooper
- Re: [Xen-devel] Discussion about virtual iommu support for Xen guest
  - From: Tian, Kevin
- Re: [Xen-devel] Discussion about virtual iommu support for Xen guest
  - From: Andrew Cooper
- Re: [Xen-devel] Discussion about virtual iommu support for Xen guest
  - From: Stefano Stabellini
- Re: [Xen-devel] Discussion about virtual iommu support for Xen guest
  - From: Tian, Kevin
- Re: [Xen-devel] Discussion about virtual iommu support for Xen guest
  - From: Stefano Stabellini

Prev by Date: Re: [Xen-devel] [RFC v2] xen/arm: build: add missed dependency for head.S [and 1 more messages]
Next by Date: Re: [Xen-devel] [PATCH for-4.7 1/1] xen/arm: Rename map_regions_rw_cache and use p2m.default_access
Previous by thread: Re: [Xen-devel] Discussion about virtual iommu support for Xen guest
Next by thread: Re: [Xen-devel] Discussion about virtual iommu support for Xen guest
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.