[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] iommu=dom0-passthrough behavior

>>> On 14.11.12 at 01:37, "Zhang, Xiantao" <xiantao.zhang@xxxxxxxxx> wrote:
>> >> c) we could provide a command line option to allow fake devices to
>> >>     be create
>> >
>> > Agree, this maybe a feasible solution I can figure out, so far.
>> >
>> >> d) we could create context entries for all BDFs, whether or not a
>> >>     device exists there
>> >
>> > As I said,  this maybe bring security issue. Even for the
>> > iommu-passthrough option,  it is also not suggested to be used if security 
> is
>> considered.
>> As said - it is clear that the basic thing here (using
>> "iommu=dom0-passthrough") is already weakening security. So security isn't
>> the concern in this discussion, that's left to whoever is intending to use 
> that
>> option.
> Okay,  I vote your option C if don't care security. 

Which, if I'm not mistaken, could be implemented entirely
independent of "iommu=dom0-passthrough". I'll see if that
helps on the offending system.


Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.