|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] iommu=dom0-passthrough behavior
> -----Original Message----- > From: Jan Beulich [mailto:JBeulich@xxxxxxxx] > Sent: Wednesday, November 14, 2012 9:40 PM > To: Zhang, Xiantao; Zhang, Yang Z > Cc: wei.huang2@xxxxxxx; weiwang.dd@xxxxxxxxx; xen-devel > Subject: RE: [Xen-devel] iommu=dom0-passthrough behavior > > >>> On 14.11.12 at 01:37, "Zhang, Xiantao" <xiantao.zhang@xxxxxxxxx> > wrote: > >> >> c) we could provide a command line option to allow fake devices to > >> >> be create > >> > > >> > Agree, this maybe a feasible solution I can figure out, so far. > >> > > >> >> d) we could create context entries for all BDFs, whether or not a > >> >> device exists there > >> > > >> > As I said, this maybe bring security issue. Even for the > >> > iommu-passthrough option, it is also not suggested to be used if > >> > security > > is > >> considered. > >> > >> As said - it is clear that the basic thing here (using > >> "iommu=dom0-passthrough") is already weakening security. So security > >> isn't the concern in this discussion, that's left to whoever is > >> intending to use > > that > >> option. > > > > Okay, I vote your option C if don't care security. > > Which, if I'm not mistaken, could be implemented entirely independent of > "iommu=dom0-passthrough". I'll see if that helps on the offending system. I mean this one: >>c) we could provide a command line option to allow fake devices to be create Yes, I don't think "iommu=dom0-passthrough" can meet your requirement. We had better add a cmd line option to pass the related information to hypervisor and VT-d can create the pass-through context entry for the undetectable device. _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |