[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] iommu=dom0-passthrough behavior




> -----Original Message-----
> From: Jan Beulich [mailto:JBeulich@xxxxxxxx]
> Sent: Wednesday, November 14, 2012 9:40 PM
> To: Zhang, Xiantao; Zhang, Yang Z
> Cc: wei.huang2@xxxxxxx; weiwang.dd@xxxxxxxxx; xen-devel
> Subject: RE: [Xen-devel] iommu=dom0-passthrough behavior
> 
> >>> On 14.11.12 at 01:37, "Zhang, Xiantao" <xiantao.zhang@xxxxxxxxx>
> wrote:
> >> >> c) we could provide a command line option to allow fake devices to
> >> >>     be create
> >> >
> >> > Agree, this maybe a feasible solution I can figure out, so far.
> >> >
> >> >> d) we could create context entries for all BDFs, whether or not a
> >> >>     device exists there
> >> >
> >> > As I said,  this maybe bring security issue. Even for the
> >> > iommu-passthrough option,  it is also not suggested to be used if
> >> > security
> > is
> >> considered.
> >>
> >> As said - it is clear that the basic thing here (using
> >> "iommu=dom0-passthrough") is already weakening security. So security
> >> isn't the concern in this discussion, that's left to whoever is
> >> intending to use
> > that
> >> option.
> >
> > Okay,  I vote your option C if don't care security.
> 
> Which, if I'm not mistaken, could be implemented entirely independent of
> "iommu=dom0-passthrough". I'll see if that helps on the offending system.

I mean this one: 
>>c) we could provide a command line option to allow fake devices to be create

Yes,  I don't think "iommu=dom0-passthrough" can meet your requirement.
 We had better add a cmd line option to  pass the related information to 
hypervisor and VT-d can create 
the pass-through context entry  for the undetectable device.  


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.