[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] iommu=dom0-passthrough behavior

To: "Xiantao Zhang" <xiantao.zhang@xxxxxxxxx>, "Yang Z Zhang" <yang.z.zhang@xxxxxxxxx>
From: "Jan Beulich" <JBeulich@xxxxxxxx>
Date: Thu, 15 Nov 2012 09:05:33 +0000
Cc: "wei.huang2@xxxxxxx" <wei.huang2@xxxxxxx>, "weiwang.dd@xxxxxxxxx" <weiwang.dd@xxxxxxxxx>, xen-devel <xen-devel@xxxxxxxxxxxxx>
Delivery-date: Thu, 15 Nov 2012 09:05:52 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

>>> On 15.11.12 at 09:23, "Zhang, Xiantao" <xiantao.zhang@xxxxxxxxx> wrote:

> 
>> -----Original Message-----
>> From: Jan Beulich [mailto:JBeulich@xxxxxxxx]
>> Sent: Wednesday, November 14, 2012 9:40 PM
>> To: Zhang, Xiantao; Zhang, Yang Z
>> Cc: wei.huang2@xxxxxxx; weiwang.dd@xxxxxxxxx; xen-devel
>> Subject: RE: [Xen-devel] iommu=dom0-passthrough behavior
>> 
>> >>> On 14.11.12 at 01:37, "Zhang, Xiantao" <xiantao.zhang@xxxxxxxxx>
>> wrote:
>> >> >> c) we could provide a command line option to allow fake devices to
>> >> >>     be create
>> >> >
>> >> > Agree, this maybe a feasible solution I can figure out, so far.
>> >> >
>> >> >> d) we could create context entries for all BDFs, whether or not a
>> >> >>     device exists there
>> >> >
>> >> > As I said,  this maybe bring security issue. Even for the
>> >> > iommu-passthrough option,  it is also not suggested to be used if
>> >> > security
>> > is
>> >> considered.
>> >>
>> >> As said - it is clear that the basic thing here (using
>> >> "iommu=dom0-passthrough") is already weakening security. So security
>> >> isn't the concern in this discussion, that's left to whoever is
>> >> intending to use
>> > that
>> >> option.
>> >
>> > Okay,  I vote your option C if don't care security.
>> 
>> Which, if I'm not mistaken, could be implemented entirely independent of
>> "iommu=dom0-passthrough". I'll see if that helps on the offending system.
> 
> I mean this one: 
>>>c) we could provide a command line option to allow fake devices to be create
> 
> Yes,  I don't think "iommu=dom0-passthrough" can meet your requirement.
>  We had better add a cmd line option to  pass the related information to 
> hypervisor and VT-d can create 
> the pass-through context entry  for the undetectable device.  

You misunderstood: What I was saying (and seeking confirmation)
is that I don't think the new command line option would need to
have any connection to the existing, non-suitable one. In
particular, for it to take effect, "iommu=dom0-passthrough"
wouldn't need to be specified at all.

Jan


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

Follow-Ups:
- Re: [Xen-devel] iommu=dom0-passthrough behavior
  - From: Zhang, Xiantao

References:
- [Xen-devel] iommu=dom0-passthrough behavior
  - From: Jan Beulich
- Re: [Xen-devel] iommu=dom0-passthrough behavior
  - From: Zhang, Yang Z
- Re: [Xen-devel] iommu=dom0-passthrough behavior
  - From: Jan Beulich
- Re: [Xen-devel] iommu=dom0-passthrough behavior
  - From: Zhang, Xiantao
- Re: [Xen-devel] iommu=dom0-passthrough behavior
  - From: Jan Beulich
- Re: [Xen-devel] iommu=dom0-passthrough behavior
  - From: Zhang, Yang Z
- Re: [Xen-devel] iommu=dom0-passthrough behavior
  - From: Jan Beulich
- Re: [Xen-devel] iommu=dom0-passthrough behavior
  - From: Zhang, Xiantao
- Re: [Xen-devel] iommu=dom0-passthrough behavior
  - From: Jan Beulich
- Re: [Xen-devel] iommu=dom0-passthrough behavior
  - From: Zhang, Xiantao
- Re: [Xen-devel] iommu=dom0-passthrough behavior
  - From: Jan Beulich
- Re: [Xen-devel] iommu=dom0-passthrough behavior
  - From: Zhang, Xiantao

Prev by Date: Re: [Xen-devel] [PATCH 0/4] Implement persistent grant in xen-netfront/netback
Next by Date: Re: [Xen-devel] [PATCH 1/4] xen/netback: implements persistent grant with one page pool.
Previous by thread: Re: [Xen-devel] iommu=dom0-passthrough behavior
Next by thread: Re: [Xen-devel] iommu=dom0-passthrough behavior
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.