[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v3 12/13] xen/arm: Add the property "protected-devices" in the hypervisor node

To: Julien Grall <julien.grall@xxxxxxxxxx>
From: Ian Campbell <Ian.Campbell@xxxxxxxxxx>
Date: Fri, 4 Apr 2014 11:48:01 +0100
Cc: xen-devel@xxxxxxxxxxxxxxxxxxxx, tim@xxxxxxx, stefano.stabellini@xxxxxxxxxx
Delivery-date: Fri, 04 Apr 2014 10:48:35 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

On Fri, 2014-04-04 at 11:39 +0100, Julien Grall wrote:
> On 04/04/2014 11:28 AM, Ian Campbell wrote:
> > On Fri, 2014-04-04 at 11:25 +0100, Julien Grall wrote:
> >> On 04/04/2014 10:40 AM, Ian Campbell wrote:
> >>
> >>> We really need to be able to manage this transition in a compatible way,
> >>> that means new kernels working on old hypervisors as well as old kernels
> >>> working on new hypervisors (it's obviously fine for this case to bounce
> >>> when it doesn't need to).
> >>
> >> It's not possible because a same platform can have both protected and
> >> non-protected devices. The Linux has to know in some way if the DMA has
> >> to be program with IPA or PA.
> > 
> > Then there must be a negotiation between Xen and the Linux kernel so Xen
> > can know which case to apply.
> > 
> > e.g. if the kernel does not advertise support for protected devices then
> > Xen must act as if no IOMMU was present.
> 
> How the kernel can say "I'm supporting IOMMU"? New hypercall?

On x86 we use the ELF notes to communicate it at build time. We don't
currently have a similar mechanism under ARM but perhaps we need to
invent one now.

There is also __HYPERVISOR_vm_assist which is/was used on PV x86 to
signal these sorts of things, if its not too late.

> Xen has to program the IOMMU quite early (e.g before Linux is booting
> and use the protected device).

In that case an ELF note type solution might be the only option.

However, since this stuff only comes to matter when the guest comes to
do grant mapping it might be that we can defer until runtime and require
that a modern kernel calls vm_assist before making any grant calls. If
it doesn't then it is assumed to be unable to cope with the iommu.

> Backporting my patch series to support protected devices is not a big
> deal. What about disabling IOMMU by default on ARM until a good support
> is made in Linux?

I'd rather avoid this if at all possible, upgrading Xen is not supposed
to require new dom0 kernel features and it is hard to describe "support
for protected devices" as a bug fix.

Ian.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

Follow-Ups:
- Re: [Xen-devel] [PATCH v3 12/13] xen/arm: Add the property "protected-devices" in the hypervisor node
  - From: Julien Grall

References:
- Re: [Xen-devel] [PATCH v3 12/13] xen/arm: Add the property "protected-devices" in the hypervisor node
  - From: Julien Grall
- Re: [Xen-devel] [PATCH v3 12/13] xen/arm: Add the property "protected-devices" in the hypervisor node
  - From: Ian Campbell
- Re: [Xen-devel] [PATCH v3 12/13] xen/arm: Add the property "protected-devices" in the hypervisor node
  - From: Julien Grall
- Re: [Xen-devel] [PATCH v3 12/13] xen/arm: Add the property "protected-devices" in the hypervisor node
  - From: Ian Campbell
- Re: [Xen-devel] [PATCH v3 12/13] xen/arm: Add the property "protected-devices" in the hypervisor node
  - From: Julien Grall

Prev by Date: Re: [Xen-devel] [PATCH v3 12/13] xen/arm: Add the property "protected-devices" in the hypervisor node
Next by Date: Re: [Xen-devel] [PATCH v2] libxl: Implement basic video device selection
Previous by thread: Re: [Xen-devel] [PATCH v3 12/13] xen/arm: Add the property "protected-devices" in the hypervisor node
Next by thread: Re: [Xen-devel] [PATCH v3 12/13] xen/arm: Add the property "protected-devices" in the hypervisor node
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.