[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH 3/3] xen: expose that grant table mappings update the IOMMU



>>> On 08.04.14 at 10:58, <Ian.Campbell@xxxxxxxxxx> wrote:
> On Tue, 2014-04-08 at 09:56 +0100, Jan Beulich wrote:
>> >>> On 08.04.14 at 10:34, <Ian.Campbell@xxxxxxxxxx> wrote:
>> > On Mon, 2014-04-07 at 18:02 +0200, Roger Pau Monne wrote:
>> >> Add a new XENFEAT_hvm_gntmap_supports_iommu that is used to check
>> >> whether the hypervisor properly updates the IOMMU on auto-translated
>> >> guests when doing a grant table map/unmap operation.
>> > 
>> > Is it the case on x86 that all devices are behind the IOMMU?
> 
> I suppose I should have said "all DMA capable devices" or some such.
> 
>> All PCI ones are. If someone passes through a device through
>> raw MMIO/PIO/PIRQ ranges, then the IOMMU may or may not
>> be involved. But I don't think we formally consider this model
>> valid/supported/secure for HVM guests (and for PV guests it's
>> insecure anyway, due to not requiring an IOMMU in the first
>> place).
> 
> I was thinking of PVH dom0 here, which is the closest analogue to the
> ARM model.
> 
> Sounds like it might suffer from the same shortcomings as ARM has to
> deal with.

Except that on x86 there are hardly many DMA-capable non-PCI
devices, and even less one may want to consider passing through
to a guest.

Jan


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.