[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH 3/3] xen: expose that grant table mappings update the IOMMU



On Tue, 2014-04-08 at 10:53 +0100, Jan Beulich wrote:
> >>> On 08.04.14 at 10:58, <Ian.Campbell@xxxxxxxxxx> wrote:
> > On Tue, 2014-04-08 at 09:56 +0100, Jan Beulich wrote:
> >> >>> On 08.04.14 at 10:34, <Ian.Campbell@xxxxxxxxxx> wrote:
> >> > On Mon, 2014-04-07 at 18:02 +0200, Roger Pau Monne wrote:
> >> >> Add a new XENFEAT_hvm_gntmap_supports_iommu that is used to check
> >> >> whether the hypervisor properly updates the IOMMU on auto-translated
> >> >> guests when doing a grant table map/unmap operation.
> >> > 
> >> > Is it the case on x86 that all devices are behind the IOMMU?
> > 
> > I suppose I should have said "all DMA capable devices" or some such.
> > 
> >> All PCI ones are. If someone passes through a device through
> >> raw MMIO/PIO/PIRQ ranges, then the IOMMU may or may not
> >> be involved. But I don't think we formally consider this model
> >> valid/supported/secure for HVM guests (and for PV guests it's
> >> insecure anyway, due to not requiring an IOMMU in the first
> >> place).
> > 
> > I was thinking of PVH dom0 here, which is the closest analogue to the
> > ARM model.
> > 
> > Sounds like it might suffer from the same shortcomings as ARM has to
> > deal with.
> 
> Except that on x86 there are hardly many DMA-capable non-PCI
> devices,

Sure.

> and even less one may want to consider passing through
> to a guest.

Again, PVH dom0 is my concern here. By default you would expect dom0 to
get given almost everything in the platform, including things which you
might not normally pass through to a guest.

Ian.


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.