[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-users] Simple Query on PCI passthrough I/O
> Thanks a lot for all your responses - Chris, Mark and Joseph. They really > help me. > A few followup questions from your responses. > > > * ... unless you are using VT-d, in which case you can pass the PCI > > device to > > an HVM guest without that guest being able to stomp all over memory. > > Patches > > to support this for PV guests are in development but not done yet. > > I'm running a PV. Does this mean I wont be able to do pass through I/O? Under PV you can pass through IO. It just means that the guest with the passed-through card is as trusted as dom0. i.e. the guest with the PCI card can potentially read and write all memory in the machine, take control of anything, etc, if controlled by a sufficiently determined attacker. Dom0 already has this much power. Giving a domU a PCI device does not give it *permission* to do these things, so it's technically more limited than dom0. However, it can (in principle) abuse the PCI device to break the system and thereby get these powers. This is not a problem as long as you trust the administrator in the domU and it does not get hacked. Otherwise, it could try to escalate its privileges. Patches to limit PV guests using VT-d hardware where available have been reposted to the mailing list today, so that capability may be in the next Xen release. Not helpful to people without that hardware, sadly. > > * Don't try to xm pause, save or suspend the guest with the PCI card! > > Bad things may well happen ;-) You shouldn't pause a guest with a PCI card (or save or suspend it) because you might interrupt it whilst it's doing something important with the hardware. Potentially this can break your system. Migrating has the same problem but also the guest would be confused to arrive on another machine without the PCI device it was using, so it wouldn't be a good idea anyhow. Occasionally people have accidentally suspended a domU (the Xendomains init script does this on dom0 shutdown on some systems, for instance - it's worth making sure this won't happen!) that had a PCI device attached. This caused problems - most recently, I guy had dom0 lose access to the hard disk. The reason was that the guest was leaving an interrupt line masked when it shutdown - that interrupt line was shared with dom0's hard drive controller. Best to just assume that any domain with hardware access needs to either be running or shut down cleanly. xm destroy-ing one is possible but probably not recommended unless necessary, because similar problems could occur. This was never a problem on my own test machine but your mileage may vary on different hardware. > > > > * You need to be running a dom0 kernel in the guest with the PCI card. > > Whoa! I did not know this either. Again what are the reasons? Kindly let me > know. Regarding the kernel version. You don't necessarily need to be running the same kernel as dom0. But you do need to be running a dom0-capable kernel because domU-only kernels lack hardware support. Finally, I'll note that you can't run a really old kernel in a domU with PCI passthrough because the dom0 (aka privileged) interfaces were stabilised later on than the domU interfaces, so if your kernel is too old it may not work. Sorry if that all sounds horribly dire. Plenty of people have been using PCI passthrough on all sorts of systems for years now, quite happily. It's not like it's a highly dangerous activity. But it's one of the more technical aspects of Xen to set up and it's worth you knowing the various issues associated with deploying it. Cheers, Mark -- Push Me Pull You - Distributed SCM tool (http://www.cl.cam.ac.uk/~maw48/pmpu/) _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |