|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Embedded-pv-devel] Driver domain under Xen
On 23/01/15 15:13, Andrii Tseglytskyi wrote: > Hi Julien, > > On Fri, Jan 23, 2015 at 5:01 PM, Julien Grall <julien.grall@xxxxxxxxxx> wrote: >> On 23/01/15 14:56, Andrii Tseglytskyi wrote: >>> Thank you for your interest. I hope we will upstream some of changes. >>> To make driver domain running we need to have it memory 1 to 1 mapped. >>> And we did some changes to have a possibility to map *any* domain 1 to >>> 1 if needed. This requires hypervisor + toolstack changes. This is the >>> best candidate for upstream as soon as it will be rewritten properly >>> :) Oleksandr Tyschenko is now working on this. >> >> I'm concerned about a such change in Xen upstream. Any device >> passthrough to a domain should be protected by IOMMU. >> >> Using the 1:1 mapping means you want to passthrough a non-protected >> device. So the driver domain could issue a DMA request to override any >> part of the memory (such as Xen or DOM0). > > Using DMA is an idea here. We don't have SMMU support on our platform. Without SMMU support, DMA request is unsafe. If someone break into the driver domain, it will be able to access the whole platform. You will have to trust the driver domain (like we do for DOM0). In general, any platform without SMMU/IOMMU support is not safe for any kind of device passthrough. Regards, -- Julien Grall _______________________________________________ Embedded-pv-devel mailing list Embedded-pv-devel@xxxxxxxxxxxxxxxxxxxx http://lists.xenproject.org/cgi-bin/mailman/listinfo/embedded-pv-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |