[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Embedded-pv-devel] Driver domain under Xen



On Fri, Jan 23, 2015 at 5:21 PM, Julien Grall <julien.grall@xxxxxxxxxx> wrote:
> On 23/01/15 15:13, Andrii Tseglytskyi wrote:
>> Hi Julien,
>>
>> On Fri, Jan 23, 2015 at 5:01 PM, Julien Grall <julien.grall@xxxxxxxxxx> 
>> wrote:
>>> On 23/01/15 14:56, Andrii Tseglytskyi wrote:
>>>> Thank you for your interest. I hope we will upstream some of changes.
>>>> To make driver domain running we need to have it memory 1 to 1 mapped.
>>>> And we did some changes to have a possibility to map *any* domain 1 to
>>>> 1 if needed. This requires hypervisor + toolstack changes. This is the
>>>> best candidate for upstream as soon as it will be rewritten properly
>>>> :) Oleksandr Tyschenko is now working on this.
>>>
>>> I'm concerned about a such change in Xen upstream. Any device
>>> passthrough to a domain should be protected by IOMMU.
>>>
>>> Using the 1:1 mapping means you want to passthrough a non-protected
>>> device. So the driver domain could issue a DMA request to override any
>>> part of the memory (such as Xen or DOM0).
>>
>> Using DMA is an idea here. We don't have SMMU support on our platform.
>
> Without SMMU support, DMA request is unsafe. If someone break into the
> driver domain, it will be able to access the whole platform. You will
> have to trust the driver domain (like we do for DOM0).
>
> In general, any platform without SMMU/IOMMU support is not safe for any
> kind of device passthrough.
>

Agree with everything you are noticing. But as soon as we don't have a
SMMU - no way for us except trusting driver domain like dom0 and use
DMA + SWIOTLB as is.

> Regards,
>
> --
> Julien Grall



-- 

Andrii Tseglytskyi | Lead engineer
GlobalLogic
www.globallogic.com

_______________________________________________
Embedded-pv-devel mailing list
Embedded-pv-devel@xxxxxxxxxxxxxxxxxxxx
http://lists.xenproject.org/cgi-bin/mailman/listinfo/embedded-pv-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.