[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Embedded-pv-devel] Driver domain under Xen

To: Julien Grall <julien.grall@xxxxxxxxxx>
From: Andrii Tseglytskyi <andrii.tseglytskyi@xxxxxxxxxxxxxxx>
Date: Fri, 23 Jan 2015 17:24:58 +0200
Cc: Lars Kurth <lars.kurth@xxxxxxxxxx>, Artem Mygaiev <artem.mygaiev@xxxxxxxxxxxxxxx>, Ian Campbell <Ian.Campbell@xxxxxxxxxx>, Stefano Stabellini <stefano.stabellini@xxxxxxxxxxxxx>, Andrii Anisov <andrii.anisov@xxxxxxxxxxxxxxx>, Julien Grall <julien.grall@xxxxxxxxxx>, Oleksandr Tyshchenko <oleksandr.tyshchenko@xxxxxxxxxxxxxxx>, embedded-pv-devel@xxxxxxxxxxxxxxxxxxxx, Stefano Stabellini <Stefano.Stabellini@xxxxxxxxxx>
Delivery-date: Fri, 23 Jan 2015 15:25:08 +0000
List-id: <embedded-pv-devel.lists.xenproject.org>

On Fri, Jan 23, 2015 at 5:21 PM, Julien Grall <julien.grall@xxxxxxxxxx> wrote:
> On 23/01/15 15:13, Andrii Tseglytskyi wrote:
>> Hi Julien,
>>
>> On Fri, Jan 23, 2015 at 5:01 PM, Julien Grall <julien.grall@xxxxxxxxxx> 
>> wrote:
>>> On 23/01/15 14:56, Andrii Tseglytskyi wrote:
>>>> Thank you for your interest. I hope we will upstream some of changes.
>>>> To make driver domain running we need to have it memory 1 to 1 mapped.
>>>> And we did some changes to have a possibility to map *any* domain 1 to
>>>> 1 if needed. This requires hypervisor + toolstack changes. This is the
>>>> best candidate for upstream as soon as it will be rewritten properly
>>>> :) Oleksandr Tyschenko is now working on this.
>>>
>>> I'm concerned about a such change in Xen upstream. Any device
>>> passthrough to a domain should be protected by IOMMU.
>>>
>>> Using the 1:1 mapping means you want to passthrough a non-protected
>>> device. So the driver domain could issue a DMA request to override any
>>> part of the memory (such as Xen or DOM0).
>>
>> Using DMA is an idea here. We don't have SMMU support on our platform.
>
> Without SMMU support, DMA request is unsafe. If someone break into the
> driver domain, it will be able to access the whole platform. You will
> have to trust the driver domain (like we do for DOM0).
>
> In general, any platform without SMMU/IOMMU support is not safe for any
> kind of device passthrough.
>

Agree with everything you are noticing. But as soon as we don't have a
SMMU - no way for us except trusting driver domain like dom0 and use
DMA + SWIOTLB as is.

> Regards,
>
> --
> Julien Grall



-- 

Andrii Tseglytskyi | Lead engineer
GlobalLogic
www.globallogic.com

_______________________________________________
Embedded-pv-devel mailing list
Embedded-pv-devel@xxxxxxxxxxxxxxxxxxxx
http://lists.xenproject.org/cgi-bin/mailman/listinfo/embedded-pv-devel

References:
- Re: [Embedded-pv-devel] Driver domain under Xen
  - From: Andrii Tseglytskyi
- Re: [Embedded-pv-devel] Driver domain under Xen
  - From: Julien Grall

Prev by Date: Re: [Embedded-pv-devel] Driver domain under Xen
Next by Date: Re: [Embedded-pv-devel] Driver domain under Xen
Previous by thread: Re: [Embedded-pv-devel] Driver domain under Xen
Next by thread: Re: [Embedded-pv-devel] Driver domain under Xen
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.