[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v3 08/17] SUPPORT.md: Add x86-specific virtual hardware

On 11/27/2017 03:12 PM, Anthony PERARD wrote:
> On Wed, Nov 22, 2017 at 07:20:15PM +0000, George Dunlap wrote:
>> x86-specific virtual hardware provided by the hypervisor, toolstack,
>> or QEMU.
>>
>> Signed-off-by: George Dunlap <george.dunlap@xxxxxxxxxx>
>> ---
>> Changes since v2:
>> - Updated Nested PV / HVM sections
>> - Removed AVX section
>> - EFI -> OVMF
>>
>> Changes since v1:
>> - Added emulated QEMU support, to replace docs/misc/qemu-xen-security.
>>
>> Need to figure out what to do with the "backing storage image format"
>> section of that document.
>>
>> CC: Ian Jackson <ian.jackson@xxxxxxxxxx>
>> CC: Wei Liu <wei.liu2@xxxxxxxxxx>
>> CC: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
>> CC: Jan Beulich <jbeulich@xxxxxxxx>
>> CC: Stefano Stabellini <sstabellini@xxxxxxxxxx>
>> CC: Konrad Wilk <konrad.wilk@xxxxxxxxxx>
>> CC: Tim Deegan <tim@xxxxxxx>
>> CC: Roger Pau Monne <roger.pau@xxxxxxxxxx>
>> CC: Anthony Perard <anthony.perard@xxxxxxxxxx>
>> CC: Paul Durrant <paul.durrant@xxxxxxxxxx>
>> ---
>>  SUPPORT.md | 105 
>> +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>>  1 file changed, 105 insertions(+)
>>
>> diff --git a/SUPPORT.md b/SUPPORT.md
>> index 96c381fb55..98ed18098a 100644
>> --- a/SUPPORT.md
>> +++ b/SUPPORT.md
>> @@ -373,6 +373,111 @@ but has no xl support.
>>  
>>      Status: Supported
>>  
>> +## Virtual Hardware, Hypervisor
>> +
>> +### x86/Nested PV
>> +
>> +    Status, x86 Xen HVM: Tech Preview
>> +
>> +This means running a Xen hypervisor inside an HVM domain on a Xen system,
>> +with support for PV L2 guests only
>> +(i.e., hardware virtualization extensions not provided
>> +to the guest).
>> +
>> +This works, but has performance limitations
>> +because the L1 dom0 can only access emulated L1 devices.
>> +
>> +Xen may also run inside other hypervisors (KVM, Hyper-V, VMWare),
>> +but nobody has reported on performance.
>> +
>> +### x86/Nested HVM
>> +
>> +    Status, x86 HVM: Experimental
>> +
>> +This means providing hardware virtulatization support to guest VMs
>> +allowing, for instance, a nested Xen to support both PV and HVM guests.
>> +It also implies support for other hypervisors,
>> +such as KVM, Hyper-V, Bromium, and so on as guests.
>> +
>> +### vPMU
>> +
>> +    Status, x86: Supported, Not security supported
>> +
>> +Virtual Performance Management Unit for HVM guests
>> +
>> +Disabled by default (enable with hypervisor command line option).
>> +This feature is not security supported: see 
>> http://xenbits.xen.org/xsa/advisory-163.html
>> +
>> +## Virtual Hardware, QEMU
>> +
>> +These are devices available in HVM mode using a qemu devicemodel (the 
>> default).
>> +Note that other devices are available but not security supported.
>> +
>> +### x86/Emulated platform devices (QEMU):
>> +
>> +    Status, piix3: Supported
>> +
>> +### x86/Emulated network (QEMU):
>> +
>> +    Status, e1000: Supported
>> +    Status, rtl8193: Supported
>> +    Status, virtio-net: Supported
>> +
>> +### x86/Emulated storage (QEMU):
>> +
>> +    Status, piix3 ide: Supported
>> +    Status, ahci: Supported
>> +
>> +### x86/Emulated graphics (QEMU):
>> +
>> +    Status, cirrus-vga: Supported
>> +    Status, stgvga: Supported
>> +
>> +### x86/Emulated audio (QEMU):
>> +
>> +    Status, sb16: Supported
>> +    Status, es1370: Supported
>> +    Status, ac97: Supported
>> +
>> +### x86/Emulated input (QEMU):
>> +
>> +    Status, usbmouse: Supported
>> +    Status, usbtablet: Supported
>> +    Status, ps/2 keyboard: Supported
>> +    Status, ps/2 mouse: Supported
>> +
>> +### x86/Emulated serial card (QEMU):
>> +
>> +    Status, UART 16550A: Supported
>> +
>> +### x86/Host USB passthrough (QEMU):
>> +
>> +    Status: Supported, not security supported
>> +
>> +## Virtual Firmware
>> +
>> +### x86/HVM iPXE
>> +
>> +    Status: Supported, with caveats
>> +
>> +Booting a guest via PXE.
>> +PXE inherently places full trust of the guest in the network,
>> +and so should only be used
>> +when the guest network is under the same administrative control
>> +as the guest itself.
>> +
>> +### x86/HVM BIOS
>> +
>> +    Status: Supported
>> +
>> +Booting a guest via guest BIOS firmware
> 
> Should we mention that the supported BIOS are either SeaBIOS or ROMBIOS
> like it is done bellow for UEFI?

What about something like this:

---
### x86/HVM BIOS

    Status, SeaBIOS (qemu-xen): Supported
    Status, ROMBIOS (qemu-xen-traditional): Supported

Booting a guest via guest BIOS firmware
---

Hmm, but that rather implies that we should change OVMF to the following:

---
### x86/HVM OVMF

    Status, qemu-xen: Supported

OVMF firmware implements the UEFI boot protocol.
---


What do you think?

  -George

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.