[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v3 08/17] SUPPORT.md: Add x86-specific virtual hardware



On Mon, Nov 27, 2017 at 04:30:36PM +0000, George Dunlap wrote:
> On 11/27/2017 03:12 PM, Anthony PERARD wrote:
> > On Wed, Nov 22, 2017 at 07:20:15PM +0000, George Dunlap wrote:
> >> x86-specific virtual hardware provided by the hypervisor, toolstack,
> >> or QEMU.
> >>
> >> Signed-off-by: George Dunlap <george.dunlap@xxxxxxxxxx>
> >> ---
> >> Changes since v2:
> >> - Updated Nested PV / HVM sections
> >> - Removed AVX section
> >> - EFI -> OVMF
> >>
> >> Changes since v1:
> >> - Added emulated QEMU support, to replace docs/misc/qemu-xen-security.
> >>
> >> Need to figure out what to do with the "backing storage image format"
> >> section of that document.
> >>
> >> CC: Ian Jackson <ian.jackson@xxxxxxxxxx>
> >> CC: Wei Liu <wei.liu2@xxxxxxxxxx>
> >> CC: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
> >> CC: Jan Beulich <jbeulich@xxxxxxxx>
> >> CC: Stefano Stabellini <sstabellini@xxxxxxxxxx>
> >> CC: Konrad Wilk <konrad.wilk@xxxxxxxxxx>
> >> CC: Tim Deegan <tim@xxxxxxx>
> >> CC: Roger Pau Monne <roger.pau@xxxxxxxxxx>
> >> CC: Anthony Perard <anthony.perard@xxxxxxxxxx>
> >> CC: Paul Durrant <paul.durrant@xxxxxxxxxx>
> >> ---
> >>  SUPPORT.md | 105 
> >> +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> >>  1 file changed, 105 insertions(+)
> >>
> >> diff --git a/SUPPORT.md b/SUPPORT.md
> >> index 96c381fb55..98ed18098a 100644
> >> --- a/SUPPORT.md
> >> +++ b/SUPPORT.md
> >> @@ -373,6 +373,111 @@ but has no xl support.
> >>  
> >>      Status: Supported
> >>  
> >> +## Virtual Hardware, Hypervisor
> >> +
> >> +### x86/Nested PV
> >> +
> >> +    Status, x86 Xen HVM: Tech Preview
> >> +
> >> +This means running a Xen hypervisor inside an HVM domain on a Xen system,
> >> +with support for PV L2 guests only
> >> +(i.e., hardware virtualization extensions not provided
> >> +to the guest).
> >> +
> >> +This works, but has performance limitations
> >> +because the L1 dom0 can only access emulated L1 devices.
> >> +
> >> +Xen may also run inside other hypervisors (KVM, Hyper-V, VMWare),
> >> +but nobody has reported on performance.
> >> +
> >> +### x86/Nested HVM
> >> +
> >> +    Status, x86 HVM: Experimental
> >> +
> >> +This means providing hardware virtulatization support to guest VMs
> >> +allowing, for instance, a nested Xen to support both PV and HVM guests.
> >> +It also implies support for other hypervisors,
> >> +such as KVM, Hyper-V, Bromium, and so on as guests.
> >> +
> >> +### vPMU
> >> +
> >> +    Status, x86: Supported, Not security supported
> >> +
> >> +Virtual Performance Management Unit for HVM guests
> >> +
> >> +Disabled by default (enable with hypervisor command line option).
> >> +This feature is not security supported: see 
> >> http://xenbits.xen.org/xsa/advisory-163.html
> >> +
> >> +## Virtual Hardware, QEMU
> >> +
> >> +These are devices available in HVM mode using a qemu devicemodel (the 
> >> default).
> >> +Note that other devices are available but not security supported.
> >> +
> >> +### x86/Emulated platform devices (QEMU):
> >> +
> >> +    Status, piix3: Supported
> >> +
> >> +### x86/Emulated network (QEMU):
> >> +
> >> +    Status, e1000: Supported
> >> +    Status, rtl8193: Supported
> >> +    Status, virtio-net: Supported
> >> +
> >> +### x86/Emulated storage (QEMU):
> >> +
> >> +    Status, piix3 ide: Supported
> >> +    Status, ahci: Supported
> >> +
> >> +### x86/Emulated graphics (QEMU):
> >> +
> >> +    Status, cirrus-vga: Supported
> >> +    Status, stgvga: Supported
> >> +
> >> +### x86/Emulated audio (QEMU):
> >> +
> >> +    Status, sb16: Supported
> >> +    Status, es1370: Supported
> >> +    Status, ac97: Supported
> >> +
> >> +### x86/Emulated input (QEMU):
> >> +
> >> +    Status, usbmouse: Supported
> >> +    Status, usbtablet: Supported
> >> +    Status, ps/2 keyboard: Supported
> >> +    Status, ps/2 mouse: Supported
> >> +
> >> +### x86/Emulated serial card (QEMU):
> >> +
> >> +    Status, UART 16550A: Supported
> >> +
> >> +### x86/Host USB passthrough (QEMU):
> >> +
> >> +    Status: Supported, not security supported
> >> +
> >> +## Virtual Firmware
> >> +
> >> +### x86/HVM iPXE
> >> +
> >> +    Status: Supported, with caveats
> >> +
> >> +Booting a guest via PXE.
> >> +PXE inherently places full trust of the guest in the network,
> >> +and so should only be used
> >> +when the guest network is under the same administrative control
> >> +as the guest itself.
> >> +
> >> +### x86/HVM BIOS
> >> +
> >> +    Status: Supported
> >> +
> >> +Booting a guest via guest BIOS firmware
> > 
> > Should we mention that the supported BIOS are either SeaBIOS or ROMBIOS
> > like it is done bellow for UEFI?
> 
> What about something like this:
> 
> ---
> ### x86/HVM BIOS
> 
>     Status, SeaBIOS (qemu-xen): Supported
>     Status, ROMBIOS (qemu-xen-traditional): Supported
> 
> Booting a guest via guest BIOS firmware
> ---
> 
> Hmm, but that rather implies that we should change OVMF to the following:
> 
> ---
> ### x86/HVM OVMF
> 
>     Status, qemu-xen: Supported
> 
> OVMF firmware implements the UEFI boot protocol.
> ---
> 
> 
> What do you think?

Sounds good to me.

-- 
Anthony PERARD

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.