[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH v3 08/17] SUPPORT.md: Add x86-specific virtual hardware
On Mon, Nov 27, 2017 at 04:30:36PM +0000, George Dunlap wrote: > On 11/27/2017 03:12 PM, Anthony PERARD wrote: > > On Wed, Nov 22, 2017 at 07:20:15PM +0000, George Dunlap wrote: > >> x86-specific virtual hardware provided by the hypervisor, toolstack, > >> or QEMU. > >> > >> Signed-off-by: George Dunlap <george.dunlap@xxxxxxxxxx> > >> --- > >> Changes since v2: > >> - Updated Nested PV / HVM sections > >> - Removed AVX section > >> - EFI -> OVMF > >> > >> Changes since v1: > >> - Added emulated QEMU support, to replace docs/misc/qemu-xen-security. > >> > >> Need to figure out what to do with the "backing storage image format" > >> section of that document. > >> > >> CC: Ian Jackson <ian.jackson@xxxxxxxxxx> > >> CC: Wei Liu <wei.liu2@xxxxxxxxxx> > >> CC: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> > >> CC: Jan Beulich <jbeulich@xxxxxxxx> > >> CC: Stefano Stabellini <sstabellini@xxxxxxxxxx> > >> CC: Konrad Wilk <konrad.wilk@xxxxxxxxxx> > >> CC: Tim Deegan <tim@xxxxxxx> > >> CC: Roger Pau Monne <roger.pau@xxxxxxxxxx> > >> CC: Anthony Perard <anthony.perard@xxxxxxxxxx> > >> CC: Paul Durrant <paul.durrant@xxxxxxxxxx> > >> --- > >> SUPPORT.md | 105 > >> +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ > >> 1 file changed, 105 insertions(+) > >> > >> diff --git a/SUPPORT.md b/SUPPORT.md > >> index 96c381fb55..98ed18098a 100644 > >> --- a/SUPPORT.md > >> +++ b/SUPPORT.md > >> @@ -373,6 +373,111 @@ but has no xl support. > >> > >> Status: Supported > >> > >> +## Virtual Hardware, Hypervisor > >> + > >> +### x86/Nested PV > >> + > >> + Status, x86 Xen HVM: Tech Preview > >> + > >> +This means running a Xen hypervisor inside an HVM domain on a Xen system, > >> +with support for PV L2 guests only > >> +(i.e., hardware virtualization extensions not provided > >> +to the guest). > >> + > >> +This works, but has performance limitations > >> +because the L1 dom0 can only access emulated L1 devices. > >> + > >> +Xen may also run inside other hypervisors (KVM, Hyper-V, VMWare), > >> +but nobody has reported on performance. > >> + > >> +### x86/Nested HVM > >> + > >> + Status, x86 HVM: Experimental > >> + > >> +This means providing hardware virtulatization support to guest VMs > >> +allowing, for instance, a nested Xen to support both PV and HVM guests. > >> +It also implies support for other hypervisors, > >> +such as KVM, Hyper-V, Bromium, and so on as guests. > >> + > >> +### vPMU > >> + > >> + Status, x86: Supported, Not security supported > >> + > >> +Virtual Performance Management Unit for HVM guests > >> + > >> +Disabled by default (enable with hypervisor command line option). > >> +This feature is not security supported: see > >> http://xenbits.xen.org/xsa/advisory-163.html > >> + > >> +## Virtual Hardware, QEMU > >> + > >> +These are devices available in HVM mode using a qemu devicemodel (the > >> default). > >> +Note that other devices are available but not security supported. > >> + > >> +### x86/Emulated platform devices (QEMU): > >> + > >> + Status, piix3: Supported > >> + > >> +### x86/Emulated network (QEMU): > >> + > >> + Status, e1000: Supported > >> + Status, rtl8193: Supported > >> + Status, virtio-net: Supported > >> + > >> +### x86/Emulated storage (QEMU): > >> + > >> + Status, piix3 ide: Supported > >> + Status, ahci: Supported > >> + > >> +### x86/Emulated graphics (QEMU): > >> + > >> + Status, cirrus-vga: Supported > >> + Status, stgvga: Supported > >> + > >> +### x86/Emulated audio (QEMU): > >> + > >> + Status, sb16: Supported > >> + Status, es1370: Supported > >> + Status, ac97: Supported > >> + > >> +### x86/Emulated input (QEMU): > >> + > >> + Status, usbmouse: Supported > >> + Status, usbtablet: Supported > >> + Status, ps/2 keyboard: Supported > >> + Status, ps/2 mouse: Supported > >> + > >> +### x86/Emulated serial card (QEMU): > >> + > >> + Status, UART 16550A: Supported > >> + > >> +### x86/Host USB passthrough (QEMU): > >> + > >> + Status: Supported, not security supported > >> + > >> +## Virtual Firmware > >> + > >> +### x86/HVM iPXE > >> + > >> + Status: Supported, with caveats > >> + > >> +Booting a guest via PXE. > >> +PXE inherently places full trust of the guest in the network, > >> +and so should only be used > >> +when the guest network is under the same administrative control > >> +as the guest itself. > >> + > >> +### x86/HVM BIOS > >> + > >> + Status: Supported > >> + > >> +Booting a guest via guest BIOS firmware > > > > Should we mention that the supported BIOS are either SeaBIOS or ROMBIOS > > like it is done bellow for UEFI? > > What about something like this: > > --- > ### x86/HVM BIOS > > Status, SeaBIOS (qemu-xen): Supported > Status, ROMBIOS (qemu-xen-traditional): Supported > > Booting a guest via guest BIOS firmware > --- > > Hmm, but that rather implies that we should change OVMF to the following: > > --- > ### x86/HVM OVMF > > Status, qemu-xen: Supported > > OVMF firmware implements the UEFI boot protocol. > --- > > > What do you think? Sounds good to me. -- Anthony PERARD _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/mailman/listinfo/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |