[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [xen-summit-2019] Virtio Design Session

To: xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>
From: Julien Grall <julien.grall@xxxxxxx>
Date: Thu, 25 Jul 2019 13:16:30 +0100
Cc: Artem Mygaiev <Artem_Mygaiev@xxxxxxxx>, Juergen Gross <jgross@xxxxxxxx>, "lars.kurth@xxxxxxxxxx" <lars.kurth@xxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Oleksandr Andrushchenko <oleksandr_andrushchenko@xxxxxxxx>, Paul Durrant <paul.durrant@xxxxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>
Delivery-date: Thu, 25 Jul 2019 12:16:37 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Hi,

Sorry I forgot the CC xen-devel.

On 25/07/2019 13:15, Julien Grall wrote:

Hi all,
I don't have the e-mail address of all the attendees. Feel free to CC/forward toanyone that should be involved.
First all thank you Artem for taking the notes. I tried to summarize them below.Please let me know if I missed anything or wrongly summarized.
There was some interest to get virtio running on Xen. The scope was HVM/PVH/ARMguests so existing transport (MMIO/PCI) can be re-used.
The topics discussed were:

    * Restricting virtio backend for guest memory access
At the moment, virtio backend has full access to the guest memory. Somestakeholders using Xen (or other hypervisors) are concern about the securityimpact. Two solutions have been suggested here:
       - Implement using grant-table (Suggested by Juergen Gross)
       - Use Virtio-IOMMU or a Xen PV IOMMU
Dave Woodhouse, would be interested to see a diagram for PV IOMMU to dotranslation. The backend for PV IOMMU would have to reside in Xen.
A cross-hypervisor solution would be ideal. We need to involve people outside ofXen (Genevi? Matti? Gunnar?) and virtio specialists from Linux kernel (PaoloBonzini? Michael Tsirkin?)
   * Virtio frontend in Linux by-passing the DMA API
In order to implement a virtual IOMMU, virtio would have to use DMA API. DavidWoodhouse suggested this was fix in recent kernel. We need to check if this thecase or fix it.
   * Backend memory exhaustion (XSA-300)
While this is not virtio specific, this is a blocker for general usuability onArm and x86 PVH dom0.
   * State of Art
Xen x86 contains most of the pieces to be able to use basic virtio MMIO/PCI. Theremaining bits are tools support for the configuration
Xen Arm requires implementation to forward guest MMIO access to a device model(aka IOREQ). Most of the code could be re-used from x86. I have a PoC for thiswhich has been shared privately with EPAM so far.
   * Next Steps/Actions

      - Send out Arm IOREQ support
     - Partial PCI emulator for Arm
     - Xen tools support for configuration
     - Start discussion on security side involving people outside Xen.

Cheers,


--
Julien Grall

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

Prev by Date: Re: [Xen-devel] [PATCH 1/2] x86/iommu: avoid mapping the interrupt address range for hwdom
Next by Date: Re: [Xen-devel] CPU frequency throttling based on the temperature
Previous by thread: [Xen-devel] [libvirt test] 139328: regressions - FAIL
Next by thread: [Xen-devel] [linux-linus test] 139324: regressions - FAIL
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.