Xen project Mailing List

Re: Virtio in Xen on Arm (based on IOREQ concept)

To: Roger Pau Monné <roger.pau@xxxxxxxxxx>

From: Stefano Stabellini <sstabellini@xxxxxxxxxx>

Date: Mon, 20 Jul 2020 13:37:28 -0700 (PDT)

Cc: Stefano Stabellini <sstabellini@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Oleksandr Andrushchenko <andr2000@xxxxxxxxx>, Bertrand Marquis <Bertrand.Marquis@xxxxxxx>, Oleksandr <olekstysh@xxxxxxxxx>, xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, alex.bennee@xxxxxxxxxx, Artem Mygaiev <joculator@xxxxxxxxx>

Delivery-date: Mon, 20 Jul 2020 20:37:57 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On Mon, 20 Jul 2020, Roger Pau Monné wrote: > On Mon, Jul 20, 2020 at 10:40:40AM +0100, Julien Grall wrote: > > > > > > On 20/07/2020 10:17, Roger Pau Monné wrote: > > > On Fri, Jul 17, 2020 at 09:34:14PM +0300, Oleksandr wrote: > > > > On 17.07.20 18:00, Roger Pau Monné wrote: > > > > > On Fri, Jul 17, 2020 at 05:11:02PM +0300, Oleksandr Tyshchenko wrote: > > > > > Do you have any plans to try to upstream a modification to the VirtIO > > > > > spec so that grants (ie: abstract references to memory addresses) can > > > > > be used on the VirtIO ring? > > > > > > > > But VirtIO spec hasn't been modified as well as VirtIO infrastructure > > > > in the > > > > guest. Nothing to upsteam) > > > > > > OK, so there's no intention to add grants (or a similar interface) to > > > the spec? > > > > > > I understand that you want to support unmodified VirtIO frontends, but > > > I also think that long term frontends could negotiate with backends on > > > the usage of grants in the shared ring, like any other VirtIO feature > > > negotiated between the frontend and the backend. > > > > > > This of course needs to be on the spec first before we can start > > > implementing it, and hence my question whether a modification to the > > > spec in order to add grants has been considered. > > The problem is not really the specification but the adoption in the > > ecosystem. A protocol based on grant-tables would mostly only be used by Xen > > therefore: > > - It may be difficult to convince a proprietary OS vendor to invest > > resource on implementing the protocol > > - It would be more difficult to move in/out of Xen ecosystem. > > > > Both, may slow the adoption of Xen in some areas. > > Right, just to be clear my suggestion wasn't to force the usage of > grants, but whether adding something along this lines was in the > roadmap, see below. > > > If one is interested in security, then it would be better to work with the > > other interested parties. I think it would be possible to use a virtual > > IOMMU for this purpose. > > Yes, I've also heard rumors about using the (I assume VirtIO) IOMMU in > order to protect what backends can map. This seems like a fine idea, > and would allow us to gain the lost security without having to do the > whole work ourselves. > > Do you know if there's anything published about this? I'm curious > about how and where in the system the VirtIO IOMMU is/should be > implemented. Not yet (as far as I know), but we have just started some discussons on this topic within Linaro. You should also be aware that there is another proposal based on pre-shared-memory and memcpys to solve the virtio security issue: https://marc.info/?l=linux-kernel&m=158807398403549 It would be certainly slower than the "virtio IOMMU" solution but it would take far less time to develop and could work as a short-term stop-gap. (In my view the "virtio IOMMU" is the only clean solution to the problem long term.)

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.