[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 1/2] docs/designs/launch: hyperlaunch design document

  • To: "Daniel P. Smith" <dpsmith@xxxxxxxxxxxxxxxxxxxx>
  • From: Roger Pau Monné <roger.pau@xxxxxxxxxx>
  • Date: Thu, 18 Mar 2021 17:43:38 +0100
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=sxDZB9dQLgRIPvV5DwjxQaV7NJLdr6+APJD95DS2e+o=; b=cjfpnm2ekfdWrrUuXWOeYKX9Y4R7tPeNxpYqCAsW3sCQlQ3zy0cMEUOhI1PuOFv6OAod3+VSvMvnrSfv8BgfIlHPAb+/PLjHBVuMGjNzzPt1dgQwi7bf+bVqz3R6zKglGgtqd/+d8JvXPiNx7tojQ2R5e6nvfoG5ZRDqhNHIu3YndPLBYlT3bssC7ogBTo68zToAz9PtO8PF9ZmhovOr3PDdiLdcUSnCnt3tPmaTT9kiWLxPGsFubVmo16DlOW1+V88Hv7jQay7TCaYJ5pulpksw3AJtIWUt7868N5coyn+ebTnNsBr6GBpPm0kxGVOamJLcoDSFPqqW29C0nm4uoA==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=T3faJItipjp3c9B2pAZu8LeO9yAKUvRvz/gvStwsJMM99iZcRb5sHcs36If/HJvmiywX+o9hymFWEWp6CQ4gQSYeZZkCLhcHM9KT/HRZxKiYDpXXjE/L201E6AAM5hVcUBcsMgFgpZxghoWTxiNGFP/H5IrKQCTK8s3kFVDGAI8rn8A4JZRXMshjRb40aTEeIoy1DRUPn454W1lvaRnUrclUbDc9miJNJRakjnDityAHf2X3sYJWVIYxCateadE3HJ/zNMAmMU/C7d4D7MKqnCM9apeBRu6P8IWOPBrBFz1qkiS1Zw7Bre7y6gNKaPlXytyhy0Z/PtXYbG3FRgoO7g==
  • Authentication-results: esa2.hc3370-68.iphmx.com; dkim=pass (signature verified) header.i=@citrix.onmicrosoft.com
  • Cc: <xen-devel@xxxxxxxxxxxxxxxxxxxx>, <christopher.w.clark@xxxxxxxxx>, <andrew.cooper3@xxxxxxxxxx>, <stefano.stabellini@xxxxxxxxxx>, <jgrall@xxxxxxxxxx>, <Julien.grall.oss@xxxxxxxxx>, <iwj@xxxxxxxxxxxxxx>, <wl@xxxxxxx>, <george.dunlap@xxxxxxxxxx>, <jbeulich@xxxxxxxx>, <persaur@xxxxxxxxx>, <Bertrand.Marquis@xxxxxxx>, <luca.fancellu@xxxxxxx>, <paul@xxxxxxx>, <adam.schwalm@xxxxxxxxxx>
  • Delivery-date: Thu, 18 Mar 2021 16:44:06 +0000
  • Ironport-hdrordr: A9a23:wsjtqqN5uZyzqMBcT9vz55DYdL4zR+YMi2QD/0p6RQVJNumRkM 6zlPoWvCWE/go5cltIo6H/BICrR3TA+ZlppawYOrm/VAfr0VHYZb1Kx43k3jHmBmnC5vdQvJ 0QWZRWJf/RKRxBjcj86BSlCNpI+rO62Y2hmOu29QYecShEcKdlhj0JdjqzMkozfwVeAIp8KZ z03LsxmxOFWVA6Kvu2HWMEWe+rnaznqLvDbQQdDxAqrCmi5AnYnYLSKBST0hcAXz4n+95LnB mg4muJgNTbwonLsW6nphLuxq9bl9f7xtxICNbksLlgFhzWhhu1f4MkYrWevVkOy92H0kogk9 XHvn4bTrVOwk7RZW28rF/M3ATtwV8Vmgzf4GKYmnfqrIjFQis7AaN69PJkWybegnBQw+1U4e ZhxGKWtodSBRPE2Bnn79LLWwoCrCaJiEtnvekNy0ZSVoYTc9ZqwrA3zQdwKtMgFDi/wJ07GO NuZfusrMp+QBe/VTTlmUVBhParRW8+Gx+aRFNqgL3f7xFm2FRiwQ8iyMN3pBk93aN4bYJF6e TCOrlpk78LbvZ+V8NALdZEZ9C2BGzLSQ/LK0SILz3cZY06EkOIka7SyvEY3tvvUpkJwJwu3L zcTVIwjw4PUnOrM9CHx6dA+heIe2m2UTTzxsw23ekbhpTMAID3OTa4Qlgo1/StuO8eBMqzYY fQBLtmR8DiNnf1M4dE1Q/zVvBpWBwjecUPsJIyR0+OrsXXKofjq+zcd7LJKKDwFCs/M1mPUk crVCP4YMFN9FqiVHO9mhjeXHvxZlfylKgAQZTy9/MYjJIAPogkiHlKtX28/MGTHzhLuaAySh IlfOPpzPrm4TK89T+Nsjk1MV4MBElepOrrXy9ArwcDORqoKIAKscief2dT0RK8V19CZsfNEB doolx99aeAdsbNlS99Uo7iaWmT1j9P+C+AC8cXlafGus3oJpgzBp4tAfEpIw/MEAF4nhtgqH pYATV0BXP3EinvkJOhhJcZAdeHLYUtj1nzfYoOonqH8RjB+MpqFnEVVXrwW8LKigwnTzAM2w RG/6gWi7+NlF+UWCYCqeAjMER7bWydDLdxVV7YNIoLw+yuIwp5FCPW2WGQz0E4dWCvqE8f2m fqJSWfIKyTNF5Qp3Ff38/RgRxJX2GGf1tHb3hwvYhKTD6b6nksiLPOPaG6ii/NNgYIhrEWPz uAPjEffghlz9i8jUPNrjGLEXlO/ORhAsXYFrQ7RbTa0X+pHtTTyfEIQaYJuM1vPImr77NXWq bOcQCeaGzzB78j0QScrC95YR9vpGQome7lsSeVoFSQ2GQ+GMzWKF9rQodDeY3N4Da8G7LS25 0hyY9o4OD1Ym//YJrYw62KZDRKIhmL/DeBVeE0pZBY1JhC9YdbG4PaSA3M3HpK2Q9WFra/qG oOBKt8+7zPIYlpYogbfD9Y5EMgkJCVIFIsqRGeOJ5iQXg9y3vaNciO+bzGtP4mBVCAvhL5PT CkgnZg1uaAWyuIzrgBDa0sZWxQdUgn8XxnuOePbZfZBgnvd+ZN+jOBQyWAWa4YTKiOArMLqB lmp9mOgu+MbiL9nBnKoiETGNMJz0+3BcepRA6cE+9B9NK3fVyKn6ux+ca2yDP6UyGyZUgUjZ BMHHZgMvhrm30nlsk6wyKyQqv4rgYuiF1F+yxqkVbrx8yv/HrbFVsuC3yLvrxGGT1IdnSYh8 XM9uaVkH7n5iJexJXFHEBMOtlTBtkLSJTtJSsGE7lDgJe4u640xihTahYnCGAxzDrn2fl9wL u/0PLOH+L4D3PlPk8A5C5FCoZ4kjdDkxAWT+GuqZamJgkHHO8BBPUyoopMlihyt1T151oAKx Vh3zZYgL3lPxjiJTBxBKLulYz5jFwTv66Z8UBjo31WhxeigFGYsF7lgtattxMP3kTghx4irb /YSCo6gS5fuAIiy7dmKGCRXWnlRm7AN1/r0q0yOzlgBXo0w+smyBrPRpN7w6yW3i5ht3A2Ey Iwy7akGiLUUjOJD8D9KzisCZCyG959Y/FYP2IZNH6oPBHYmpA9Jyi4LOtJx1GpgDMDFKKOMq SpbEaWF58W5rEdPKTqXsqDn8vUzxNY8HsTtor/jnSAkJtRnOumDx85tch4f7liOw+s8is9yN eVUA7VN4Uc4S3erQXamHxlDc5Txx5QzVgRpC8WFi/tGsi6QVt5oiUaj5XzQjcD1MqHQdFJsG vIrFK7omPKPASMPETEYcwn31s5sALaBI7KtVmzfLT8cw1I8Pa3CKGjiG700RTZq9jptkiAij p9lWdHARM7xAeeUI5PVzPYz0UGPwFtER0pmgy4waYZ6mZmg0hhcjF5frhGwAz5TRTHSyvjj3 DMIDE18YcNWWp8n/JIsHpFmVhKoi5McZ1s0pGU7E6wfWJFRBtWz9UYiwGShNUwPk4OfnPZIa 7xopy3OMyk0ZdRAiCE4vgEJPN/bD5Tibi93piZdQtTKwKC3blSyhLW+hYzq1g78vVV9n3dvA ==
  • Ironport-sdr: V8Rqo/QChW/200UkVJ/8N7olqbN13IhkQlnbT5UWXMgHlf9gnxqW9pE46pxTQSGFVOoHYtpz+9 8XLsWJfqxyMr26WYBrOvCGmLxD11oYwKiCr3D9m1oBuh+47R3rtM3fV5Mm5HKo1K8iS7cgDCsc XzraIj8xm5NRtTQG9s7ed41hclbMgKqAQSE7eqvTVnEz07qh79PUKtOO8Q3471JZiRUTo+Hlhz 8aJnTwc3FYjbjUce36DkXWCJw0pVRpeVwsUqcwDnE7UOcwt7rjsS1z4G+RdD8A08VaEVw05SDP 1bY=
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
Just took a quick look at it.

On Mon, Mar 15, 2021 at 11:18:13PM -0400, Daniel P. Smith wrote:
> + 
> +---------------+-----------+------------+-----------+-------------+---------------------+
> + | **Xen Dom0**  | **Linux** | **Late**   | **Jail**  | **Xen**     | **Xen 
> Hyperlaunch** |
> + | **(Classic)** | **KVM**   | **HW Dom** | **house** | 
> **dom0less**+---------+-----------+
> + |               |           |            |           |             | Static 
>  | Dynamic   |
> + 
> +===============+===========+============+===========+=============+=========+===========+
> + | Hypervisor able to launch multiple VMs during host boot                   
>              |
> + 
> +---------------+-----------+------------+-----------+-------------+---------+-----------+
> + |               |           |            |     Y     |       Y     |    Y   
>  |     Y     |
> + 
> +---------------+-----------+------------+-----------+-------------+---------+-----------+
> + | Hypervisor supports Static Partitioning                                   
>              |
> + 
> +---------------+-----------+------------+-----------+-------------+---------+-----------+
> + |               |           |            |     Y     |       Y     |    Y   
>  |           |
> + 
> +---------------+-----------+------------+-----------+-------------+---------+-----------+
> + | Able to launch VMs dynamically after host boot                            
>              |
> + 
> +---------------+-----------+------------+-----------+-------------+---------+-----------+
> + |       Y       |     Y     |      Y*    |     Y     |       Y*    |        
>  |     Y     |
> + 
> +---------------+-----------+------------+-----------+-------------+---------+-----------+
> + | Supports strong isolation between all VMs started at host boot            
>              |
> + 
> +---------------+-----------+------------+-----------+-------------+---------+-----------+
> + |               |           |            |     Y     |       Y     |    Y   
>  |     Y     |
> + 
> +---------------+-----------+------------+-----------+-------------+---------+-----------+
> + | Enables flexible sequencing of VM start during host boot                  
>              |
> + 
> +---------------+-----------+------------+-----------+-------------+---------+-----------+
> + |               |           |            |           |             |    Y   
>  |     Y     |
> + 
> +---------------+-----------+------------+-----------+-------------+---------+-----------+
> + | Prevent all-powerful static root domain being launched at boot            
>              |
> + 
> +---------------+-----------+------------+-----------+-------------+---------+-----------+
> + |               |           |            |           |       Y*    |    Y   
>  |     Y     |
> + 
> +---------------+-----------+------------+-----------+-------------+---------+-----------+
> + | Operates without a Highly-privileged management VM (eg. Dom0)             
>              |
> + 
> +---------------+-----------+------------+-----------+-------------+---------+-----------+
> + |               |           |      Y*    |           |       Y*    |    Y   
>  |     Y     |
> + 
> +---------------+-----------+------------+-----------+-------------+---------+-----------+
> + | Operates without a privileged toolstack VM (Control Domain)               
>              |
> + 
> +---------------+-----------+------------+-----------+-------------+---------+-----------+
> + |               |           |            |           |       Y*    |    Y   
>  |           |
> + 
> +---------------+-----------+------------+-----------+-------------+---------+-----------+
> + | Extensible VM configuration applied before launch of VMs at host boot     
>              |
> + 
> +---------------+-----------+------------+-----------+-------------+---------+-----------+
> + |               |           |            |           |             |    Y   
>  |     Y     |
> + 
> +---------------+-----------+------------+-----------+-------------+---------+-----------+
> + | Flexible granular assignment of permissions and functions to VMs          
>              |
> + 
> +---------------+-----------+------------+-----------+-------------+---------+-----------+
> + |               |           |            |           |             |    Y   
>  |     Y     |
> + 
> +---------------+-----------+------------+-----------+-------------+---------+-----------+
> + | Supports extensible VM measurement architecture for DRTM and attestation  
>              |
> + 
> +---------------+-----------+------------+-----------+-------------+---------+-----------+
> + |               |           |            |           |             |    Y   
>  |     Y     |
> + 
> +---------------+-----------+------------+-----------+-------------+---------+-----------+
> + | PCI passthrough configured at host boot                                   
>              |
> + 
> +---------------+-----------+------------+-----------+-------------+---------+-----------+
> + |               |           |            |           |             |    Y   
>  |     Y     |
> + 
> +---------------+-----------+------------+-----------+-------------+---------+-----------+

I'm curious about this, I assume this is done using vPCI so that
there's no hardware domain (and user-space device model) involved for
PCI passthrough?

I'm also not sure how you are going to handle things like SR-IOV
devices. Right now SR-IOV capability is setup and initialized by the
hardware domain, and the new virtual devices are notified to Xen once
setup is done. Do you plan to move those bits into Xen, so that it can
setup and initialize the SR-IOV capability?

Thanks, Roger.

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.