[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] PCI Passthrough

  • To: xen-users@xxxxxxxxxxxxxxxxxxx
  • From: Paul Schulze <avlex@xxxxxxx>
  • Date: Sun, 25 May 2008 05:32:27 +0200
  • Delivery-date: Sat, 24 May 2008 20:33:04 -0700
  • Domainkey-signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=mime-version:in-reply-to:references:content-type:message-id:content-transfer-encoding:from:subject:date:to:x-pgp-agent:x-mailer:sender; b=pItMnwAf7doc5HjWuD9QiCI3s0KV44GmuEEyabm1YBk0qzkmaEQbGIj47mvrIvTx/EfqvaGlLbv2B/U182bqtC2nlzuSA3cVOh8cGrzYx2lZ36Jce9q/MSf97iJLmP14e7OPUTwFRSVDuYdQwwcKPY856Z98Z1/eD0Xwdp030CE=
  • List-id: Xen user discussion <xen-users.lists.xensource.com>

Hash: SHA1

Hi Mark,

Am 25.05.2008 um 02:22 schrieb Mark Williamson:

I have already heard about IOMMU being implemented in Intel CPUs (or
probably the North Bridge, because as I hear that is where the Memory
Controller is located) only, however, as far as I can see AMD isn't
quiet there yet (I hear they postponed it to 2009 again, almost
reminds me of GNU/Hurd). However, that is one of the main problems I
am facing: Intel does not offer a suitable basis for low power
systems with desktop performance.

How low do you need the power consumption to be? Intel's recent chips aren't as scarily "hungrier than everything else" as they were back in the old Pentium 4 days, although I guess the "normal" power consumption has gone up
since then too...

Thats a good question, as low as possible. For the platform I am currently working on that means something around 50W, 70W at the most when "idling" (might sound a little too enthusiastic, but its the general target). I assume that most of the tasks I give it will leave the machine more or less idling (below 10% on the CPU), even virtualized, which only works with a CPU with enough power, so it can clock down if the full speed isn't needed. The low power requirement practically disqualifies anything without onboard graphics, since the system has to deal with at least 2 HDDs and the network and wifi hardware, not to mention the TV tuner card. I had a look at the X3500 IGP on Intels new chipset, but it seems like it still is no alternative to the AMD 780G and I strongly suspect the nForce780a chipset to not support VT-d (besides it being not available for Intel CPUs at the moment). The requirements for extension slots practically dismiss all the available mainboards for mobile Intel CPUs, since those are either MicroATX or ITX too. I would really have prefered an Intel CPU, but the current situation doesnt offer much of a choice.

I'd also note that there are now tiny motherboards based on Intel's Atom CPU for very low power applications, although they won't give you the desktop performance you want. You might want to consider splitting some of the
functionality of this system off onto a minimal box like that so the
powerful, hungry desktop hardware can be powered off completely when not

And there is the problem, I want one box that can handle it all, because first of all, two boxes are more expensive and second of all, if I need the desktops power over night, it will still have to run, ultimately leaving me with two maschines worth of power drawn and noise produced. In my opinion, for this case a single system can meet the requirements perfectly well and scales better for this kind of application.

Intel's Atom CPU is out of the question though, It will probably not be able to handle all the services I would require from the platform at peek times. That includes HDTV decoding and reencoding for possible MythTV clients (3 at the moment), which alone would more or less kill the whole system. Having this part handled by the Desktop system is impractical too, because whomever wants to use the MythTV server over network would have to turn on the Desktop first (and the current server provides resources for people outside my apartment too... and sucks power like crazy doing it because of a defect, which is why its going to be replaced).

I already looked far and wide for a
suitable CPU + Mainboard combination with low power consumption and
onboard 3D graphics that are worth something and I'm sorry to say,
but Intel's are definitively not (compared to the AMD 4x50e CPUs with
AMD780G chipsets at least). So I am basically bound to AMD for this
particular project.

OK. Well if you have a particularly compelling need for AMD then that's fine
but it is going to be a problem for the security of PCI passthrough...

I rather wouldn't, but the alternatives in form of performance combined with low power consumption are less compelling and if it comes down to it, it is supposed to be a multimedia and home server. However, if possible, I would still like to close security holes, especially for the Firewall and Access Point VM (which is probably the most critical part).

I already looked around for clues on a software IOMMU implementation
too, but the only thing I could find was SWIOTLB. As I understand it,
this solution merely allows 32bit devices to use more than 4gb of
RAM, or is there a way to use it as a software IOMMU in the sense of
Intel VT-d too? If not, is there another way to emulate IOMMU or at
least protect the system from a potentially compromised privileged
DomU until AMD CPUs supporting this feature are available?

I'm afraid there's no practical way of doing untrusted PCI passthrough
securely without having an IOMMU in hardware. Without special hardware to enforce memory access controls, a domain with direct access to a PCI card
I'm afraid the "solution" to running untrusted operating systems is to
virtualise the devices too - using virtual network, graphics, etc devices, it's possible to provide more stringent controls on what they can / can't do than if you've given a guest *real* hardware. Unfortunately, this doesn't
seem to be a particularly good fit for most of what you want to do :-(
And am I
correct to assume that a possible feature for AMD CPUs will possibly
not need support from the chipset, because the Memory Controller is
located on the CPU?

That sounds sane but I don't know enough about the AMD platform (and their
corporate plans!) to answer that one reliably.

I know what you mean, I am only guessing here too. And I will probably have to stake a whole system on that guess unless another solution pops up. It will be a real pain to secure the VMs though.

I hope someone can help me out of my confusion,

I hope that clears things up a bit. Sorry if it's not really the ideal answer
for you though.

It does, and don't worry, I wasn't looking for an ideal answer anyways. If that would exist, the whole project wouldn't interest me at all :) . Besides, if there were a simple way, we would have linux distros for sandboxed multimedia systems already. It really wouldn't be fun that way.

Thanks again,


- --
Paul Schulze
Public Key: http://solaris-net.dyndns.org/keys/key_avlex.asc

"Making mistakes is human,
but to really fuck things up you need Computers"


Push Me Pull You - Distributed SCM tool (http://www.cl.cam.ac.uk/ ~maw48/pmpu/)

Version: GnuPG v1.4.1 (Darwin)


Xen-users mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.