[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-users] PV DomU kernel 2.4(.34) for IPCop
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Mark, I am currently in the process of setting up a firewall/access point DomU and I would like to know if there is any way to run a linux kernel 2.4(.34) based system as a DomU. The primary reason for this is that I want to run IPCop on such a kernel, but also that I consider kernel 2.4 based systems to be more suitable for some applications, especially for use as a firewall.I've seen some patches for 2.4 PV-on-HVM drivers support - and I *think* I've seen patches for 2.4 domU support floating around. However, you need more than this because you're looking at PCI passthrough. Doing PCI passthrough to a domU requires more than just Xen domU support in that kernel, since it also needs to talk to real hardware. I'm not aware of patches allowing thisunder Linux 2.4, although Linux 2.6 is well supported in this regard.PCI passthrough to an HVM domain wouldn't have this limitation but would, asyou observe, require VT-d support currently :-( If you could point me to the patches you mentioned, I would be grateful, since I myself couldn't turn up anything of the sort in the last few days. I am aware of the fact, that I would need patches that add most of the Xen support in kernel 2.6 to kernel 2.4, including the PCI frontend module. I will worry about that as soon as I have at least something to work with. I'm not worried about my NICs though, they should be well supported by kernel version 2.4.34 to 36 and those are the versions I am currently aiming for. P.S.: I know, this setup sounds kind of paranoid, isolating Dom0 that much and I might hit a wall somewhere because certain things are not possible yet (thats actually one of the points of this experiment, to see what Xen can do). I also realize it is pointless unless I use a system with IOMMU in a PCI passthrough setup (ultimately enabling PCI Passthrough to HVM), but for me it is more like a proof of concept, than a security concern for the machine in question and I prefer to run Linux on Xen paravirtualized anyway. If anyone has some thoughts on this, he or she would like to share, I am always thankful for advise or another point of view.Are you aware that there have been patches posted (and possibly merged now, I think, although not in a release) that support IOMMU protection for PCI passthrough to PV domUs? This would be useful for the kind of setup youpropose, should you wish to avoid the overheads of HVM. I was not aware of that, but what I meant is, if I had hardware IOMMU support, I would not have to worry about running kernel 2.4. The overhead of running the system in a HVM isn't all that important at the moment, considering Xen seems to have problems with AMD's Cool&Quiet on my system anyways (so I do have quiet a bit of CPU time to spare). Thanks, Paul. - -- Paul Schulze avlex@xxxxxxx Public Key: http://solaris-net.dyndns.org/keys/key_avlex.asc "Making mistakes is human, but to really fuck things up you need Computers" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (Darwin) iD8DBQFIXoN6YDWOGtiChoARAvCqAJ9v9GG5VITt8yKUJO7DFF4RB8WQlwCfR0sB /QKdG0UHT9UKuAxVXrAKZ5M= =JmAb -----END PGP SIGNATURE----- _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |