|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-users] PCI Passthrough without VT-d
On Fri, Feb 26, 2010 at 11:29:22PM +0100, Jan ?eÅ?ut wrote: > As I read XEN supports assigning a pci device to an unprivileged domain > without hardware supporting it. Has anyone already tried it? Are there any > security risks? If I understand correctly how PCI passthrough works the > performance should be the same as using the pci device in native mode. Is > it so? I have a PCI video card which would like to use inside a VM running > Windows XP. > Xen supports PCI passthrough to _PV_ (paravirtual) guests without VT-d, and has actually supported that for years. There are some potential security risks in this, since the PV guest gets full DMA control of the PCI device and could use it for malicious purposes. Xen PCI passthrough to HVM guests (=Windows) requires VT-d hardware support. Also, PCI passthrough of a VGA/video card is not as simple as PCI passthrough of other cards (nic, disk controller, usb controller). VGA has lots of legacy stuff related to it, some memory ranges, IO ports, VGA BIOS, etc that have to be 'passed through' aswell, and emulated. Xen 4.0.0 will have PCI passthrough support of primary VGA adapters, but it requires VT-d support as stated already earlier. -- Pasi ps. There is actually a hack/patch available that allows PCI passthrough to HVM guest without VT-d, but that only works for the _first_ started HVM guest, and it's experimental and not supported in any way. iirc the patch is available in xen-devel archives. _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |