From mboxrd@z Thu Jan  1 00:00:00 1970
From: Paolo Bonzini <pbonzini@redhat.com>
Subject: Re: Using virtio for inter-VM communication
Date: Fri, 13 Jun 2014 10:45:53 +0200
Message-ID: <539ABA41.3070701@redhat.com>
References: <20140610184818.2e490419@nbschild1>	<87r42uq2v8.fsf@rustcorp.com.au>
	<53993B7B.7010404@siemens.com>	<87fvj9prdi.fsf@rustcorp.com.au>
	<539A98D3.3070601@siemens.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Content-Transfer-Encoding: 7bit
Return-path: <virtualization-bounces@lists.linux-foundation.org>
In-Reply-To: <539A98D3.3070601@siemens.com>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/virtualization>,
	<mailto:virtualization-request@lists.linux-foundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/virtualization/>
List-Post: <mailto:virtualization@lists.linux-foundation.org>
List-Help: <mailto:virtualization-request@lists.linux-foundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/virtualization>,
	<mailto:virtualization-request@lists.linux-foundation.org?subject=subscribe>
Sender: virtualization-bounces@lists.linux-foundation.org
Errors-To: virtualization-bounces@lists.linux-foundation.org
To: Jan Kiszka <jan.kiszka@siemens.com>, Rusty Russell <rusty@rustcorp.com.au>, Henning Schild <henning.schild@siemens.com>, qemu-devel@nongnu.org, virtualization@lists.linux-foundation.org, kvm@vger.kernel.org
List-Id: virtualization@lists.linuxfoundation.org

Il 13/06/2014 08:23, Jan Kiszka ha scritto:
>>> That would preserve zero-copy capabilities (as long as you can work
>>> against the shared mem directly, e.g. doing DMA from a physical NIC or
>>> storage device into it) and keep the hypervisor out of the loop.
> >
> > This seems ill thought out.  How will you program a NIC via the virtio
> > protocol without a hypervisor?  And how will you make it safe?  You'll
> > need an IOMMU.  But if you have an IOMMU you don't need shared memory.
>
> Scenarios behind this are things like driver VMs: You pass through the
> physical hardware to a driver guest that talks to the hardware and
> relays data via one or more virtual channels to other VMs. This confines
> a certain set of security and stability risks to the driver VM.

I think implementing Xen hypercalls in jailhouse for grant table and 
event channels would actually make a lot of sense.  The Xen 
implementation is 2.5kLOC and I think it should be possible to compact 
it noticeably, especially if you limit yourself to 64-bit guests.

It should also be almost enough to run Xen PVH guests as jailhouse 
partitions.

If later Xen starts to support virtio, you will get that for free.

Paolo

From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:34812)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <paolo.bonzini@gmail.com>) id 1WvN7f-0002fk-2J
	for qemu-devel@nongnu.org; Fri, 13 Jun 2014 04:46:16 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <paolo.bonzini@gmail.com>) id 1WvN7W-00012U-0X
	for qemu-devel@nongnu.org; Fri, 13 Jun 2014 04:46:06 -0400
Received: from mail-qa0-x234.google.com ([2607:f8b0:400d:c00::234]:57112)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <paolo.bonzini@gmail.com>) id 1WvN7V-00012H-Sk
	for qemu-devel@nongnu.org; Fri, 13 Jun 2014 04:45:57 -0400
Received: by mail-qa0-f52.google.com with SMTP id w8so3020930qac.25
	for <qemu-devel@nongnu.org>; Fri, 13 Jun 2014 01:45:57 -0700 (PDT)
Sender: Paolo Bonzini <paolo.bonzini@gmail.com>
Message-ID: <539ABA41.3070701@redhat.com>
Date: Fri, 13 Jun 2014 10:45:53 +0200
From: Paolo Bonzini <pbonzini@redhat.com>
MIME-Version: 1.0
References: <20140610184818.2e490419@nbschild1>	<87r42uq2v8.fsf@rustcorp.com.au>
	<53993B7B.7010404@siemens.com>	<87fvj9prdi.fsf@rustcorp.com.au>
	<539A98D3.3070601@siemens.com>
In-Reply-To: <539A98D3.3070601@siemens.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [Qemu-devel] Using virtio for inter-VM communication
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Jan Kiszka <jan.kiszka@siemens.com>, Rusty Russell <rusty@rustcorp.com.au>, Henning Schild <henning.schild@siemens.com>, qemu-devel@nongnu.org, virtualization@lists.linux-foundation.org, kvm@vger.kernel.org

Il 13/06/2014 08:23, Jan Kiszka ha scritto:
>>> That would preserve zero-copy capabilities (as long as you can work
>>> against the shared mem directly, e.g. doing DMA from a physical NIC or
>>> storage device into it) and keep the hypervisor out of the loop.
> >
> > This seems ill thought out.  How will you program a NIC via the virtio
> > protocol without a hypervisor?  And how will you make it safe?  You'll
> > need an IOMMU.  But if you have an IOMMU you don't need shared memory.
>
> Scenarios behind this are things like driver VMs: You pass through the
> physical hardware to a driver guest that talks to the hardware and
> relays data via one or more virtual channels to other VMs. This confines
> a certain set of security and stability risks to the driver VM.

I think implementing Xen hypercalls in jailhouse for grant table and 
event channels would actually make a lot of sense.  The Xen 
implementation is 2.5kLOC and I think it should be possible to compact 
it noticeably, especially if you limit yourself to 64-bit guests.

It should also be almost enough to run Xen PVH guests as jailhouse 
partitions.

If later Xen starts to support virtio, you will get that for free.

Paolo