Re: Xen Rust VirtIO demos work breakdown for Project Stratos

All of lore.kernel.org
 help / color / mirror / Atom feed

From: "Marek Marczykowski-Górecki" <marmarek@invisiblethingslab.com>
To: "Alex Bennée" <alex.bennee@linaro.org>
Cc: Stratos Mailing List <stratos-dev@op-lists.linaro.org>,
	Mike Holmes <mike.holmes@linaro.org>,
	Mathieu Poirier <mathieu.poirier@linaro.org>,
	Viresh Kumar <viresh.kumar@linaro.org>,
	Peter Griffin <peter.griffin@linaro.org>,
	xen-devel@lists.xenproject.org, wl@xen.org,
	Artem Mygaiev <Artem_Mygaiev@epam.com>,
	Andrew Cooper <andrew.cooper3@citrix.com>,
	Stefano Stabellini <sstabellini@kernel.org>,
	Doug Goldstein <cardoe@cardoe.com>,
	Oleksandr Tyshchenko <olekstysh@gmail.com>,
	Rust-VMM Mailing List <rust-vmm@lists.opendev.org>,
	Sergio Lopez <slp@redhat.com>,
	Stefan Hajnoczi <stefanha@gmail.com>,
	David Woodhouse <dwmw2@infradead.org>
Subject: Re: Xen Rust VirtIO demos work breakdown for Project Stratos
Date: Sat, 25 Sep 2021 01:59:23 +0200	[thread overview]
Message-ID: <YU5mW396S04IsCBr@mail-itl> (raw)
In-Reply-To: <87pmsylywy.fsf@linaro.org>

[-- Attachment #1: Type: text/plain, Size: 1955 bytes --]

On Fri, Sep 24, 2021 at 05:02:46PM +0100, Alex Bennée wrote:
> Hi,

Hi,

> 2.1 Stable ABI for foreignmemory mapping to non-dom0 ([STR-57])
> ───────────────────────────────────────────────────────────────
> 
>   Currently the foreign memory mapping support only works for dom0 due
>   to reference counting issues. If we are to support backends running in
>   their own domains this will need to get fixed.
> 
>   Estimate: 8w
> 
> 
> [STR-57] <https://linaro.atlassian.net/browse/STR-57>

I'm pretty sure it was discussed before, but I can't find relevant
(part of) thread right now: does your model assumes the backend (running
outside of dom0) will gain ability to map (or access in other way)
_arbitrary_ memory page of a frontend domain? Or worse: any domain?
That is a significant regression in terms of security model Xen
provides. It would give the backend domain _a lot more_ control over the
system that it normally has with Xen PV drivers - negating significant
part of security benefits of using driver domains.

So, does the above require frontend agreeing (explicitly or implicitly)
for accessing specific pages by the backend? There were several
approaches to that discussed, including using grant tables (as PV
drivers do), vIOMMU(?), or even drastically different model with no
shared memory at all (Argo). Can you clarify which (if any) approach
your attempt of VirtIO on Xen will use?

A more general idea: can we collect info on various VirtIO on Xen
approaches (since there is more than one) in a single place, including:
 - key characteristics, differences
 - who is involved
 - status
 - links to relevant threads, maybe

I'd propose to revive https://wiki.xenproject.org/wiki/Virtio_On_Xen

-- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 488 bytes --]

next prev parent reply	other threads:[~2021-09-24 23:59 UTC|newest]

Thread overview: 16+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-09-24 16:02 Xen Rust VirtIO demos work breakdown for Project Stratos Alex Bennée
2021-09-24 23:59 ` Marek Marczykowski-Górecki [this message]
2021-09-27  9:50   ` Alex Bennée
2021-09-28  5:55     ` [Stratos-dev] " Christopher Clark
2021-09-28  6:26       ` Stefano Stabellini
2021-09-28 20:18         ` Oleksandr Tyshchenko
2021-10-01 23:58           ` Stefano Stabellini
2021-10-02 17:55             ` Oleksandr Tyshchenko
2021-10-04 21:53               ` Stefano Stabellini
2021-10-06 16:43                 ` Oleksandr
2022-04-14 20:03                   ` Oleksandr Tyshchenko
2022-04-15  9:07                     ` Alex Bennée
2022-04-15 11:06                       ` Oleksandr
2021-09-28  6:30       ` Stefan Hajnoczi
2021-09-27 17:25 ` Oleksandr
2021-09-28 11:37 ` Andrew Cooper

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=YU5mW396S04IsCBr@mail-itl \
    --to=marmarek@invisiblethingslab.com \
    --cc=Artem_Mygaiev@epam.com \
    --cc=alex.bennee@linaro.org \
    --cc=andrew.cooper3@citrix.com \
    --cc=cardoe@cardoe.com \
    --cc=dwmw2@infradead.org \
    --cc=mathieu.poirier@linaro.org \
    --cc=mike.holmes@linaro.org \
    --cc=olekstysh@gmail.com \
    --cc=peter.griffin@linaro.org \
    --cc=rust-vmm@lists.opendev.org \
    --cc=slp@redhat.com \
    --cc=sstabellini@kernel.org \
    --cc=stefanha@gmail.com \
    --cc=stratos-dev@op-lists.linaro.org \
    --cc=viresh.kumar@linaro.org \
    --cc=wl@xen.org \
    --cc=xen-devel@lists.xenproject.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.