From: Malcolm Crossley <malcolm.crossley@citrix.com>
To: Jan Beulich <JBeulich@suse.com>
Cc: xen-devel <xen-devel@lists.xenproject.org>
Subject: Re: [RFC] Dom0 PV IOMMU control design (draft A)
Date: Mon, 14 Apr 2014 17:38:57 +0100 [thread overview]
Message-ID: <534C0F21.4090800@citrix.com> (raw)
In-Reply-To: <534C1F84020000780000896C@nat28.tlf.novell.com>
On 14/04/14 16:48, Jan Beulich wrote:
>>>> On 14.04.14 at 17:03, <malcolm.crossley@citrix.com> wrote:
>> On 14/04/14 13:51, Konrad Rzeszutek Wilk wrote:
>>> On Mon, Apr 14, 2014 at 01:12:07PM +0100, Malcolm Crossley wrote:
>>>> On 11/04/14 18:50, Konrad Rzeszutek Wilk wrote:
>>>>> On Fri, Apr 11, 2014 at 06:28:43PM +0100, Malcolm Crossley wrote:
>>>>>> Hi,
>>>>>>
>>>>>> Here is a design for allowing Dom0 PV guests to control the IOMMU.
>>> With the device driver domains I think you should also rename the
>>> 'dom0' to device driver or 'hardware domain' - as this functionality
>>> should be possible within an PV guest with PCI passthrough for example.
>> Currently Xen only allows Dom0 IOMMU access to all (expect Xen) MFN's.
>
> Except in dom0-strict mode, which your proposal doesn't even
> support. Yet mid/long term that mode should imo be what Dom0
> should be run in by default.
>
dom0-strict mode could be supported by validating the mfn's passed in
via the map operation to belong to the DomU making the hypercall.
Also, if we modify the grant map hypercalls to allow dev_bus_addr of
struct gnttab_map_grant_ref to be used as an input and output parameter
then we can specify the required BFN mapping for grant map pages. If we
also delay IOTLB flushes as part of batched grant map operations then
performance should also be OK.
I believe the two changes above would should be enough to support
'driver domains'. Would you agree?
>> To not change the current security implications of the feature I would
>> prefer that 'hardware domain' support was added as a separate design.
>
> I think you mean "driver domain" here; "hardware domain" is the
> generalized term for Dom0 (and with most of the respective changes
> for the latter already in the staging tree I think you ought to no
> longer use the term "Dom0" here).
You are right, I did mean 'driver domain' for the security implications.
I will replace references to domain 0 with hardware domain in the next
draft.
>
> Jan
>
next prev parent reply other threads:[~2014-04-14 16:39 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-04-11 17:28 [RFC] Dom0 PV IOMMU control design (draft A) Malcolm Crossley
2014-04-11 17:50 ` Konrad Rzeszutek Wilk
2014-04-14 12:12 ` Malcolm Crossley
2014-04-14 12:51 ` Konrad Rzeszutek Wilk
2014-04-14 15:03 ` Malcolm Crossley
2014-04-14 15:09 ` Konrad Rzeszutek Wilk
2014-04-14 15:48 ` Jan Beulich
2014-04-14 16:38 ` Malcolm Crossley [this message]
2014-04-15 6:50 ` Jan Beulich
2014-04-14 11:52 ` David Vrabel
2014-04-14 13:47 ` Jan Beulich
2014-04-14 15:48 ` Malcolm Crossley
2014-04-14 16:00 ` Jan Beulich
2014-04-14 16:55 ` Malcolm Crossley
2014-04-15 6:56 ` Jan Beulich
2014-05-01 11:56 ` Tim Deegan
2014-04-16 14:13 ` Zhang, Xiantao
2014-04-16 15:35 ` Malcolm Crossley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=534C0F21.4090800@citrix.com \
--to=malcolm.crossley@citrix.com \
--cc=JBeulich@suse.com \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).