From: Jan Kiszka <jan.kiszka@web.de>
To: Paolo Bonzini <pbonzini@redhat.com>,
Rusty Russell <rusty@rustcorp.com.au>,
Henning Schild <henning.schild@siemens.com>,
qemu-devel@nongnu.org, virtualization@lists.linux-foundation.org,
kvm@vger.kernel.org
Cc: Jailhouse <jailhouse-dev@googlegroups.com>
Subject: Re: Using virtio for inter-VM communication
Date: Sun, 15 Jun 2014 08:20:37 +0200 [thread overview]
Message-ID: <539D3B35.2010706@web.de> (raw)
In-Reply-To: <539ABA41.3070701@redhat.com>
[-- Attachment #1: Type: text/plain, Size: 1677 bytes --]
On 2014-06-13 10:45, Paolo Bonzini wrote:
> Il 13/06/2014 08:23, Jan Kiszka ha scritto:
>>>> That would preserve zero-copy capabilities (as long as you can work
>>>> against the shared mem directly, e.g. doing DMA from a physical NIC or
>>>> storage device into it) and keep the hypervisor out of the loop.
>> >
>> > This seems ill thought out. How will you program a NIC via the virtio
>> > protocol without a hypervisor? And how will you make it safe? You'll
>> > need an IOMMU. But if you have an IOMMU you don't need shared memory.
>>
>> Scenarios behind this are things like driver VMs: You pass through the
>> physical hardware to a driver guest that talks to the hardware and
>> relays data via one or more virtual channels to other VMs. This confines
>> a certain set of security and stability risks to the driver VM.
>
> I think implementing Xen hypercalls in jailhouse for grant table and
> event channels would actually make a lot of sense. The Xen
> implementation is 2.5kLOC and I think it should be possible to compact
> it noticeably, especially if you limit yourself to 64-bit guests.
At least the grant table model seems unsuited for Jailhouse. It allows a
guest to influence the mapping of another guest during runtime. This we
want (or even have) to avoid in Jailhouse.
I'm therefore more in favor of a model where the shared memory region is
defined on cell (guest) creation by adding a virtual device that comes
with such a region.
Jan
>
> It should also be almost enough to run Xen PVH guests as jailhouse
> partitions.
>
> If later Xen starts to support virtio, you will get that for free.
>
> Paolo
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 263 bytes --]
WARNING: multiple messages have this Message-ID (diff)
From: Jan Kiszka <jan.kiszka@web.de>
To: Paolo Bonzini <pbonzini@redhat.com>,
Rusty Russell <rusty@rustcorp.com.au>,
Henning Schild <henning.schild@siemens.com>,
qemu-devel@nongnu.org, virtualization@lists.linux-foundation.org,
kvm@vger.kernel.org
Cc: Jailhouse <jailhouse-dev@googlegroups.com>
Subject: Re: [Qemu-devel] Using virtio for inter-VM communication
Date: Sun, 15 Jun 2014 08:20:37 +0200 [thread overview]
Message-ID: <539D3B35.2010706@web.de> (raw)
In-Reply-To: <539ABA41.3070701@redhat.com>
[-- Attachment #1: Type: text/plain, Size: 1677 bytes --]
On 2014-06-13 10:45, Paolo Bonzini wrote:
> Il 13/06/2014 08:23, Jan Kiszka ha scritto:
>>>> That would preserve zero-copy capabilities (as long as you can work
>>>> against the shared mem directly, e.g. doing DMA from a physical NIC or
>>>> storage device into it) and keep the hypervisor out of the loop.
>> >
>> > This seems ill thought out. How will you program a NIC via the virtio
>> > protocol without a hypervisor? And how will you make it safe? You'll
>> > need an IOMMU. But if you have an IOMMU you don't need shared memory.
>>
>> Scenarios behind this are things like driver VMs: You pass through the
>> physical hardware to a driver guest that talks to the hardware and
>> relays data via one or more virtual channels to other VMs. This confines
>> a certain set of security and stability risks to the driver VM.
>
> I think implementing Xen hypercalls in jailhouse for grant table and
> event channels would actually make a lot of sense. The Xen
> implementation is 2.5kLOC and I think it should be possible to compact
> it noticeably, especially if you limit yourself to 64-bit guests.
At least the grant table model seems unsuited for Jailhouse. It allows a
guest to influence the mapping of another guest during runtime. This we
want (or even have) to avoid in Jailhouse.
I'm therefore more in favor of a model where the shared memory region is
defined on cell (guest) creation by adding a virtual device that comes
with such a region.
Jan
>
> It should also be almost enough to run Xen PVH guests as jailhouse
> partitions.
>
> If later Xen starts to support virtio, you will get that for free.
>
> Paolo
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 263 bytes --]
next prev parent reply other threads:[~2014-06-15 6:21 UTC|newest]
Thread overview: 92+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-06-10 16:48 Using virtio for inter-VM communication Henning Schild
2014-06-10 16:48 ` [Qemu-devel] " Henning Schild
2014-06-10 22:15 ` Vincent JARDIN
2014-06-10 22:15 ` Vincent JARDIN
2014-06-10 22:15 ` [Qemu-devel] " Vincent JARDIN
2014-06-12 6:48 ` Markus Armbruster
2014-06-12 6:48 ` Markus Armbruster
2014-06-12 6:48 ` [Qemu-devel] " Markus Armbruster
2014-06-12 7:44 ` Henning Schild
2014-06-12 7:44 ` [Qemu-devel] " Henning Schild
2014-06-12 9:31 ` Vincent JARDIN
2014-06-12 9:31 ` Vincent JARDIN
2014-06-12 9:31 ` [Qemu-devel] " Vincent JARDIN
2014-06-12 12:55 ` Markus Armbruster
2014-06-12 14:40 ` Why I advise against using ivshmem (was: [Qemu-devel] Using virtio for inter-VM communication) Markus Armbruster
2014-06-12 14:40 ` Markus Armbruster
2014-06-12 14:40 ` [Qemu-devel] Why I advise against using ivshmem (was: " Markus Armbruster
2014-06-12 16:02 ` Why I advise against using ivshmem Vincent JARDIN
2014-06-12 16:02 ` [Qemu-devel] " Vincent JARDIN
2014-06-12 16:54 ` Paolo Bonzini
2014-06-12 16:54 ` [Qemu-devel] " Paolo Bonzini
2014-06-13 8:46 ` Markus Armbruster
2014-06-13 9:26 ` Vincent JARDIN
2014-06-13 9:31 ` Jobin Raju George
2014-06-13 9:31 ` Jobin Raju George
2014-06-13 9:31 ` Jobin Raju George
2014-06-13 9:48 ` Olivier MATZ
2014-06-13 9:48 ` Olivier MATZ
2014-06-13 9:48 ` Olivier MATZ
2014-06-13 10:09 ` Paolo Bonzini
2014-06-13 13:41 ` Vincent JARDIN
2014-06-13 13:41 ` Vincent JARDIN
2014-06-13 13:41 ` Vincent JARDIN
2014-06-13 14:10 ` Paolo Bonzini
2014-06-13 14:10 ` Paolo Bonzini
2014-06-14 18:01 ` Vincent JARDIN
2014-06-14 18:01 ` Vincent JARDIN
2014-06-17 2:54 ` Stefan Hajnoczi
2014-06-17 9:03 ` David Marchand
2014-06-17 9:03 ` David Marchand
2014-06-17 9:44 ` Paolo Bonzini
2014-06-18 10:48 ` Stefan Hajnoczi
2014-06-18 10:48 ` Stefan Hajnoczi
2014-06-18 14:57 ` David Marchand
2014-06-18 14:57 ` David Marchand
2014-06-18 14:57 ` David Marchand
2014-06-18 15:10 ` Paolo Bonzini
2014-06-21 9:34 ` Stefan Hajnoczi
2014-06-26 20:02 ` Cam Macdonell
2014-06-26 20:02 ` Cam Macdonell
2014-06-18 15:01 ` Andreas Färber
2014-06-18 15:01 ` Andreas Färber
2014-06-19 8:25 ` David Marchand
2014-06-19 8:25 ` David Marchand
2014-06-19 8:25 ` David Marchand
2014-06-18 15:01 ` Andreas Färber
2014-06-30 11:10 ` Markus Armbruster
2014-06-30 11:10 ` Markus Armbruster
2014-06-30 11:10 ` Markus Armbruster
2014-06-18 10:51 ` Stefan Hajnoczi
2014-06-18 10:51 ` Stefan Hajnoczi
2014-06-18 14:58 ` David Marchand
2014-06-18 14:58 ` David Marchand
2014-06-18 14:58 ` David Marchand
2014-06-18 14:22 ` Claudio Fontana
2014-06-17 9:03 ` David Marchand
2014-06-13 9:29 ` Jobin Raju George
2014-06-13 9:29 ` [Qemu-devel] " Jobin Raju George
2014-06-13 9:29 ` Jobin Raju George
2014-06-12 16:02 ` Vincent JARDIN
2014-06-12 2:27 ` Using virtio for inter-VM communication Rusty Russell
2014-06-12 2:27 ` Rusty Russell
2014-06-12 2:27 ` [Qemu-devel] " Rusty Russell
2014-06-12 5:32 ` Jan Kiszka
2014-06-12 5:32 ` [Qemu-devel] " Jan Kiszka
2014-06-13 0:47 ` Rusty Russell
2014-06-13 0:47 ` [Qemu-devel] " Rusty Russell
2014-06-13 6:23 ` Jan Kiszka
2014-06-13 6:23 ` [Qemu-devel] " Jan Kiszka
2014-06-13 8:45 ` Paolo Bonzini
2014-06-13 8:45 ` [Qemu-devel] " Paolo Bonzini
2014-06-15 6:20 ` Jan Kiszka
2014-06-15 6:20 ` Jan Kiszka [this message]
2014-06-15 6:20 ` [Qemu-devel] " Jan Kiszka
2014-06-17 5:24 ` Paolo Bonzini
2014-06-17 5:24 ` [Qemu-devel] " Paolo Bonzini
2014-06-17 5:57 ` Jan Kiszka
2014-06-17 5:57 ` Jan Kiszka
2014-06-17 5:57 ` [Qemu-devel] " Jan Kiszka
2014-06-17 5:24 ` Paolo Bonzini
2014-06-12 5:32 ` Jan Kiszka
2014-06-10 16:48 Henning Schild
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=539D3B35.2010706@web.de \
--to=jan.kiszka@web.de \
--cc=henning.schild@siemens.com \
--cc=jailhouse-dev@googlegroups.com \
--cc=kvm@vger.kernel.org \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=rusty@rustcorp.com.au \
--cc=virtualization@lists.linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.