Re: [PATCH 14/16] SUPPORT.md: Add statement on PCI passthrough

From: Rich Persaud <persaur@gmail.com>
To: George Dunlap <george.dunlap@citrix.com>
Cc: "James McKenzie" <james.mckenzie@bromium.com>,
	"Stefano Stabellini" <sstabellini@kernel.org>,
	"Wei Liu" <wei.liu2@citrix.com>,
	"Konrad Wilk" <konrad.wilk@oracle.com>,
	"Andrew Cooper" <andrew.cooper3@citrix.com>,
	"Julien Grall" <julien.grall@linaro.org>,
	"Tim Deegan" <tim@xen.org>,
	"Christopher Clark" <christopher.w.clark@gmail.com>,
	"Marek Marczykowski-Górecki" <marmarek@invisiblethingslab.com>,
	"Jan Beulich" <jbeulich@suse.com>,
	"Ian Jackson" <ian.jackson@citrix.com>,
	xen-devel@lists.xenproject.org
Subject: Re: [PATCH 14/16] SUPPORT.md: Add statement on PCI passthrough
Date: Wed, 22 Nov 2017 14:05:42 -0500	[thread overview]
Message-ID: <C42CBDEF-A83F-46C0-B11C-4CBE8B1C6346@gmail.com> (raw)
In-Reply-To: <b5ca6321-281e-7724-7e00-a481fb6c4a41@citrix.com>

On Nov 22, 2017, at 13:58, George Dunlap <george.dunlap@citrix.com> wrote:
> 
>> On 11/16/2017 03:43 PM, Julien Grall wrote:
>> Hi George,
>> 
>>> On 13/11/17 15:41, George Dunlap wrote:
>>> Signed-off-by: George Dunlap <george.dunlap@citrix.com>
>>> ---
>>> CC: Ian Jackson <ian.jackson@citrix.com>
>>> CC: Wei Liu <wei.liu2@citrix.com>
>>> CC: Andrew Cooper <andrew.cooper3@citrix.com>
>>> CC: Jan Beulich <jbeulich@suse.com>
>>> CC: Stefano Stabellini <sstabellini@kernel.org>
>>> CC: Konrad Wilk <konrad.wilk@oracle.com>
>>> CC: Tim Deegan <tim@xen.org>
>>> CC: Rich Persaud <persaur@gmail.com>
>>> CC: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
>>> CC: Christopher Clark <christopher.w.clark@gmail.com>
>>> CC: James McKenzie <james.mckenzie@bromium.com>
>>> ---
>>>   SUPPORT.md | 33 ++++++++++++++++++++++++++++++++-
>>>   1 file changed, 32 insertions(+), 1 deletion(-)
>>> 
>>> diff --git a/SUPPORT.md b/SUPPORT.md
>>> index 3e352198ce..a8388f3dc5 100644
>>> --- a/SUPPORT.md
>>> +++ b/SUPPORT.md
>>> @@ -454,9 +454,23 @@ there is currently no xl support.
>>>     ## Security
>>>   +### Driver Domains
>>> +
>>> +    Status: Supported, with caveats
>>> +
>>> +"Driver domains" means allowing non-Domain 0 domains
>>> +with access to physical devices to act as back-ends.
>>> +
>>> +See the appropriate "Device Passthrough" section
>>> +for more information about security support.
>>> +
>>>   ### Device Model Stub Domains
>>>   -    Status: Supported
>>> +    Status: Supported, with caveats
>>> +
>>> +Vulnerabilities of a device model stub domain
>>> +to a hostile driver domain (either compromised or untrusted)
>>> +are excluded from security support.
>>>     ### KCONFIG Expert
>>>   @@ -522,6 +536,23 @@ Virtual Performance Management Unit for HVM guests
>>>   Disabled by default (enable with hypervisor command line option).
>>>   This feature is not security supported: see
>>> http://xenbits.xen.org/xsa/advisory-163.html
>>>   +### x86/PCI Device Passthrough
>>> +
>>> +    Status: Supported, with caveats
>>> +
>>> +Only systems using IOMMUs will be supported.
>>> +
>>> +Not compatible with migration, altp2m, introspection, memory sharing,
>>> or memory paging.
>>> +
>>> +Because of hardware limitations
>>> +(affecting any operating system or hypervisor),
>>> +it is generally not safe to use this feature
>>> +to expose a physical device to completely untrusted guests.
>>> +However, this feature can still confer significant security benefit
>>> +when used to remove drivers and backends from domain 0
>>> +(i.e., Driver Domains).
>>> +See docs/PCI-IOMMU-bugs.txt for more information.
>> 
>> Where can I find this file? Is it in staging?
> 
> No, I took this from a recommendation made to me, without checking.
> 
> Rich, are you going to send a patch adding this file, or did you mean to
> point to a different file?

Yes, I’ll send a patch to add this file.

Rich
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel