All of lore.kernel.org
 help / color / mirror / Atom feed
From: Alexander Graf <agraf@suse.de>
To: "Pasi Kärkkäinen" <pasik@iki.fi>
Cc: "Ryan C. Underwood" <nemesis@icequake.net>,
	Avi Kivity <avi@redhat.com>,
	"Michael S. Tsirkin" <mst@redhat.com>,
	kvm@vger.kernel.org
Subject: Re: PCI passthrough resource remapping
Date: Fri, 15 Jan 2010 14:15:34 +0100	[thread overview]
Message-ID: <F8ECB178-D0BA-4FA1-AFFA-806AC32BE55C@suse.de> (raw)
In-Reply-To: <20100115131122.GP17978@reaktio.net>


On 15.01.2010, at 14:11, Pasi Kärkkäinen wrote:

> On Thu, Jan 14, 2010 at 12:31:32PM -0600, Ryan C. Underwood wrote:
>> 
>> 
>> On Thu, Jan 14, 2010 at 05:54:51PM +0200, Avi Kivity wrote:
>>> On 01/14/2010 05:47 PM, Michael S. Tsirkin wrote:
>>>> 
>>>>> Michael, I think 'DisINTx-' means the device is not PCI 2.3 compliant?
>>>> No it doesn't, just that interrupt disable bit is not set.
>>> 
>>> Thanks.  Ryan, while kvm doesn't support assigning a device with
>>> shared interrupts now, in the future it will likely be possible to
>>> share it.  You'll still need an iommu.
>> 
>> No IOMMU on this machine and this is all integrated hardware.
>> 
>> This IOMMU requirement seems so strange.  I used to pass through PCI
>> devices ages ago when using the DOSEMU emulator.  It emulated PCI BIOS
>> functions and mapped the PCI config space and memory regions into the
>> emulator process.  The device interrupt was grabbed and handled in the
>> emulator's kernel support, waking up the emulator when an interrupt came
>> in.
>> 
>> I don't really know anything about kvm internals, but I'd like to
>> understand more about the particulars of the IOMMU requirement if you
>> don't mind.
>> 
> 
> Xen supports PCI passthrough to PV guests without IOMMU. This can create
> security problems, since the guests get DMA access to physical hardware,
> but that's usually OK in the situations where you want to use PCI
> passthrough on your desktop or on your development box.

That's why there way PV support for DMA in KVM too, but it turned out to be rather unmaintained and hard to detect if it actually works. Because if the guest then just didn't use the PV parts to remap its DMA regions, your PCI card ended up writing into random host memory regions. WIthout you knowing.

Xen doesn't have that problem as badly as we do, because it can guarantee that a PV guest is PV aware. On KVM PV is an optional add-in. All guests start off being fully virtualized.

So we voted for dropping PV DMA support in KVM and just went with the IOMMU only approach. In the long run that's a pretty straight-forward hardware requirement. And if you're using KVM you're used to hardware requirements already anyways ;-).

Alex

  reply	other threads:[~2010-01-15 13:15 UTC|newest]

Thread overview: 39+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2010-01-09  2:45 PCI passthrough resource remapping Ryan C. Underwood
2010-01-09  3:22 ` Alexander Graf
2010-01-10 21:53   ` Ryan C. Underwood
2010-01-10 22:15   ` Ryan C. Underwood
2010-01-14 13:59     ` Avi Kivity
2010-01-14 15:26       ` Ryan C. Underwood
2010-01-14 15:34         ` Avi Kivity
2010-01-14 15:47           ` Michael S. Tsirkin
2010-01-14 15:54             ` Avi Kivity
2010-01-14 18:31               ` Ryan C. Underwood
2010-01-14 19:09                 ` Avi Kivity
2010-01-14 19:34                   ` Ryan C. Underwood
2010-01-16  9:23                     ` Avi Kivity
2010-01-15 13:11                 ` Pasi Kärkkäinen
2010-01-15 13:15                   ` Alexander Graf [this message]
2010-03-26  2:37   ` Kenni Lund
2010-03-26  3:00     ` Brian Jackson
2010-03-29 17:23       ` Kenni Lund
2010-03-29 19:17         ` Alexander Graf
2010-03-29 23:00           ` Kenni Lund
2010-03-29 23:12             ` Alexander Graf
2010-03-29 23:47               ` Chris Wright
2010-03-30  0:21                 ` Kenni Lund
2010-03-30  2:08                   ` Chris Wright
2010-03-30 22:27                     ` Kenni Lund
2010-03-30 22:29                       ` Alexander Graf
2010-03-30 23:52                         ` Kenni Lund
2010-03-31  0:59                           ` Chris Wright
2010-03-30 23:58                       ` Chris Wright
2010-03-31  0:47                         ` Kenni Lund
2010-03-31  1:32                           ` Chris Wright
2010-03-31 10:07                             ` Kenni Lund
2010-03-31 15:15                               ` Chris Wright
2010-03-31 11:43                           ` Kenni Lund
2010-03-31 12:24                             ` Alexander Graf
2010-03-31 13:04                               ` Kenni Lund
2010-03-31 15:18                               ` Chris Wright
2010-03-31 15:23                                 ` Alexander Graf
2010-04-07  5:52                                 ` Avi Kivity

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=F8ECB178-D0BA-4FA1-AFFA-806AC32BE55C@suse.de \
    --to=agraf@suse.de \
    --cc=avi@redhat.com \
    --cc=kvm@vger.kernel.org \
    --cc=mst@redhat.com \
    --cc=nemesis@icequake.net \
    --cc=pasik@iki.fi \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.