xen-devel.lists.xenproject.org archive mirror
 help / color / mirror / Atom feed
From: Julien Grall <julien.grall@arm.com>
To: xen-devel <xen-devel@lists.xenproject.org>
Cc: "Artem Mygaiev" <Artem_Mygaiev@epam.com>,
	"Juergen Gross" <jgross@suse.com>,
	"lars.kurth@citrix.com" <lars.kurth@citrix.com>,
	"Stefano Stabellini" <sstabellini@kernel.org>,
	"Oleksandr Andrushchenko" <oleksandr_andrushchenko@epam.com>,
	"Paul Durrant" <paul.durrant@citrix.com>,
	"Roger Pau Monné" <roger.pau@citrix.com>
Subject: [Xen-devel] [xen-summit-2019] Virtio Design Session
Date: Thu, 25 Jul 2019 13:16:30 +0100	[thread overview]
Message-ID: <464e91ec-2b53-2338-43c7-a018087fc7f6@arm.com> (raw)
In-Reply-To: <8d0e9ac7-0b27-8690-a3a6-41900b4028a7@arm.com>

Hi,

Sorry I forgot the CC xen-devel.

On 25/07/2019 13:15, Julien Grall wrote:
> Hi all,
> 
> I don't have the e-mail address of all the attendees. Feel free to CC/forward to 
> anyone that should be involved.
> 
> First all thank you Artem for taking the notes. I tried to summarize them below. 
> Please let me know if I missed anything or wrongly summarized.
> 
> There was some interest to get virtio running on Xen. The scope was HVM/PVH/ARM 
> guests so existing transport (MMIO/PCI) can be re-used.
> 
> The topics discussed were:
> 
>     * Restricting virtio backend for guest memory access
> 
> At the moment, virtio backend has full access to the guest memory. Some 
> stakeholders using Xen (or other hypervisors) are concern about the security 
> impact. Two solutions have been suggested here:
>        - Implement using grant-table (Suggested by Juergen Gross)
>        - Use Virtio-IOMMU or a Xen PV IOMMU
> Dave Woodhouse, would be interested to see a diagram for PV IOMMU to do 
> translation. The backend for PV IOMMU would have to reside in Xen.
> 
> A cross-hypervisor solution would be ideal. We need to involve people outside of 
> Xen (Genevi? Matti? Gunnar?) and virtio specialists from Linux kernel (Paolo 
> Bonzini? Michael Tsirkin?)
> 
>    * Virtio frontend in Linux by-passing the DMA API
> 
> In order to implement a virtual IOMMU, virtio would have to use DMA API. David 
> Woodhouse suggested this was fix in recent kernel. We need to check if this the 
> case or fix it.
> 
>    * Backend memory exhaustion (XSA-300)
> 
> While this is not virtio specific, this is a blocker for general usuability on 
> Arm and x86 PVH dom0.
> 
>    * State of Art
> 
> Xen x86 contains most of the pieces to be able to use basic virtio MMIO/PCI. The 
> remaining bits are tools support for the configuration
> 
> Xen Arm requires implementation to forward guest MMIO access to a device model 
> (aka IOREQ). Most of the code could be re-used from x86. I have a PoC for this 
> which has been shared privately with EPAM so far.
> 
> 
>    * Next Steps/Actions
> 
>       - Send out Arm IOREQ support
>      - Partial PCI emulator for Arm
>      - Xen tools support for configuration
>      - Start discussion on security side involving people outside Xen.
> 
> Cheers,
> 

-- 
Julien Grall

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

           reply	other threads:[~2019-07-25 12:16 UTC|newest]

Thread overview: expand[flat|nested]  mbox.gz  Atom feed
 [parent not found: <8d0e9ac7-0b27-8690-a3a6-41900b4028a7@arm.com>]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=464e91ec-2b53-2338-43c7-a018087fc7f6@arm.com \
    --to=julien.grall@arm.com \
    --cc=Artem_Mygaiev@epam.com \
    --cc=jgross@suse.com \
    --cc=lars.kurth@citrix.com \
    --cc=oleksandr_andrushchenko@epam.com \
    --cc=paul.durrant@citrix.com \
    --cc=roger.pau@citrix.com \
    --cc=sstabellini@kernel.org \
    --cc=xen-devel@lists.xenproject.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).