From: Julien Grall <julien.grall@arm.com>
To: xen-devel <xen-devel@lists.xenproject.org>
Cc: "Artem Mygaiev" <Artem_Mygaiev@epam.com>,
"Juergen Gross" <jgross@suse.com>,
"lars.kurth@citrix.com" <lars.kurth@citrix.com>,
"Stefano Stabellini" <sstabellini@kernel.org>,
"Oleksandr Andrushchenko" <oleksandr_andrushchenko@epam.com>,
"Paul Durrant" <paul.durrant@citrix.com>,
"Roger Pau Monné" <roger.pau@citrix.com>
Subject: [Xen-devel] [xen-summit-2019] Virtio Design Session
Date: Thu, 25 Jul 2019 13:16:30 +0100 [thread overview]
Message-ID: <464e91ec-2b53-2338-43c7-a018087fc7f6@arm.com> (raw)
In-Reply-To: <8d0e9ac7-0b27-8690-a3a6-41900b4028a7@arm.com>
Hi,
Sorry I forgot the CC xen-devel.
On 25/07/2019 13:15, Julien Grall wrote:
> Hi all,
>
> I don't have the e-mail address of all the attendees. Feel free to CC/forward to
> anyone that should be involved.
>
> First all thank you Artem for taking the notes. I tried to summarize them below.
> Please let me know if I missed anything or wrongly summarized.
>
> There was some interest to get virtio running on Xen. The scope was HVM/PVH/ARM
> guests so existing transport (MMIO/PCI) can be re-used.
>
> The topics discussed were:
>
> * Restricting virtio backend for guest memory access
>
> At the moment, virtio backend has full access to the guest memory. Some
> stakeholders using Xen (or other hypervisors) are concern about the security
> impact. Two solutions have been suggested here:
> - Implement using grant-table (Suggested by Juergen Gross)
> - Use Virtio-IOMMU or a Xen PV IOMMU
> Dave Woodhouse, would be interested to see a diagram for PV IOMMU to do
> translation. The backend for PV IOMMU would have to reside in Xen.
>
> A cross-hypervisor solution would be ideal. We need to involve people outside of
> Xen (Genevi? Matti? Gunnar?) and virtio specialists from Linux kernel (Paolo
> Bonzini? Michael Tsirkin?)
>
> * Virtio frontend in Linux by-passing the DMA API
>
> In order to implement a virtual IOMMU, virtio would have to use DMA API. David
> Woodhouse suggested this was fix in recent kernel. We need to check if this the
> case or fix it.
>
> * Backend memory exhaustion (XSA-300)
>
> While this is not virtio specific, this is a blocker for general usuability on
> Arm and x86 PVH dom0.
>
> * State of Art
>
> Xen x86 contains most of the pieces to be able to use basic virtio MMIO/PCI. The
> remaining bits are tools support for the configuration
>
> Xen Arm requires implementation to forward guest MMIO access to a device model
> (aka IOREQ). Most of the code could be re-used from x86. I have a PoC for this
> which has been shared privately with EPAM so far.
>
>
> * Next Steps/Actions
>
> - Send out Arm IOREQ support
> - Partial PCI emulator for Arm
> - Xen tools support for configuration
> - Start discussion on security side involving people outside Xen.
>
> Cheers,
>
--
Julien Grall
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
parent reply other threads:[~2019-07-25 12:16 UTC|newest]
Thread overview: expand[flat|nested] mbox.gz Atom feed
[parent not found: <8d0e9ac7-0b27-8690-a3a6-41900b4028a7@arm.com>]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=464e91ec-2b53-2338-43c7-a018087fc7f6@arm.com \
--to=julien.grall@arm.com \
--cc=Artem_Mygaiev@epam.com \
--cc=jgross@suse.com \
--cc=lars.kurth@citrix.com \
--cc=oleksandr_andrushchenko@epam.com \
--cc=paul.durrant@citrix.com \
--cc=roger.pau@citrix.com \
--cc=sstabellini@kernel.org \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).