* [Xen-devel] [xen-summit-2019] Virtio Design Session
[not found] <8d0e9ac7-0b27-8690-a3a6-41900b4028a7@arm.com>
@ 2019-07-25 12:16 ` Julien Grall
0 siblings, 0 replies; only message in thread
From: Julien Grall @ 2019-07-25 12:16 UTC (permalink / raw)
To: xen-devel
Cc: Artem Mygaiev, Juergen Gross, lars.kurth, Stefano Stabellini,
Oleksandr Andrushchenko, Paul Durrant, Roger Pau Monné
Hi,
Sorry I forgot the CC xen-devel.
On 25/07/2019 13:15, Julien Grall wrote:
> Hi all,
>
> I don't have the e-mail address of all the attendees. Feel free to CC/forward to
> anyone that should be involved.
>
> First all thank you Artem for taking the notes. I tried to summarize them below.
> Please let me know if I missed anything or wrongly summarized.
>
> There was some interest to get virtio running on Xen. The scope was HVM/PVH/ARM
> guests so existing transport (MMIO/PCI) can be re-used.
>
> The topics discussed were:
>
> * Restricting virtio backend for guest memory access
>
> At the moment, virtio backend has full access to the guest memory. Some
> stakeholders using Xen (or other hypervisors) are concern about the security
> impact. Two solutions have been suggested here:
> - Implement using grant-table (Suggested by Juergen Gross)
> - Use Virtio-IOMMU or a Xen PV IOMMU
> Dave Woodhouse, would be interested to see a diagram for PV IOMMU to do
> translation. The backend for PV IOMMU would have to reside in Xen.
>
> A cross-hypervisor solution would be ideal. We need to involve people outside of
> Xen (Genevi? Matti? Gunnar?) and virtio specialists from Linux kernel (Paolo
> Bonzini? Michael Tsirkin?)
>
> * Virtio frontend in Linux by-passing the DMA API
>
> In order to implement a virtual IOMMU, virtio would have to use DMA API. David
> Woodhouse suggested this was fix in recent kernel. We need to check if this the
> case or fix it.
>
> * Backend memory exhaustion (XSA-300)
>
> While this is not virtio specific, this is a blocker for general usuability on
> Arm and x86 PVH dom0.
>
> * State of Art
>
> Xen x86 contains most of the pieces to be able to use basic virtio MMIO/PCI. The
> remaining bits are tools support for the configuration
>
> Xen Arm requires implementation to forward guest MMIO access to a device model
> (aka IOREQ). Most of the code could be re-used from x86. I have a PoC for this
> which has been shared privately with EPAM so far.
>
>
> * Next Steps/Actions
>
> - Send out Arm IOREQ support
> - Partial PCI emulator for Arm
> - Xen tools support for configuration
> - Start discussion on security side involving people outside Xen.
>
> Cheers,
>
--
Julien Grall
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
^ permalink raw reply [flat|nested] only message in thread