This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


Re: [Xen-devel] Can I expose a pci device to HVM domU?

To: xen-devel@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Xen-devel] Can I expose a pci device to HVM domU?
From: Mark Williamson <mark.williamson@xxxxxxxxxxxx>
Date: Thu, 21 Feb 2008 02:03:02 +0000
Cc: Caitlin Bestler <Caitlin.Bestler@xxxxxxxxxxxx>
Delivery-date: Wed, 20 Feb 2008 18:03:37 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <78C9135A3D2ECE4B8162EBDCE82CAD77030E2B83@nekter>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <6bc632150802191238v19371a70ha60ee5950c027c06@xxxxxxxxxxxxxx> <78C9135A3D2ECE4B8162EBDCE82CAD77030E2B83@nekter>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: KMail/1.9.6 (enterprise 0.20070907.709405)
> > Can i assign a PCI device(e.g a NIC) exclusively to a Linux HVM
> > domainU after hiding it from domain 0?
> >
> > I know that only PV guests are the best candidates for this but I
> > still want to ask, hoping someone might have done some work in latest
> > xen-unstable.
> >
> > Is there any known way to do this?
> >
> > PS:- NIC Is does not have Intel's VT-d.
> If the Guest is HVM, how would it know how to give usable
> DMA addresses to the NIC? (Whether it should be trusted to
> in the absence of an Address Translation Service is the next
> question, but first is whether it could even do it at all).
> A PV Guest, by contrast, would know the distinction between
> GPAs and SPAs (not that it makes it any more trustworthy).

Guys from Neocleus (I think) have been working on making PCI passthrough to 
HVM guests happen, without using an IOMMU.  There is code out there that 
these guys have released.  It's a clever bit of lateral thinking that makes 
this possible :-)

However, doing this without an IOMMU still doesn't address the security 
concerns and I'm not sure if it scales to many (or even if they support more 
than one) HVM guests controlling PCI devices.


Push Me Pull You - Distributed SCM tool (http://www.cl.cam.ac.uk/~maw48/pmpu/)

Xen-devel mailing list