This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


RE: [Xen-devel] Can I expose a pci device to HVM domU?

To: "Mark Williamson" <mark.williamson@xxxxxxxxxxxx>, <xen-devel@xxxxxxxxxxxxxxxxxxx>
Subject: RE: [Xen-devel] Can I expose a pci device to HVM domU?
From: "Caitlin Bestler" <Caitlin.Bestler@xxxxxxxxxxxx>
Date: Thu, 21 Feb 2008 12:45:07 -0500
Delivery-date: Fri, 22 Feb 2008 07:46:38 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <200802210203.02755.mark.williamson@xxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <6bc632150802191238v19371a70ha60ee5950c027c06@xxxxxxxxxxxxxx> <78C9135A3D2ECE4B8162EBDCE82CAD77030E2B83@nekter> <200802210203.02755.mark.williamson@xxxxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
Thread-index: Ach0LfItWSwlDNDkQkCqT0qPAsRiXAAgekMg
Thread-topic: [Xen-devel] Can I expose a pci device to HVM domU?

> -----Original Message-----
> From: M.A. Williamson [mailto:maw48@xxxxxxxxxxxxxxxx] On Behalf Of Mark
> Williamson
> Sent: Wednesday, February 20, 2008 6:03 PM
> To: xen-devel@xxxxxxxxxxxxxxxxxxx
> Cc: Caitlin Bestler; pradeep singh rautela
> Subject: Re: [Xen-devel] Can I expose a pci device to HVM domU?
> > > Can i assign a PCI device(e.g a NIC) exclusively to a Linux HVM
> > > domainU after hiding it from domain 0?
> > >
> > > I know that only PV guests are the best candidates for this but I
> > > still want to ask, hoping someone might have done some work in
> latest
> > > xen-unstable.
> > >
> > > Is there any known way to do this?
> > >
> > > PS:- NIC Is does not have Intel's VT-d.
> >
> > If the Guest is HVM, how would it know how to give usable
> > DMA addresses to the NIC? (Whether it should be trusted to
> > in the absence of an Address Translation Service is the next
> > question, but first is whether it could even do it at all).
> >
> > A PV Guest, by contrast, would know the distinction between
> > GPAs and SPAs (not that it makes it any more trustworthy).
> Guys from Neocleus (I think) have been working on making PCI
> passthrough to HVM guests happen, without using an IOMMU.
> There is code out there that these guys have released.
> It's a clever bit of lateral thinking that makes this
> possible :-)

Ultimately *some* form of Address Translation Service is required.
Stacking the deck so that a null translation works is still a form
of Address Translation Service. Translating work requests in a
backend driver is also an Address Translation Service.

I see no problem of embracing multiple Address Translation solutions,
as long as the caveats with each are clear and unambiguous. But I
think it would be a mistake for a Hypervisor to take extra steps
to facilitate solutions that do not provide the full  equivalent
of a PCI-SIG defined IOMMU.

In this case, I would not recommend taking extra steps to enable
direct access to a NIC from an HVM Guest. Trusting a guest to refrain
from accessing memory it does not own is a major act of faith that
is rarely justified, but an HVM Guest would not even understand what
it has been entrusted with. That sounds very risky to me.

Xen-devel mailing list