This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


[Xen-devel] philosophically about IGD pass-through (was: feature suggest

To: Keir Fraser <keir.fraser@xxxxxxxxxxxxx>
Subject: [Xen-devel] philosophically about IGD pass-through (was: feature suggestion: DMAR table emulation for Xen)
From: Joanna Rutkowska <joanna@xxxxxxxxxxxxxxxxxxxxxx>
Date: Fri, 14 May 2010 13:47:32 +0200
Cc: "Han, Weidong" <weidong.han@xxxxxxxxx>, "Cihula, Joseph" <joseph.cihula@xxxxxxxxx>, "Kay, Allen M" <allen.m.kay@xxxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxx>
Delivery-date: Fri, 14 May 2010 04:45:38 -0700
Dkim-signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=messagingengine.com; h=message-id:date:from:mime-version:to:cc:subject:references:in-reply-to:content-type; s=smtpout; bh=YJkA+YJnv9GyK14nONwxSAIZOFY=; b=YagGVP1LEARMENUWmXvorTLI/BkyHRvEQDU645pYSe0XlaeFe/FhbCSgTEFKZ15H/gVJbBkYz9sR12aizFHy9O3uVShUgBXTdHa5G9+49fb8t8ZLTpkRlrvUwfHA3GKeCvdU2ssHjdFrhDFzfFKed2LzR4t5kXZcF5Z7xEeN/mw=
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <C812F2C1.144E3%keir.fraser@xxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <C812F2C1.144E3%keir.fraser@xxxxxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv: Gecko/20100330 Fedora/3.0.4-1.fc12 Lightning/1.0b2pre Thunderbird/3.0.4
On 05/14/2010 01:29 PM, Keir Fraser wrote:
> On 14/05/2010 11:58, "Joanna Rutkowska" <joanna@xxxxxxxxxxxxxxxxxxxxxx>
> wrote:
>> Well, we don't do graphics passthrough in Qubes, mostly for two reasons:
>> 1) We believe users prefer seamless integration of all apps onto one
>> desktop (and that requires only one domain, e.g. Dom0, to have access to
>> the graphics card),
>> 2) Giving a potentially untrusted domain full access to the graphics
>> device creates a potential security risk. In fact, you cannot make such
>> an architecture secure without using TXT (yes, TXT in addition to VT-d).
>> Do you do IGD passthrough in Xen Client?
> Yes, particularly necessary to get decent 3D performance (e.g., Windows
> Aero). There are tricks to get security and performance (doing a mix of
> emulation and passthrough).

It's good to distinguish 3D acceleration for the *Window Manager* vs. 3D
acceleration for the *apps*. In Qubes we keep the Window Manager in
Dom0, so, as long as the graphics driver is not broken, the Window
Manager gets all the fancy 3D effects, just like on the native.

The only(?) advantage you gain by using graphics passthorugh is for the
apps. But is it really worth it? How many 3D-capable apps business users
use today? Google Earth? Anything else? So, in order to support Google
Earth, is it really worth to introduce potential VM escape attacks?


Attachment: signature.asc
Description: OpenPGP digital signature

Xen-devel mailing list
<Prev in Thread] Current Thread [Next in Thread>