xen-users

[Top] [All Lists]

Re: [Xen-users] PV DomU kernel 2.4(.34) for IPCop

from [Mark Williamson]

[Permanent Link][Original]

To:	xen-users@xxxxxxxxxxxxxxxxxxx
Subject:	Re: [Xen-users] PV DomU kernel 2.4(.34) for IPCop
From:	Mark Williamson <mark.williamson@xxxxxxxxxxxx>
Date:	Sun, 22 Jun 2008 16:29:56 +0100
Cc:	Paul Schulze <avlex@xxxxxxx>
Delivery-date:	Sun, 22 Jun 2008 08:30:31 -0700
Envelope-to:	www-data@xxxxxxxxxxxxxxxxxx
In-reply-to:	<7BF5DAC4-D094-4899-B905-1A0CFBEB3594@xxxxxxxxx>
List-help:	<mailto:xen-users-request@lists.xensource.com?subject=help>
List-id:	Xen user discussion <xen-users.lists.xensource.com>
List-post:	<mailto:xen-users@lists.xensource.com>
List-subscribe:	<http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe:	<http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References:	<7BF5DAC4-D094-4899-B905-1A0CFBEB3594@xxxxxxxxx>
Sender:	xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent:	KMail/1.9.9

> I am currently in the process of setting up a firewall/access point
> DomU and I would like to know if there is any way to run a linux
> kernel 2.4(.34) based system as a DomU. The primary reason for this
> is that I want to run IPCop on such a kernel, but also that I
> consider kernel 2.4 based systems to be more suitable for some
> applications, especially for use as a firewall.

I've seen some patches for 2.4 PV-on-HVM drivers support - and I *think* I've 
seen patches for 2.4 domU support floating around.  However, you need more 
than this because you're looking at PCI passthrough.  Doing PCI passthrough 
to a domU requires more than just Xen domU support in that kernel, since it 
also needs to talk to real hardware.  I'm not aware of patches allowing this 
under Linux 2.4, although Linux 2.6 is well supported in this regard.

PCI passthrough to an HVM domain wouldn't have this limitation but would, as 
you observe, require VT-d support currently :-(

> P.S.: I know, this setup sounds kind of paranoid, isolating Dom0 that
> much and I might hit a wall somewhere because certain things are not
> possible yet (thats actually one of the points of this experiment, to
> see what Xen can do). I also realize it is pointless unless I use a
> system with IOMMU in a PCI passthrough setup (ultimately enabling PCI
> Passthrough to HVM), but for me it is more like a proof of concept,
> than a security concern for the machine in question and I prefer to
> run Linux on Xen paravirtualized anyway. If anyone has some thoughts
> on this, he or she would like to share, I am always thankful for
> advise or another point of view.

Are you aware that there have been patches posted (and possibly merged now, I 
think, although not in a release) that support IOMMU protection for PCI 
passthrough to PV domUs?  This would be useful for the kind of setup you 
propose, should you wish to avoid the overheads of HVM.

I hope this information helps somewhat, sorry it's not exactly a solution.

Cheers,
Mark

-- 
Push Me Pull You - Distributed SCM tool (http://www.cl.cam.ac.uk/~maw48/pmpu/)

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
[Xen-users] PV DomU kernel 2.4(.34) for IPCop, Paul Schulze Re: [Xen-users] PV DomU kernel 2.4(.34) for IPCop, Mark Williamson <= Re: [Xen-users] PV DomU kernel 2.4(.34) for IPCop, Paul Schulze

Previous by Date:	Re: [Xen-users] can't a PV domU be installed from an ISO file?, Mark Williamson
Next by Date:	Re: [Xen-users] Installing a Debian Etch DomU using debootstrap, Thomas
Previous by Thread:	[Xen-users] PV DomU kernel 2.4(.34) for IPCop, Paul Schulze
Next by Thread:	Re: [Xen-users] PV DomU kernel 2.4(.34) for IPCop, Paul Schulze
Indexes:	[Date] [Thread] [Top] [All Lists]