-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Mark,
I am currently in the process of setting up a firewall/access point
DomU and I would like to know if there is any way to run a linux
kernel 2.4(.34) based system as a DomU. The primary reason for this
is that I want to run IPCop on such a kernel, but also that I
consider kernel 2.4 based systems to be more suitable for some
applications, especially for use as a firewall.
I've seen some patches for 2.4 PV-on-HVM drivers support - and I
*think* I've
seen patches for 2.4 domU support floating around. However, you
need more
than this because you're looking at PCI passthrough. Doing PCI
passthrough
to a domU requires more than just Xen domU support in that kernel,
since it
also needs to talk to real hardware. I'm not aware of patches
allowing this
under Linux 2.4, although Linux 2.6 is well supported in this regard.
PCI passthrough to an HVM domain wouldn't have this limitation but
would, as
you observe, require VT-d support currently :-(
If you could point me to the patches you mentioned, I would be
grateful, since I myself couldn't turn up anything of the sort in the
last few days. I am aware of the fact, that I would need patches that
add most of the Xen support in kernel 2.6 to kernel 2.4, including
the PCI frontend module. I will worry about that as soon as I have at
least something to work with. I'm not worried about my NICs though,
they should be well supported by kernel version 2.4.34 to 36 and
those are the versions I am currently aiming for.
P.S.: I know, this setup sounds kind of paranoid, isolating Dom0 that
much and I might hit a wall somewhere because certain things are not
possible yet (thats actually one of the points of this experiment, to
see what Xen can do). I also realize it is pointless unless I use a
system with IOMMU in a PCI passthrough setup (ultimately enabling PCI
Passthrough to HVM), but for me it is more like a proof of concept,
than a security concern for the machine in question and I prefer to
run Linux on Xen paravirtualized anyway. If anyone has some thoughts
on this, he or she would like to share, I am always thankful for
advise or another point of view.
Are you aware that there have been patches posted (and possibly
merged now, I
think, although not in a release) that support IOMMU protection for
PCI
passthrough to PV domUs? This would be useful for the kind of
setup you
propose, should you wish to avoid the overheads of HVM.
I was not aware of that, but what I meant is, if I had hardware IOMMU
support, I would not have to worry about running kernel 2.4. The
overhead of running the system in a HVM isn't all that important at
the moment, considering Xen seems to have problems with AMD's
Cool&Quiet on my system anyways (so I do have quiet a bit of CPU time
to spare).
Thanks,
Paul.
- --
Paul Schulze
avlex@xxxxxxx
Public Key: http://solaris-net.dyndns.org/keys/key_avlex.asc
"Making mistakes is human,
but to really fuck things up you need Computers"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)
iD8DBQFIXoN6YDWOGtiChoARAvCqAJ9v9GG5VITt8yKUJO7DFF4RB8WQlwCfR0sB
/QKdG0UHT9UKuAxVXrAKZ5M=
=JmAb
-----END PGP SIGNATURE-----
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
|
Home