WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

[Xen-devel] Re: [XEN-IOMMU] Proposal of DMA protection/isolation support

To: iommu@xxxxxxxxxxxxxxxxxxxxxxxxxx
Subject: [Xen-devel] Re: [XEN-IOMMU] Proposal of DMA protection/isolation support
From: Amit Shah <amit.shah@xxxxxxxxxxxx>
Date: Sat, 12 Jan 2008 17:15:32 +0530
Cc: Wei Wang2 <wei.wang2@xxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxx, Uwe.Dannowski@xxxxxxx, Michael.Hohmuth@xxxxxxx
Delivery-date: Fri, 18 Jan 2008 10:33:29 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <1199980104.4405.122.camel@xxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Organization: Qumranet Technologies
References: <1199980104.4405.122.camel@xxxxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: KMail/1.9.6 (enterprise 0.20070907.709405)
On Thursday 10 January 2008 21:18:24 Wei Wang2 wrote:
> hi list,
> I am considering adding DMA protection/isolation support for iommu
> machine:  Below are the suggested approaches to be discussed:
>
> 1) Para-virtualized IOMMU
> If it is possible to integrate IOMMU driver into guest kernel, we can
> just implement a set of para-virtualized interface to forward hardware
> operations from guest to HV. Guest kernel will allocation IO page table
> for itself, but IO-PTE updating is verified by HV through hypercall.
>
> 2) IOMMU-aware dma layer.
> Currently, driver domain utilizes swiotlb to get dma_address below 4G,
> which is an additional overhead to IOMMU machine. For IOMMU machine, we
> can implement a new dma layer which takes "guest_domain-id",
> "device_bdf", and "guest_page" information as parameters and returns
> virtual io address to guest OS. Guest OS only have very limited
> knowledge/control to IOMMU. In this case, HV will allocate and update IO
> page table for guest domain.
>
> 3) Hooking guest memory changes
> No guest OS modification is needed in this approach.  All we need is to
> update IO page table when guest physical memory changes triggered by
> domain initialization, ballooning, and grant reference mapping...
>
> Thanks for any comments, ideas, corrections... to this thread.

I have a few patches (quite old, I need to refresh them) for doing this. I was 
also looking at integrating this functionality with the AMD DEV for securing 
accesses.

This effort was mostly done with kvm+qemu in mind, but the DMA-level 
operations should work across any hypervisor on a PV guest.

http://lkml.org/lkml/2007/11/7/125

Let me know if these patches can be helpful and I can refresh them to the 
newer kernels.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel