WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-devel] [PATCH][RFC] Support more Capability Structures andDevic

from [Alan Cox] [Permanent Link][Original]
To: Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>
Subject: Re: [Xen-devel] [PATCH][RFC] Support more Capability Structures andDevice Specific
From: Alan Cox <alan@xxxxxxxxxxxxxxxxxxx>
Date: Wed, 2 Jul 2008 12:17:45 +0100
Cc: Yuji Shimada <shimada-yxb@xxxxxxxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxx, "Dong, Eddie" <eddie.dong@xxxxxxxxx>, Keir Fraser <keir.fraser@xxxxxxxxxxxxx>
Delivery-date: Wed, 02 Jul 2008 04:35:46 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <18539.22704.112555.841467@xxxxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Organization: Red Hat UK Cyf., Amberley Place, 107-111 Peascod Street, Windsor, Berkshire, SL4 1TE, Y Deyrnas Gyfunol. Cofrestrwyd yng Nghymru a Lloegr o'r rhif cofrestru 3798903
References: <20080630131728.F30A.SHIMADA-YXB@xxxxxxxxxxxxxxx> <10EA09EFD8728347A513008B6B0DA77A035FC20B@xxxxxxxxxxxxxxxxxxxxxxxxxxxx> <20080701163646.C0E3.SHIMADA-YXB@xxxxxxxxxxxxxxx> <18537.65217.267922.698490@xxxxxxxxxxxxxxxxxxxxxxxx> <10EA09EFD8728347A513008B6B0DA77A035FC6EA@xxxxxxxxxxxxxxxxxxxxxxxxxxxx> <18539.22704.112555.841467@xxxxxxxxxxxxxxxxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx 
> I think it is fine to have a passthrough option which doesn't properly
> protect the host from the guest - this is a useful setup in many
> situations.  But it should not be enabled by default, surely ?

Agreed entirely. Note also that some implementations of an IOMMU will not
save you as they don't fence between individual PCI devices (PCIE is
obviously a bit easier). Not fencing between devices allows you for
example to use a fairly flexible SCSI controller to reprogram another
device. 

In the general case there are also some really nasty dirty attacks you
can't stop with an IOMMU one of which is to reflash the BIOS of the
graphics card to which you were given unrestricted access so that you
compromise the entire system next boot. These attacks appear well
understood except by IOMMU marketing people ;)

IOMMU is great for system correctness and flexibility, using it for
safely providing hardware direct access is a very very hairy business with
a complex device.

Alan

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Xen-devel] Re: [PATCH] qemu-xen: Fix PV segfault, Kevin Wolf
Next by Date:  [Xen-devel] [PATCH][0/3] XenAPI: Add PCI Assignment Support, Yosuke Iwamatsu
Previous by Thread:  RE: [Xen-devel] [PATCH][RFC] Support more Capability Structures andDevice Specific, Ian Jackson
Next by Thread:  RE: [Xen-devel] [PATCH][RFC] Support more Capability Structures andDevice Specific, Dong, Eddie
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy