WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

RE: [Xen-devel] [PATCH][RFC] Support more Capability Structures andDevic

To: "Ian Jackson" <Ian.Jackson@xxxxxxxxxxxxx>
Subject: RE: [Xen-devel] [PATCH][RFC] Support more Capability Structures andDevice Specific
From: "Dong, Eddie" <eddie.dong@xxxxxxxxx>
Date: Thu, 3 Jul 2008 09:38:35 +0800
Cc: Yuji Shimada <shimada-yxb@xxxxxxxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxx, "Dong, Eddie" <eddie.dong@xxxxxxxxx>, Keir Fraser <keir.fraser@xxxxxxxxxxxxx>
Delivery-date: Wed, 02 Jul 2008 18:39:50 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <18539.22704.112555.841467@xxxxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <20080630131728.F30A.SHIMADA-YXB@xxxxxxxxxxxxxxx><10EA09EFD8728347A513008B6B0DA77A035FC20B@xxxxxxxxxxxxxxxxxxxxxxxxxxxx><20080701163646.C0E3.SHIMADA-YXB@xxxxxxxxxxxxxxx><18537.65217.267922.698490@xxxxxxxxxxxxxxxxxxxxxxxx><10EA09EFD8728347A513008B6B0DA77A035FC6EA@xxxxxxxxxxxxxxxxxxxxxxxxxxxx> <18539.22704.112555.841467@xxxxxxxxxxxxxxxxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
Thread-index: AcjcLqGz6jfGKK0bQUudH5DFBZKDQwAfkmvQ
Thread-topic: [Xen-devel] [PATCH][RFC] Support more Capability Structures andDevice Specific
Ian Jackson wrote:
> Dong, Eddie writes ("RE: [Xen-devel] [PATCH][RFC] Support
> more Capability Structures andDevice Specific"): 
>> Per current data, pass through get many known bug fixed
>> as the case Dexuan mentioned. But we didn't see a HW
>> damaging host. Some know issue could be a device issuing
>> tons of PCIe traffic, absorbing extra power, issuing
>> interrupt storm etc, but right now we didn't see issues
>> yet.  
> 
> Most people doing PCI passthrough appear to be under the
> impression 
> that the guest cannot escape and cannot damage the host. 
> (Even those 
> currently doing PCI passthrough with current production
> hardware 
> without an iommu!)

What I am aware is only QoS, I didn't know how can a guest program the
device to crash host. Interrupt storm can be blocked by hypervisor at
certain situation. Competing for unnecessary PCIe traffic is never
related to if we pass through guest setting or not. Can you give me a
specific example how host will be crashed?

> 
> I think it is fine to have a passthrough option which
> doesn't properly 
> protect the host from the guest - this is a useful setup
> in many 
> situations.  But it should not be enabled by default,
> surely ? 

Same reason as above.

> 
> Note that this is a _security_ problem.  So `data' about
> `issues' 
> which you have `seen' is irrelevant.  Just because you
> haven't 
> actually observed any misbehaviour with non-malicious
> guests doesn't 
> mean that a malicious guest couldn't cause the hardware
> to melt. 

Examples even in theory?
NOTE here, current pass through logic only support devices under root
port.

> 
> Ian.

Thx, eddie

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel