On 2014-06-13 10:45, Paolo Bonzini wrote: > Il 13/06/2014 08:23, Jan Kiszka ha scritto: >>>> That would preserve zero-copy capabilities (as long as you can work >>>> against the shared mem directly, e.g. doing DMA from a physical NIC or >>>> storage device into it) and keep the hypervisor out of the loop. >> > >> > This seems ill thought out. How will you program a NIC via the virtio >> > protocol without a hypervisor? And how will you make it safe? You'll >> > need an IOMMU. But if you have an IOMMU you don't need shared memory. >> >> Scenarios behind this are things like driver VMs: You pass through the >> physical hardware to a driver guest that talks to the hardware and >> relays data via one or more virtual channels to other VMs. This confines >> a certain set of security and stability risks to the driver VM. > > I think implementing Xen hypercalls in jailhouse for grant table and > event channels would actually make a lot of sense. The Xen > implementation is 2.5kLOC and I think it should be possible to compact > it noticeably, especially if you limit yourself to 64-bit guests.
At least the grant table model seems unsuited for Jailhouse. It allows a guest to influence the mapping of another guest during runtime. This we want (or even have) to avoid in Jailhouse. I'm therefore more in favor of a model where the shared memory region is defined on cell (guest) creation by adding a virtual device that comes with such a region. Jan > > It should also be almost enough to run Xen PVH guests as jailhouse > partitions. > > If later Xen starts to support virtio, you will get that for free. > > Paolo
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Virtualization mailing list Virtualization@lists.linux-foundation.org https://lists.linuxfoundation.org/mailman/listinfo/virtualization
