On 10/05/2017 06:29 PM, Julien Grall wrote:
Hi,
On 04/10/17 19:10, Oleksandr Andrushchenko wrote:
sorry, pressed send too fast
On 10/04/2017 09:02 PM, Oleksandr Andrushchenko wrote:
On 10/04/2017 08:22 PM, Julien Grall wrote:
On 04/10/17 17:32, Oleksandr Andrushchenko wrote:
Hi, all!
Hello,
We have a use-case where we want to passthrough and arbitrary
device to driver domain,
e.g. GPIO controller or the like (doesn't do any DMA).
I will assume you are speaking about Xen Arm and not Xen x86.
Please correct if my assumption is wrong.
you are right, sorry for not being precise enough
I know that for device to be pass throughed it must be tied to an
IOMMU, but in my case
the controller doesn’t have any. The problem is that it not only
has MMIO range,
but also has its own interrupt controller, so I have to
passthrough IRQs as well.
Here comes the limitation I face: as the controller doesn’t have
any IOMMU I can’t
passthrough its IRQ.
I guess you are saying that when you use "dtdev" it will deny guest
creation.
at least I used/experimented with dtdev as of now and didn't think
it is possible not to fill in dtdev's,
but still request IRQs
At the moment, the only purpose of "dtdev" is to setup the SMMU
correctly. If your device is not protected by an SMMU, then it is
not necessary. You only need to specific "irqs" and "mmios".
ah, good to know,
could you please confirm that my understanding is correct:
if I put "xen,passthrough" property in guest's device tree node
which has IRQ(s) and/or MMIO range(s)
it is enough to get that "passive" device passed through?
yes, device will not be hidden from Dom0 and free to be used by any
other domains.
this does work, thank you
However, you have to ensure it will not be shared between multiple
domains (this check was done by "dtdev" you don't use here).
yes, for embedded use-cases this shouldn't be a problem
should be
If "xen,passthrough" property in a Dom0 device tree node *together*
with IRQ(s) and MMIO range(s)
in a *guest config* file is enough to get "passive" device passed
through
If you wonder why the documentation does not advertise it. It is
because I consider that any device not protected by an SMMU should
not be pass-through unless the user really knows what he is doing.
as they say "the best documentation is the source code itself", I
should have looked more careful
Possible solutions I see could be:
1. Make it possible that Xen allows passing through devices
without IOMMU assigned:
the problem here is that one can hack Xen then by saying that her
device is not MMU
protected and writing/reading arbitrary memory then.
2. Make driver domain be marked somehow as a privileged one, so
Xen can trust it and
allow passing devices without IOMMU.
Q: What if we need to pass this device to DomU?
3. Workaround by introducing a dummy IOMMU for such devices, but
it still doesn’t
solve the problem with memory protection.
I'm hoping to hear any possible solutions/suggestions which will
not break security and allow
passing devices at the same time.
Cheers,
Thank you,
Oleksandr
Cheers,
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel