On 05.10.22 14:41, Marek Marczykowski-Górecki wrote:
Hi,When booting Xen with Linux dom0 nested under KVM, CONFIG_XEN_VIRTIO_FORCE_GRANT=y makes it unable to use virtio devices provided by L0 hypervisor (KVM with qemu). With PV dom0, grants are required for virtio even if just CONFIG_XEN_VIRTIO is enabled. This is probably uncommon corner case, but one that has bitten me in my CI setup... I think Xen should set smarter virtio_require_restricted_mem_acc(), that enforces it only for devices really provided by another Xen VM (not by the "outer host"), but I'm not sure how that could be done. Any ideas?
It should be possible to add a boot parameter for that purpose. Using it would open a security hole, though (basically like all PCI passthrough to PV guests). Juergen
OpenPGP_0xB0DE9DD628BF132F.asc
Description: OpenPGP public key
OpenPGP_signature
Description: OpenPGP digital signature
