[Xen-devel] [xen-summit-2019] Virtio Design Session

Thu, 25 Jul 2019 05:17:42 -0700 

Hi,

Sorry I forgot the CC xen-devel.

On 25/07/2019 13:15, Julien Grall wrote:

Hi all,
I don't have the e-mail address of all the attendees. Feel free to CC/forward to anyone that should be involved.
First all thank you Artem for taking the notes. I tried to summarize them below. Please let me know if I missed anything or wrongly summarized.
There was some interest to get virtio running on Xen. The scope was HVM/PVH/ARM guests so existing transport (MMIO/PCI) can be re-used. 

The topics discussed were:

    * Restricting virtio backend for guest memory access
At the moment, virtio backend has full access to the guest memory. Some stakeholders using Xen (or other hypervisors) are concern about the security impact. Two solutions have been suggested here: 
       - Implement using grant-table (Suggested by Juergen Gross)
       - Use Virtio-IOMMU or a Xen PV IOMMU
Dave Woodhouse, would be interested to see a diagram for PV IOMMU to do translation. The backend for PV IOMMU would have to reside in Xen.
A cross-hypervisor solution would be ideal. We need to involve people outside of Xen (Genevi? Matti? Gunnar?) and virtio specialists from Linux kernel (Paolo Bonzini? Michael Tsirkin?) 

   * Virtio frontend in Linux by-passing the DMA API
In order to implement a virtual IOMMU, virtio would have to use DMA API. David Woodhouse suggested this was fix in recent kernel. We need to check if this the case or fix it. 

   * Backend memory exhaustion (XSA-300)
While this is not virtio specific, this is a blocker for general usuability on Arm and x86 PVH dom0. 

   * State of Art
Xen x86 contains most of the pieces to be able to use basic virtio MMIO/PCI. The remaining bits are tools support for the configuration
Xen Arm requires implementation to forward guest MMIO access to a device model (aka IOREQ). Most of the code could be re-used from x86. I have a PoC for this which has been shared privately with EPAM so far. 


   * Next Steps/Actions

      - Send out Arm IOREQ support
     - Partial PCI emulator for Arm
     - Xen tools support for configuration
     - Start discussion on security side involving people outside Xen.

Cheers,



--
Julien Grall

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

Reply via email to