On 04/10/17 17:32, Oleksandr Andrushchenko wrote:
Hi, all!
Hello,
We have a use-case where we want to passthrough and arbitrary device to
driver domain,
e.g. GPIO controller or the like (doesn't do any DMA).
I will assume you are speaking about Xen Arm and not Xen x86. Please
correct if my assumption is wrong.
I know that for device to be pass throughed it must be tied to an IOMMU,
but in my case
the controller doesn’t have any. The problem is that it not only has
MMIO range,
but also has its own interrupt controller, so I have to passthrough IRQs
as well.
Here comes the limitation I face: as the controller doesn’t have any
IOMMU I can’t
passthrough its IRQ.
I guess you are saying that when you use "dtdev" it will deny guest
creation.
At the moment, the only purpose of "dtdev" is to setup the SMMU
correctly. If your device is not protected by an SMMU, then it is not
necessary. You only need to specific "irqs" and "mmios".
If you wonder why the documentation does not advertise it. It is because
I consider that any device not protected by an SMMU should not be
pass-through unless the user really knows what he is doing.
Possible solutions I see could be:
1. Make it possible that Xen allows passing through devices without
IOMMU assigned:
the problem here is that one can hack Xen then by saying that her device
is not MMU
protected and writing/reading arbitrary memory then.
2. Make driver domain be marked somehow as a privileged one, so Xen can
trust it and
allow passing devices without IOMMU.
Q: What if we need to pass this device to DomU?
3. Workaround by introducing a dummy IOMMU for such devices, but it
still doesn’t
solve the problem with memory protection.
I'm hoping to hear any possible solutions/suggestions which will not
break security and allow
passing devices at the same time.
Cheers,
--
Julien Grall
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
