On 11/16/2017 03:41 PM, Julien Grall wrote:
> Hi George,
> 
> On 13/11/17 15:41, George Dunlap wrote:
>> Signed-off-by: George Dunlap <george.dun...@citrix.com>
>> ---
>> Do we need to add anything more here?
>>
>> And do we need to include ARM ACPI for guests?
>>
>> CC: Ian Jackson <ian.jack...@citrix.com>
>> CC: Wei Liu <wei.l...@citrix.com>
>> CC: Andrew Cooper <andrew.coop...@citrix.com>
>> CC: Jan Beulich <jbeul...@suse.com>
>> CC: Stefano Stabellini <sstabell...@kernel.org>
>> CC: Konrad Wilk <konrad.w...@oracle.com>
>> CC: Tim Deegan <t...@xen.org>
>> CC: Julien Grall <julien.gr...@arm.com>
>> ---
>>   SUPPORT.md | 10 ++++++++++
>>   1 file changed, 10 insertions(+)
>>
>> diff --git a/SUPPORT.md b/SUPPORT.md
>> index b95ee0ebe7..8235336c41 100644
>> --- a/SUPPORT.md
>> +++ b/SUPPORT.md
>> @@ -412,6 +412,16 @@ Virtual Performance Management Unit for HVM guests
>>   Disabled by default (enable with hypervisor command line option).
>>   This feature is not security supported: see
>> http://xenbits.xen.org/xsa/advisory-163.html
>>   +### ARM/Non-PCI device passthrough
>> +
>> +    Status: Supported
> 
> Sorry I didn't notice that until now. I am not comfortable to say
> "Supported" without any caveats.
> 
> As with PCI device passthrough, you at least need an IOMMU present on
> the platform. Sadly, it does not mean all DMA-capable devices on that
> platform will be protected by the IOMMU. This is also assuming, the
> IOMMU do sane things.
> 
> There are potentially other problem coming up with MSI support. But I
> haven't yet fully thought about it.

Shall we make this simply, 'Not security supported' for now?

I'll also mention needing an SMMU and other caveats.

 -George

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel

Reply via email to