On 11/16/2017 03:41 PM, Julien Grall wrote: > Hi George, > > On 13/11/17 15:41, George Dunlap wrote: >> Signed-off-by: George Dunlap <george.dun...@citrix.com> >> --- >> Do we need to add anything more here? >> >> And do we need to include ARM ACPI for guests? >> >> CC: Ian Jackson <ian.jack...@citrix.com> >> CC: Wei Liu <wei.l...@citrix.com> >> CC: Andrew Cooper <andrew.coop...@citrix.com> >> CC: Jan Beulich <jbeul...@suse.com> >> CC: Stefano Stabellini <sstabell...@kernel.org> >> CC: Konrad Wilk <konrad.w...@oracle.com> >> CC: Tim Deegan <t...@xen.org> >> CC: Julien Grall <julien.gr...@arm.com> >> --- >> SUPPORT.md | 10 ++++++++++ >> 1 file changed, 10 insertions(+) >> >> diff --git a/SUPPORT.md b/SUPPORT.md >> index b95ee0ebe7..8235336c41 100644 >> --- a/SUPPORT.md >> +++ b/SUPPORT.md >> @@ -412,6 +412,16 @@ Virtual Performance Management Unit for HVM guests >> Disabled by default (enable with hypervisor command line option). >> This feature is not security supported: see >> http://xenbits.xen.org/xsa/advisory-163.html >> +### ARM/Non-PCI device passthrough >> + >> + Status: Supported > > Sorry I didn't notice that until now. I am not comfortable to say > "Supported" without any caveats. > > As with PCI device passthrough, you at least need an IOMMU present on > the platform. Sadly, it does not mean all DMA-capable devices on that > platform will be protected by the IOMMU. This is also assuming, the > IOMMU do sane things. > > There are potentially other problem coming up with MSI support. But I > haven't yet fully thought about it.
Shall we make this simply, 'Not security supported' for now? I'll also mention needing an SMMU and other caveats. -George _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org https://lists.xen.org/xen-devel
