Re: [kvm-devel] [Xen-devel] More virtio users

2007-06-14 Thread Caitlin Bestler
[EMAIL PROTECTED] wrote: On Wednesday 13 June 2007, Caitlin Bestler wrote: It can be done, but you'd also need a passthrough for the IOMMU in that case, and you get a potential security hole: if a malicious guest is smart enough to figure out IOMMU mappings from the device to memory owned

Re: [kvm-devel] [Xen-devel] More virtio users

2007-06-14 Thread Arnd Bergmann
On Thursday 14 June 2007, Caitlin Bestler wrote: Why not simply adopt the policy that if the IOMMU does not meet the security requirements of the Hypervisor then it is not an IOMMU as far as the Hypervisor is concerned? More specificially, the Hypervisor should enable direct access by a

Re: [kvm-devel] [Xen-devel] More virtio users

2007-06-12 Thread Muli Ben-Yehuda
On Sun, Jun 10, 2007 at 10:33:57AM +0300, Avi Kivity wrote: It is worthwhile, when designing virtio, to keep in mind as many possible users as possible. In addition to block and net, I see at least the following: - vmgl (paravirtualized 3D graphics)

Re: [kvm-devel] [Xen-devel] More virtio users

2007-06-12 Thread Avi Kivity
Muli Ben-Yehuda wrote: On Sun, Jun 10, 2007 at 10:33:57AM +0300, Avi Kivity wrote: It is worthwhile, when designing virtio, to keep in mind as many possible users as possible. In addition to block and net, I see at least the following: - vmgl (paravirtualized 3D graphics)

Re: [kvm-devel] [Xen-devel] More virtio users

2007-06-12 Thread Arnd Bergmann
On Sunday 10 June 2007, Avi Kivity wrote: - PCI (or your favorite HW bus) passthrough, for your favorite oddball   device (e.g., crypto-accelerators).   Won't all high-bandwidth traffic be through dma, bypassing virtio? It can be done, but you'd also need a passthrough for the IOMMU in

Re: [kvm-devel] [Xen-devel] More virtio users

2007-06-12 Thread Caitlin Bestler
[EMAIL PROTECTED] wrote: On Sunday 10 June 2007, Avi Kivity wrote: - PCI (or your favorite HW bus) passthrough, for your favorite oddball   device (e.g., crypto-accelerators). Won't all high-bandwidth traffic be through dma, bypassing virtio? It can be done, but you'd also need a

Re: [kvm-devel] [Xen-devel] More virtio users

2007-06-12 Thread Arnd Bergmann
On Wednesday 13 June 2007, Caitlin Bestler wrote: It can be done, but you'd also need a passthrough for the IOMMU in that case, and you get a potential security hole: if a malicious guest is smart enough to figure out IOMMU mappings from the device to memory owned by the host. If it

Re: [kvm-devel] [Xen-devel] More virtio users

2007-06-12 Thread Muli Ben-Yehuda
On Wed, Jun 13, 2007 at 01:54:26AM +0200, Arnd Bergmann wrote: On Wednesday 13 June 2007, Caitlin Bestler wrote: It can be done, but you'd also need a passthrough for the IOMMU in that case, and you get a potential security hole: if a malicious guest is smart enough to figure out