Requirements for PVH stubdoms?
52 views
Skip to first unread message
Jean-Philippe Ouellet
Jun 29, 2019, 10:46:51 PM6/29/19
to qubes-devel, HW42
Hello,
Just out of curiosity - what would be necessary to be able to switch
stubdoms to PVH?
I initially assumed this was probably due to some implicit assumptions
of PV mem mgmt in the domctl API or something, but with experimental
support for PVH dom0s now, surely that can't be it...
Figured I'd ask here before digging into it, since surely someone is
already familiar with much of the relevant context which I am missing
(though maybe a Xen list would be more appropriate).
Thanks,
Jean-Philippe
Just out of curiosity - what would be necessary to be able to switch
stubdoms to PVH?
I initially assumed this was probably due to some implicit assumptions
of PV mem mgmt in the domctl API or something, but with experimental
support for PVH dom0s now, surely that can't be it...
Figured I'd ask here before digging into it, since surely someone is
already familiar with much of the relevant context which I am missing
(though maybe a Xen list would be more appropriate).
Thanks,
Jean-Philippe
HW42
Jun 30, 2019, 9:32:12 AM6/30/19
to Jean-Philippe Ouellet, qubes-devel
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Jean-Philippe Ouellet:
I think (but did not verified it) that you "just" need to go through all
the stubdom specific code paths and make the required hypercalls
available in the PVH case (the hypercall itself plus setup of the
permissions).
Yes, a Xen list would be probably the better place. Especially if you
plan to work on it, I think you should first discuss it there to ensure
that you do it in a way that upstream likes, and coordinate in case
there are already existing plans/work for this (no idea if this is the
case).
Simon
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEqieyzvOmi9FGaQcT5KzJJ4pkaBYFAl0YudEACgkQ5KzJJ4pk
aBbTqw/9HPvip8thyjGSjzDVx8OkVzY9yype/0O29wUjRnqqSk94D56iKYs9bBOn
LL8U/A7lerV6HXkDNIZd3YTXOmvpFQFD/cb12k04saUS7wVZ/9wjhl0iST3uW9a/
5vgfN9KYmsI360KqnPRLhED5Q9FjxJo+c46/ue0yeqqNXkKJd08yGxNWqZe2CG+a
Xmx8F3kPcCb4KbTbZ+4C+9pCBW4UXA7nMlKtGXcpWfYahmJzYV6B1LafRUdhrc8V
V2PXZ9rwZDetCWbQw9YfaTlXS1PQeH1UIXzHmySV7vYWQMLRSsDemsGRPMVcGUsZ
44TIYPswNRxaxmgFBAqgu23gWvBXo/O+zJH/Pg8aZ6NeRW7oC/gzFCvt876NOI//
bn9TEfibQ/EcS9E5URezhpKB1IC98p0R3KtJ1XCAoxevltvFVC9gEpvsYssmN/XJ
FNVlANIPlru36SzNO9zV9pDmqyP2AWZLRXZTen7/GJtr4i5EHz71PeN759ZctW6B
fhU4zKA7nzo2lyDJZznuNU35oaNakSzQlPk8KRctODynv7dNHjr3qjYsT/at7LvY
gVC4uoafw+T7rGbvULolbHTv+w3WdL7FP0KFCRqtLNYgKQqWR/zaoEjEC/bJC85o
7nSiqMVYi7uXvKLRf7qUPaO4NGcSACKcWv1/LnGItCPSxXWgM0U=
=gItC
-----END PGP SIGNATURE-----
Hash: SHA512
Jean-Philippe Ouellet:
the stubdom specific code paths and make the required hypercalls
available in the PVH case (the hypercall itself plus setup of the
permissions).
Yes, a Xen list would be probably the better place. Especially if you
plan to work on it, I think you should first discuss it there to ensure
that you do it in a way that upstream likes, and coordinate in case
there are already existing plans/work for this (no idea if this is the
case).
Simon
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEqieyzvOmi9FGaQcT5KzJJ4pkaBYFAl0YudEACgkQ5KzJJ4pk
aBbTqw/9HPvip8thyjGSjzDVx8OkVzY9yype/0O29wUjRnqqSk94D56iKYs9bBOn
LL8U/A7lerV6HXkDNIZd3YTXOmvpFQFD/cb12k04saUS7wVZ/9wjhl0iST3uW9a/
5vgfN9KYmsI360KqnPRLhED5Q9FjxJo+c46/ue0yeqqNXkKJd08yGxNWqZe2CG+a
Xmx8F3kPcCb4KbTbZ+4C+9pCBW4UXA7nMlKtGXcpWfYahmJzYV6B1LafRUdhrc8V
V2PXZ9rwZDetCWbQw9YfaTlXS1PQeH1UIXzHmySV7vYWQMLRSsDemsGRPMVcGUsZ
44TIYPswNRxaxmgFBAqgu23gWvBXo/O+zJH/Pg8aZ6NeRW7oC/gzFCvt876NOI//
bn9TEfibQ/EcS9E5URezhpKB1IC98p0R3KtJ1XCAoxevltvFVC9gEpvsYssmN/XJ
FNVlANIPlru36SzNO9zV9pDmqyP2AWZLRXZTen7/GJtr4i5EHz71PeN759ZctW6B
fhU4zKA7nzo2lyDJZznuNU35oaNakSzQlPk8KRctODynv7dNHjr3qjYsT/at7LvY
gVC4uoafw+T7rGbvULolbHTv+w3WdL7FP0KFCRqtLNYgKQqWR/zaoEjEC/bJC85o
7nSiqMVYi7uXvKLRf7qUPaO4NGcSACKcWv1/LnGItCPSxXWgM0U=
=gItC
-----END PGP SIGNATURE-----
Marek Marczykowski-Górecki
Jun 30, 2019, 10:13:34 AM6/30/19
to HW42, Jean-Philippe Ouellet, qubes-devel
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On Sun, Jun 30, 2019 at 03:32:04PM +0200, HW42 wrote:
> Jean-Philippe Ouellet:
> > Hello,
> >
> > Just out of curiosity - what would be necessary to be able to switch
> > stubdoms to PVH?
> >
> > I initially assumed this was probably due to some implicit assumptions
> > of PV mem mgmt in the domctl API or something, but with experimental
> > support for PVH dom0s now, surely that can't be it...
> >
> > Figured I'd ask here before digging into it, since surely someone is
> > already familiar with much of the relevant context which I am missing
> > (though maybe a Xen list would be more appropriate).
>
> I think (but did not verified it) that you "just" need to go through all
> the stubdom specific code paths and make the required hypercalls
> available in the PVH case (the hypercall itself plus setup of the
> permissions).
>
> Yes, a Xen list would be probably the better place. Especially if you
> plan to work on it, I think you should first discuss it there to ensure
> that you do it in a way that upstream likes, and coordinate in case
> there are already existing plans/work for this (no idea if this is the
> case).
In addition to the above:
- toolstack support (should be relatively trivial)
- PCI passthrough - stubdomain needs access to PCI config space, as its
emulation is handled by qemu; in theory it should be fine to use
pcifront/pciback for that, but those won't be happy without the rest
of PCI passthrough (interrupts, BAR, DMA etc)
There is experimental work on qubes-devel (by Paul Durrant) on
standalone PCI emulators (no qemu). While not directly solving
stubdomain isssue, it may make stubdomain unnecessary for Linux PVH
domains with PCI devices.
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCAAdFiEEhrpukzGPukRmQqkK24/THMrX1ywFAl0Yw4UACgkQ24/THMrX
1ywUNggAkmAeGSFYM4FGmuUF1foPglHkEyuuGNT62Atil+MID54B/ti2ifP71R4O
oS2XIzRHyfCHx7U+R01p10l1CdJHWkOZCRL/zEPdMOacLT5TJ/UFUqJZEt4FTbf5
v7t8k3+vvONdQZsspOw4A7iK92zhXMGWH2bREA4aZVti3VWnyOFWsveGPMXJz+At
qxMbQbUJkkLJgBiq7nSoPmx1J/yO5nsY1NwX6RpEWVXqkTq9QCSpfZkqgI3Nk/wR
Dst3E4Jle1qb94Yw2Z/LpN4eSQWE+haS4NhJrS9jaws6qWqSM1nqJ8fg5CwUK6Ej
i5hev1WAQrRt3Q0xHtTcCEcPViv5aA==
=dxT1
-----END PGP SIGNATURE-----
Hash: SHA256
On Sun, Jun 30, 2019 at 03:32:04PM +0200, HW42 wrote:
> Jean-Philippe Ouellet:
> > Hello,
> >
> > Just out of curiosity - what would be necessary to be able to switch
> > stubdoms to PVH?
> >
> > I initially assumed this was probably due to some implicit assumptions
> > of PV mem mgmt in the domctl API or something, but with experimental
> > support for PVH dom0s now, surely that can't be it...
> >
> > Figured I'd ask here before digging into it, since surely someone is
> > already familiar with much of the relevant context which I am missing
> > (though maybe a Xen list would be more appropriate).
>
> I think (but did not verified it) that you "just" need to go through all
> the stubdom specific code paths and make the required hypercalls
> available in the PVH case (the hypercall itself plus setup of the
> permissions).
>
> Yes, a Xen list would be probably the better place. Especially if you
> plan to work on it, I think you should first discuss it there to ensure
> that you do it in a way that upstream likes, and coordinate in case
> there are already existing plans/work for this (no idea if this is the
> case).
- toolstack support (should be relatively trivial)
- PCI passthrough - stubdomain needs access to PCI config space, as its
emulation is handled by qemu; in theory it should be fine to use
pcifront/pciback for that, but those won't be happy without the rest
of PCI passthrough (interrupts, BAR, DMA etc)
There is experimental work on qubes-devel (by Paul Durrant) on
standalone PCI emulators (no qemu). While not directly solving
stubdomain isssue, it may make stubdomain unnecessary for Linux PVH
domains with PCI devices.
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCAAdFiEEhrpukzGPukRmQqkK24/THMrX1ywFAl0Yw4UACgkQ24/THMrX
1ywUNggAkmAeGSFYM4FGmuUF1foPglHkEyuuGNT62Atil+MID54B/ti2ifP71R4O
oS2XIzRHyfCHx7U+R01p10l1CdJHWkOZCRL/zEPdMOacLT5TJ/UFUqJZEt4FTbf5
v7t8k3+vvONdQZsspOw4A7iK92zhXMGWH2bREA4aZVti3VWnyOFWsveGPMXJz+At
qxMbQbUJkkLJgBiq7nSoPmx1J/yO5nsY1NwX6RpEWVXqkTq9QCSpfZkqgI3Nk/wR
Dst3E4Jle1qb94Yw2Z/LpN4eSQWE+haS4NhJrS9jaws6qWqSM1nqJ8fg5CwUK6Ej
i5hev1WAQrRt3Q0xHtTcCEcPViv5aA==
=dxT1
-----END PGP SIGNATURE-----
Reply all
Reply to author
Forward
0 new messages