From patchwork Mon Nov 13 15:41:24 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: George Dunlap X-Patchwork-Id: 10056359 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 9810F60365 for ; Mon, 13 Nov 2017 16:00:47 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 888B32945D for ; Mon, 13 Nov 2017 16:00:47 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 7CF4129461; Mon, 13 Nov 2017 16:00:47 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.2 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 046AF2945D for ; Mon, 13 Nov 2017 16:00:47 +0000 (UTC) Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1eEH7v-0001x4-HW; Mon, 13 Nov 2017 15:58:23 +0000 Received: from mail6.bemta6.messagelabs.com ([193.109.254.103]) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1eEH7t-0001w0-KG for xen-devel@lists.xenproject.org; Mon, 13 Nov 2017 15:58:21 +0000 Received: from [193.109.254.147] by server-11.bemta-6.messagelabs.com id AB/8D-09576-D11C90A5; Mon, 13 Nov 2017 15:58:21 +0000 X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFtrMIsWRWlGSWpSXmKPExsXitHSDva7MQc4 og/mNihbft0xmcmD0OPzhCksAYxRrZl5SfkUCa8bx2y2sBfcEK3rOnmFrYJzM38XIySEh4C8x 6/kvZhCbTUBPYt7xryxdjBwcIgIqErf3GnQxcnEwC7SwSOz7c4MdpEZYwFni69U5rCA1LAKqE r0rDEHCvAJ2EjtfzWWEGCkvsfj7TjYQmxMofvHLSiYQW0jAVuLDupnsEPWCEidnPmEBsZkFNC Vat/9mh7DlJZq3zmaGqFeVWPzgKPsERr5ZSFpmIWmZhaRlASPzKkb14tSistQiXUu9pKLM9Iy S3MTMHF1DAzO93NTi4sT01JzEpGK95PzcTYzAQGMAgh2MdzcFHGKU5GBSEuVV+cweJcSXlJ9S mZFYnBFfVJqTWnyIUYaDQ0mCd8p+zighwaLU9NSKtMwcYMjDpCU4eJREeJ1A0rzFBYm5xZnpE KlTjJYcxzZd/sPE8Wzm6wZmjmlXW5uYhVjy8vNSpcR5s0EaBEAaMkrz4MbB4vISo6yUMC8j0I FCPAWpRbmZJajyrxjFORiVhHlvgEzhycwrgdv6CuggJqCDpEB+4S0uSURISTUwcv5OWyAlk/b Y+or5Sxtv3+nWTzy+3+18bHOq7HD/0nNnf4tNTHkumuomJJQSM69aSdVxR5JZ/6dj93w7+M8/ mvJ61bfLG+8e853HEvbcMOeT0JSfSgET8/o2xBzu/SH0+9ubxQ/L1rEJmd75KtVzcTWb9zvHh SE/Xr57/cPk0Qne1/vifje+4VBiKc5INNRiLipOBAAHdXhTxgIAAA== X-Env-Sender: prvs=483948db6=George.Dunlap@citrix.com X-Msg-Ref: server-15.tower-27.messagelabs.com!1510588699!63420009!1 X-Originating-IP: [66.165.176.63] X-SpamReason: No, hits=0.0 required=7.0 tests=sa_preprocessor: VHJ1c3RlZCBJUDogNjYuMTY1LjE3Ni42MyA9PiAzMDYwNDg=\n, received_headers: No Received headers X-StarScan-Received: X-StarScan-Version: 9.4.45; banners=-,-,- X-VirusChecked: Checked Received: (qmail 9519 invoked from network); 13 Nov 2017 15:58:20 -0000 Received: from smtp02.citrix.com (HELO SMTP02.CITRIX.COM) (66.165.176.63) by server-15.tower-27.messagelabs.com with RC4-SHA encrypted SMTP; 13 Nov 2017 15:58:20 -0000 X-IronPort-AV: E=Sophos;i="5.44,389,1505779200"; d="scan'208";a="459182125" From: George Dunlap To: Date: Mon, 13 Nov 2017 15:41:24 +0000 Message-ID: <20171113154126.13038-14-george.dunlap@citrix.com> X-Mailer: git-send-email 2.15.0 In-Reply-To: <20171113154126.13038-1-george.dunlap@citrix.com> References: <20171113154126.13038-1-george.dunlap@citrix.com> MIME-Version: 1.0 Cc: James McKenzie , Christopher Clark , Stefano Stabellini , Wei Liu , Konrad Wilk , Andrew Cooper , Tim Deegan , George Dunlap , =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= , Rich Persaud , Jan Beulich , Ian Jackson Subject: [Xen-devel] [PATCH 14/16] SUPPORT.md: Add statement on PCI passthrough X-BeenThere: xen-devel@lists.xen.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xen.org Sender: "Xen-devel" X-Virus-Scanned: ClamAV using ClamSMTP Signed-off-by: George Dunlap Acked-by: Jan Beulich --- CC: Ian Jackson CC: Wei Liu CC: Andrew Cooper CC: Jan Beulich CC: Stefano Stabellini CC: Konrad Wilk CC: Tim Deegan CC: Rich Persaud CC: Marek Marczykowski-Górecki CC: Christopher Clark CC: James McKenzie --- SUPPORT.md | 33 ++++++++++++++++++++++++++++++++- 1 file changed, 32 insertions(+), 1 deletion(-) diff --git a/SUPPORT.md b/SUPPORT.md index 3e352198ce..a8388f3dc5 100644 --- a/SUPPORT.md +++ b/SUPPORT.md @@ -454,9 +454,23 @@ there is currently no xl support. ## Security +### Driver Domains + + Status: Supported, with caveats + +"Driver domains" means allowing non-Domain 0 domains +with access to physical devices to act as back-ends. + +See the appropriate "Device Passthrough" section +for more information about security support. + ### Device Model Stub Domains - Status: Supported + Status: Supported, with caveats + +Vulnerabilities of a device model stub domain +to a hostile driver domain (either compromised or untrusted) +are excluded from security support. ### KCONFIG Expert @@ -522,6 +536,23 @@ Virtual Performance Management Unit for HVM guests Disabled by default (enable with hypervisor command line option). This feature is not security supported: see http://xenbits.xen.org/xsa/advisory-163.html +### x86/PCI Device Passthrough + + Status: Supported, with caveats + +Only systems using IOMMUs will be supported. + +Not compatible with migration, altp2m, introspection, memory sharing, or memory paging. + +Because of hardware limitations +(affecting any operating system or hypervisor), +it is generally not safe to use this feature +to expose a physical device to completely untrusted guests. +However, this feature can still confer significant security benefit +when used to remove drivers and backends from domain 0 +(i.e., Driver Domains). +See docs/PCI-IOMMU-bugs.txt for more information. + ### ARM/Non-PCI device passthrough Status: Supported