Xen users - Sep 2005 - sharing PCI devices ....

Hi Folks,

A question about PCI devices. If we leave security problems aside, is it
possible
to provide access of a PCI device to 2 domains (may include dom 0), i.e. would
current xen implementation suffice or a PCI device can only be used exclusively
by a domain.

Thanks,
Himanshu

-- 
-------------------------------------------------------------------------
Himanshu Raj
PhD Student, GaTech (www.cc.gatech.edu/~rhim)
I prefer to receive attachments in an open, non-proprietary format.
-------------------------------------------------------------------------

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

> -----Original Message-----
> From: xen-devel-bounces@lists.xensource.com 
> [mailto:xen-devel-bounces@lists.xensource.com] On Behalf Of 
> Himanshu Raj
> Sent: 07 September 2005 14:42
> To: xen-devel@lists.xensource.com
> Cc: xen-users@lists.xensource.com
> Subject: [Xen-devel] sharing PCI devices ....
> 
> Hi Folks,
> 
> A question about PCI devices. If we leave security problems 
> aside, is it possible to provide access of a PCI device to 2 
> domains (may include dom 0), i.e. would current xen 
> implementation suffice or a PCI device can only be used 
> exclusively by a domain.
If this is for an arbitrary device, it will not work. For a particular
device, assuming the device is REALLY TRIVIAL, it may be able to make it
work.  

Particularly, a device that uses interrupts to interact with the driver,
you would have a potential race condition between different drivers. 

There''s also the case of conflicting settings/operations made by
different drivers and race-conditions.

Let''s say a network card has a "start transmit bit" in one
register, and
a "buffer-start" in a different register. Driver A in Dom0 writes a
value to Buffer start, gets interrupted [by timer or otherwise], DomU
writes to the buffer register as well, with a completely different
address, then writes sets the "start transmit bit". Once this is done,
it goes to sleep, and the schedueler decides to run the Dom0 again,
which writes the "start transmit bit". The card will then do one of:
<transmit the DomU packet again>, <report an error>, <fall over
in a big
heap and fail to operate at all until next reboot>.

Of course, if there''s no state, i.e. the card doesn''t retain
any
information from a single operation to the next, then it would probably
be possible to achieve a sharing. But I can''t really think of any
(useful) card that works that way except for the "Port 80" cards that
show the status at boot, etc. 

A coordinated driver that has a shared [between host and guest]
mutex/spin-lock/semaphore/<insert other sycn mechanism(s) here> would
possibly work, but that''s not what the current drivers are doing today,
so you''d need to construct such special driver for any hardware that
you
want to share this way, and the complexity of this would possibly be
qutie huge. 

[I used to work for a graphics card company, writing drivers, and the
complexity of the driver in those are just HUGE, and the consequences of
a small change could very easily break the whole driver. Just the fact
that the system may switch from one task to another during a particular
driver call could often cause problems with coordinating the drivers and
hardwares state such the driver and hardware still knew what was going
on.]

--
Mats
> 
> Thanks,
> Himanshu
> 

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

> A question about PCI devices. If we leave security problems aside, is
> it possible to provide access of a PCI device to 2 domains (may
> include dom 0), i.e. would current xen implementation suffice or a PCI
> device can only be used exclusively by a domain.
No, not without writing a backend driver to mediate device accesses. If
two domains can both access the raw device, who gets the interrupts
raised by the device? What if one domain gets context-switched away in
the middle of what it thinks is an atomic operation, and the other
domain uses the device in the meantime? What if the domains each want
the device in a different ''mode'' (like promiscuous mode for
NICs) - how
do you change the mode back and forth as each domain is scheduled?

If you have a particular device that you want two or more domains to
use, you need to write a backend and a frontend device driver, and then
export the virtual device to your domUs just like the virtual NIC and
the virtual block device.

If you do this, consider sharing the source with everyone: someone else
will probably want to do the same thing eventually and it would make
their lives easier. Also, other people may spot unnoticed bugs in your
driver, before they bite you on the bum.

-- 
"And  what if  I assign  a  hundred  programmers  to  it?"   The 
master
programmer shrugged. "Then the design will never be completed," he
said.
http://www.google.com/search?q=%22pgp+singing%22  <-- childish but funny
http://surreal.istic.org/ <-- It''s like a DEATH CIRCUS! | keyid
885b170d


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

> Also, other people may spot unnoticed bugs in your driver, before they
> bite you on the bum.
Actually, on reflection I would like to emphasize that it is the bugs
that will be biting you on the bum, not the other people. I hope nobody
else had a horrible mental picture of Xen developers lining up to tell
some poor chap his code is buggy and then bite him on the bum.

-- 
"And  what if  I assign  a  hundred  programmers  to  it?"   The 
master
programmer shrugged. "Then the design will never be completed," he
said.
http://www.google.com/search?q=%22pgp+singing%22  <-- childish but funny
http://surreal.istic.org/ <-- It''s like a DEATH CIRCUS! | keyid
885b170d


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

On Wed, 2005-09-07 at 15:05 +0100, Daniel Hulme wrote:
> > Also, other people may spot unnoticed bugs in your driver, before they
> > bite you on the bum.
> Actually, on reflection I would like to emphasize that it is the bugs
> that will be biting you on the bum, not the other people. I hope nobody
> else had a horrible mental picture of Xen developers lining up to tell
> some poor chap his code is buggy and then bite him on the bum.
That thought hadn''t occurred to me... until now.
> 
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@lists.xensource.com
> http://lists.xensource.com/xen-devel

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

On Wednesday 07 September 2005 15:48, Petersson, Mats
wrote:
> > Hi Folks,
> >
> > A question about PCI devices. If we leave security problems
> > aside, is it possible to provide access of a PCI device to 2
> > domains (may include dom 0), i.e. would current xen
> > implementation suffice or a PCI device can only be used
> > exclusively by a domain.
>
> If this is for an arbitrary device, it will not work. For a particular
> device, assuming the device is REALLY TRIVIAL, it may be able to make it
> work.
>
> Particularly, a device that uses interrupts to interact with the driver,
> you would have a potential race condition between different drivers.
>
[long explanation deleted]

If you want to have access to the same piece of hardware in different domains, 
you''ll probably have more success with a virtualization method working
on a
higher level than xen (iow, BELOW the driver level)

Linux VServer (and maybe BSD Jails) comes to mind here:

With VServer (www.linux-vserver.org) there''s only ONE linux kernel
running,
meaning only ONE driver for the device in question, making all the sharing 
problems disappear.

You''d still have multiple OS instances running below that kernel,
sharing the
device between them then can be done on devicenode level and should pose no 
problem at all.

VServer patches seem to work inside xen (search for a previous list post on 
that matter), so you even might be able to combine the best of both worlds on 
one server.

/Ernst

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

> A question about PCI devices. If we leave security problems aside, is it
> possible to provide access of a PCI device to 2 domains (may include dom
> 0), i.e. would current xen implementation suffice or a PCI device can only
> be used exclusively by a domain.
Not usually: devices are basically stupid and they only expect one entity to 
be talking to them.  If you get multiple domains driving a device directly 
it''ll probably end in tears, although it might be amusing :-)

You''ve really got two choices:
1) Just assign a device to one domain at a time - maybe buy multiple devices 
to serve multiple domains.
2) Virtualise at a higher level using a backend / frontend.  e.g. the virtual 
block device, virtual net dev, virtual usb dev, etc...

What are you actually trying to achieve?

Cheers,
Mark

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel