Linux Virtualization - Jun 2014 - Using virtio for inter-VM communication

On 2014-06-13 10:45, Paolo Bonzini wrote:
> Il 13/06/2014 08:23, Jan Kiszka ha scritto:
>>>> That would preserve zero-copy capabilities (as long as you can
work
>>>> against the shared mem directly, e.g. doing DMA from a physical
NIC or
>>>> storage device into it) and keep the hypervisor out of the
loop.
>> >
>> > This seems ill thought out.  How will you program a NIC via the
virtio
>> > protocol without a hypervisor?  And how will you make it safe? 
You'll
>> > need an IOMMU.  But if you have an IOMMU you don't need shared
memory.
>>
>> Scenarios behind this are things like driver VMs: You pass through the
>> physical hardware to a driver guest that talks to the hardware and
>> relays data via one or more virtual channels to other VMs. This
confines
>> a certain set of security and stability risks to the driver VM.
> 
> I think implementing Xen hypercalls in jailhouse for grant table and
> event channels would actually make a lot of sense.  The Xen
> implementation is 2.5kLOC and I think it should be possible to compact
> it noticeably, especially if you limit yourself to 64-bit guests.
At least the grant table model seems unsuited for Jailhouse. It allows a
guest to influence the mapping of another guest during runtime. This we
want (or even have) to avoid in Jailhouse.

I'm therefore more in favor of a model where the shared memory region is
defined on cell (guest) creation by adding a virtual device that comes
with such a region.

Jan
> 
> It should also be almost enough to run Xen PVH guests as jailhouse
> partitions.
> 
> If later Xen starts to support virtio, you will get that for free.
> 
> Paolo

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 263 bytes
Desc: OpenPGP digital signature
URL:
<http://lists.linuxfoundation.org/pipermail/virtualization/attachments/20140615/885e697f/attachment.sig>

Il 15/06/2014 08:20, Jan Kiszka ha scritto:
>> > I think implementing Xen hypercalls in jailhouse for grant table
and
>> > event channels would actually make a lot of sense.  The Xen
>> > implementation is 2.5kLOC and I think it should be possible to
compact
>> > it noticeably, especially if you limit yourself to 64-bit guests.
> At least the grant table model seems unsuited for Jailhouse. It allows a
> guest to influence the mapping of another guest during runtime. This we
> want (or even have) to avoid in Jailhouse.
IIRC implementing the grant table hypercalls with copies is inefficient 
but valid.

Paolo

On 2014-06-17 07:24, Paolo Bonzini wrote:
> Il 15/06/2014 08:20, Jan Kiszka ha scritto:
>>> > I think implementing Xen hypercalls in jailhouse for grant
table and
>>> > event channels would actually make a lot of sense.  The Xen
>>> > implementation is 2.5kLOC and I think it should be possible to
compact
>>> > it noticeably, especially if you limit yourself to 64-bit
guests.
>> At least the grant table model seems unsuited for Jailhouse. It allows
a
>> guest to influence the mapping of another guest during runtime. This we
>> want (or even have) to avoid in Jailhouse.
> 
> IIRC implementing the grant table hypercalls with copies is inefficient
> but valid.
Back to #1: This is what Rusty is suggesting for virtio. Nothing to win
with grant tables then. And if we really have to copy, I would prefer to
use a standard.

I guess we need to play with prototypes to assess feasibility and impact
on existing code.

Jan


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 263 bytes
Desc: OpenPGP digital signature
URL:
<http://lists.linuxfoundation.org/pipermail/virtualization/attachments/20140617/08c0e6ce/attachment.sig>