- LIVA PC PCI ENCRYPTION DECRYPTION CONTROLLER DRIVERS
- LIVA PC PCI ENCRYPTION DECRYPTION CONTROLLER DRIVER
The solution to both of these is called an IOMMU. PV guests can overcome this because they can "look behind" the virtualized memory layout but HVM guests cannot. Secondly, the guest's idea of the memory layout is virtualized, but the device's idea isn't.
LIVA PC PCI ENCRYPTION DECRYPTION CONTROLLER DRIVER
First, it is a potential reliability or security issue: a guest with a buggy driver could accidentaly overwrite some of Xen's memory a guest controlled by an attacker could read and write memory of other guests. Normally devices are allowed to do DMA to and from any part of the host's physical memory. For PV guests, this is done by the pciback driver in dom0. Guests are allowed to set up DMA for devices, but access to the PCI configuration space must be arbitrated for security reasons. HVM guests see the device on the emulated PCI bus presented by QEMU. PV guests access the device via a kernel driver in the guest called xen-pcifront (pcifront in classic xen kernels), which connects to pciback. This driver is called xen-pciback in pvops kernels, and called pciback in classic kernels. In order for a device to be accessed by a guest, the device must instead be assigned to a special domain 0 driver.
LIVA PC PCI ENCRYPTION DECRYPTION CONTROLLER DRIVERS
Normally, as it discovers PCI devices, it passes those to drivers within the Linux kernel. You can determine the BDF for the device by running lspci in domain 0.ĭomain 0 has responsibility for all devices on the system. PCI devices are specified by BDF Notation.
3.1 Xen dom0 pciback driver backend modes.2.2 Verifying that the device is ready to be passed through.2.1.4 Static assignment for xen-pciback module (when xen-pciback is loaded as a module and NOT compiled into the kernel).2.1.3 Dynamic assignment with sysfs (when xen-pciback is loaded as a module and NOT compiled into the kernel).2.1.2 Dynamic assignment with xl (when xen-pciback is loaded as a module and NOT compiled into the kernel).2.1.1 Static assignment for built-in xen-pciback (when xen-pciback is compiled into the kernel and NOT loaded as a module).