Re: [Qemu-devel] [Xen-devel] [RFC PATCH 0/4] Qemu: Add Xen vIOMMU suppor

From: Paolo Bonzini
Subject: Re: [Qemu-devel] [Xen-devel] [RFC PATCH 0/4] Qemu: Add Xen vIOMMU support
Date: Mon, 20 Mar 2017 15:35:55 +0100
On 20/03/2017 15:17, Roger Pau Monné wrote:
>>> Hi Paolo:
>>> Thanks for review. For Xen side, we won't reuse Intel IOMMU device model
>>> in Qemu and create counterpart in Xen hypervisor. The reasons are
>>>  1) Avoid round trips between Qemu and Xen hypervisor
>>>  2) Ease of integration with the rest part of the hypervisor(vIOAPIC,
>>> vMSI and so on).
>> Fair enough, though I'd be worried about increasing the attack surface
>> of the hypervisor.  For KVM, for example, IOMMU emulation requires using
>> the "split irqchip" feature to move the PIC and IOAPIC out of the kernel
>> and back to QEMU.
> Yes, that's right, we are increasing the surface of attack. But Xen also needs
> it in order to support APIC IDs > 255 on PVH guests (that have a local APIC 
> but
> no QEMU).

Not necessarily, you only need x2APIC support for that in the local APIC
emulation.  The MSI hypercalls (similar to KVM's MSI ioctls) can be
extended to accept x2APIC VCPU ids.


