New Feature: Pass-through hardware access Date: Thu, 15 Dec 2011 12:52:46 +0530  |  Posted by: Anup Patel

I am very happy to inform that we have pass-through hardware access available on Xvisor. Pass-through hardware access is very handy for any hypervisor, since there are wide variety of hardware in market and it is also a fact that no stand alone software (like Xvisor) can have as many host drivers as Linux kernel does. With this new feature, if we have a hardware device not used or virtualized by Xvisor then we can give pass-through access of such a device to guest Linux.

There are two main things required from a Hypervisor to implement Pass-through Hardware Access:

  1. Show the device at given host physical address to Guest OS at particular guest physical address.
  2. Redirect host IRQs generated by the device to appropriate Guest IRQs.

In Xvisor, both of the above requirements are achieved by just a small change in device tree. In simpler words, for Xvisor its just matter of configuration change to use pass-through hardware access.

Potential Applications:

  • Proprietary IPs (E.g CDMA mode, Crypography Chips, Printing Hardware, Network Offload Engines, etc.) can be given directly to Proprietary OSes running as Guest on Xvisor.
  • Multiple guest with heterogenous applications running on same hardware*using Xvisor can be given direct access to appropriate hardware resources for better performance. (For e.g. If we have a network switch running two Guest OSes on Xvisor, one Guest for Network processing and another for LCD display and management then the network processing Guest can be given direct access to all the networking hardware and management Guest can be given direct access to LCD controller.)

Problems:

  • The concept of pass-through hardware access conflicts the concept of Guest migration or Virtual Machine Motion.
  • Some times we need to tweak Guest OS for proper functioning of pass-through hardware. For e.g. if the hardware needs to be enabled from Clocking and Power control hardware first before its use then the Guest OS must do hypercalls to enable/disable the hardware. Things like PIC or Clocking & Power Control cannot be given to Guest OS directly for security reasons.
  • If the pass-through hardware has built-in DMA engine then programming of the built-in DMA must be intercepted by Hypervisor to ensure correctness of the physical address being programmed. We can also choose not to allow direct access to such hardware for security reasons.

Nevertheless, this is a very useful feature when it comes to performance. We will always support pass-through hardware access in Xvisor but its use will come with a security risk which users must acknowledge.