> From: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
> [mailto:xen-devel-bounces@xxxxxxxxxxxxxxxxxxx] On
> Behalf Of Ross Philipson
>
> I will put together something like this then and resubmit. I would like Joe
> Cihula at Intel to
> comment and make sure I am not missing something that will impact tboot
> security.
>
> Thanks
> Ross
I don't see a better way to solve this problem, so I'm OK with this as long as
the Xen checks are left in. It will mostly be the same as Ross's patch but
including a larger memory region and also the ACPI and NV memory types. As
long as E820_UNUSABLE is still excluded, that will cover tboot's memory.
Joe
>
> -----Original Message-----
> From: Keir Fraser
> Sent: Thursday, February 26, 2009 11:12 AM
> To: Ross Philipson; Cui, Dexuan; xen-devel@xxxxxxxxxxxxxxxxxxx
> Subject: Re: [Xen-devel] [PATCH] Included reserved memory regions in dom0
> iommu mappings
>
> Yes, blacklist rather than whitelist, below 4G. Sounds good.
>
> -- Keir
>
> On 26/02/2009 15:38, "Ross Philipson" <Ross.Philipson@xxxxxxxxxx> wrote:
>
> > There are some regions that I think would really need to be excluded that
> > are
> > related to TXT and tboot too though. The current tboot code puts these in
> > the
> > e820 as unusable as apposed to reserved. What if we mapped in all 4GB with
> > the
> > exception of unusable ranges and where xen is?
> >
> > Thanks
> > Ross
> >
> > -----Original Message-----
> > From: Keir Fraser
> > Sent: Thursday, February 26, 2009 10:30 AM
> > To: Cui, Dexuan; Ross Philipson; xen-devel@xxxxxxxxxxxxxxxxxxx
> > Subject: Re: [Xen-devel] [PATCH] Included reserved memory regions in dom0
> > iommu mappings
> >
> > I'm not keen on Ross's patch anyway. I think if you have such a broken
> > system, the cmdline option should simply identity-map everything below 4GB,
> > unconditionally. Easy.
> >
> > -- Keir
> >
> > On 26/02/2009 09:20, "Cui, Dexuan" <dexuan.cui@xxxxxxxxx> wrote:
> >
> >> The patch is useful when BIOS doesn’t report RMRR correctly; however the
> >> patch
> >> may not help in some situations.
> >> E.g., to work around a buggy BIOS, we may have to map such an E820 entry
> >> (XEN) 00000000cff0b000 - 00000000d0000000 (reserved).
> >> But if we use a xen parameter "mem=512m", or, if the host only has 512m
> >> memory, the variable 'max_page" is 512m/PAGE_SIZE, so even with the patch,
> >> the
> >> E820 entry would not be mapped, and Xen would still hang.
> >>
> >> -- Dexuan
> >>
> >> ________________________________________
> >> From: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
> >> [mailto:xen-devel-bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of Ross Philipson
> >> Sent: 2009年2月24日 4:01
> >> To: xen-devel@xxxxxxxxxxxxxxxxxxx
> >> Subject: [Xen-devel] [PATCH] Included reserved memory regions in dom0 iommu
> >> mappings
> >>
> >> This adds a boolean boot parameter to xen to allow reserved memory
> >> regions to be added to the iommu mappings for dom0. The parameter
> >> is "iommu_include_reserved" and is off by default. A warning is
> >> also traced when incorrect RMRR to system memory map values are
> >> detected. This is being added to address some incorrect BIOS's that
> >> do not report correctly the requied reserved memory ranges in
> >> the RMRRs. When this occurs it currently can cause early boot hangs
> >> and crashes.
> >>
> >> Signed-off-by: Ross Philipson <ross.philipson@xxxxxxxxxx>
> >>
> >> Based on changeset 19238
> >>
> >> Thanks
> >> Ross
> >>
> >>
> >> Ross Philipson
> >> Senior Software Engineer
> >> Citrix Systems, Inc
> >> 14 Crosby Drive
> >> Bedford, MA 01730
> >> 781-301-7949
> >> ross.philipson@xxxxxxxxxx
> >>
> >
> >
>
>
>
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-devel
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
|