WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

RE: [Xen-devel] [PATCH] [VTD] Add 'force_iommu' option

To: "Keir Fraser" <keir.fraser@xxxxxxxxxxxxx>
Subject: RE: [Xen-devel] [PATCH] [VTD] Add 'force_iommu' option
From: "Cihula, Joseph" <joseph.cihula@xxxxxxxxx>
Date: Wed, 6 Aug 2008 09:09:09 -0700
Cc: Espen Skoglund <espen.skoglund@xxxxxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxx, "Han, Weidong" <weidong.han@xxxxxxxxx>
Delivery-date: Wed, 06 Aug 2008 09:10:11 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <18585.41148.403061.332119@xxxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <0122C7C995D32147B66BF4F440D30163017E42E9@xxxxxxxxxxxxxxxxxxxxxxxxxxxx> <18585.41148.403061.332119@xxxxxxxxxxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
Thread-index: Acj3xL2WYDYpNlk2Tsyf60iWhTOIDQAGZQjA
Thread-topic: [Xen-devel] [PATCH] [VTD] Add 'force_iommu' option
I'd like to petition this patch to be included in 3.3, so that the
official releases continue to fully support the TXT/tboot trust model.

Joe

-----Original Message-----
From: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
[mailto:xen-devel-bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of Espen
Skoglund
Sent: Wednesday, August 06, 2008 6:02 AM
To: Han, Weidong
Cc: xen-devel@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Xen-devel] [PATCH] [VTD] Add 'force_iommu' option

[Weidong Han]
> For security reasons, add 'force_iommu' option to ensure that it
should
> not be possible under any conditions to boot Xen w/o VT-d being
enabled.
> This would only be specified by users that really want the added
> security.

Here's a followup which collects all the iommu parameters into a
single parameter.  Makes things more intuitive from a users
perspective.

        eSk


---
iommu: Make the iommu boot parameters more generic and flexible

Make the 'iommu' boot parameter take a comma separated value indicating
wheter iommu is required to boot and whether to enable iommu for pv
domains.

Signed-off-by: Espen Skoglund <espen.skoglund@xxxxxxxxxxxxx>


diff -r 152ba12fc55c xen/drivers/passthrough/iommu.c
--- a/xen/drivers/passthrough/iommu.c   Wed Aug 06 13:07:34 2008 +0100
+++ b/xen/drivers/passthrough/iommu.c   Wed Aug 06 13:55:46 2008 +0100
@@ -20,18 +20,48 @@
 
 extern struct iommu_ops intel_iommu_ops;
 extern struct iommu_ops amd_iommu_ops;
+static void parse_iommu_param(char *s);
 static int iommu_populate_page_table(struct domain *d);
 int intel_vtd_setup(void);
 int amd_iov_detect(void);
 
+/*
+ * The 'iommu' parameter enables the IOMMU.  Optional comma separated
+ * value may contain:
+ *
+ *   off|no|false|disable       Disable IOMMU (default)
+ *   pv                         Enable IOMMU for PV domains
+ *   no-pv                      Disable IOMMU for PV domains (default)
+ *   force|required             Don't boot unless IOMMU is enabled
+ */
+custom_param("iommu", parse_iommu_param);
 int iommu_enabled = 0;
-boolean_param("iommu", iommu_enabled);
+int iommu_pv_enabled = 0;
+int force_iommu = 0;
 
-int iommu_pv_enabled = 0;
-boolean_param("iommu_pv", iommu_pv_enabled);
+static void __init parse_iommu_param(char *s)
+{
+    char *ss;
+    iommu_enabled = 1;
 
-int force_iommu = 0;
-boolean_param("force_iommu", force_iommu);
+    do {
+        ss = strchr(s, ',');
+        if ( ss )
+            *ss = '\0';
+
+        if ( !strcmp(s, "off") || !strcmp(s, "no") || !strcmp(s,
"false") ||
+             !strcmp(s, "0") || !strcmp(s, "disable") )
+            iommu_enabled = 0;
+        else if ( !strcmp(s, "pv") )
+            iommu_pv_enabled = 1;
+        else if ( !strcmp(s, "no-pv") )
+            iommu_pv_enabled = 0;
+        else if ( !strcmp(s, "force") || !strcmp(s, "required") )
+            force_iommu = 1;
+
+        s = ss + 1;
+    } while ( ss );
+}
 
 int iommu_domain_init(struct domain *domain)
 {

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

<Prev in Thread] Current Thread [Next in Thread>