WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

Re: [Xen-devel] [PATCH] VT-d: improve RMRR validity checking

Noboru Iwamatsu wrote:
Hi Weidong,

I implemented a patch for it. Noboru, pls have a try on your machine.
If you use default iommu=1, VT-d will be disabled with warning messages.
If you use iommu=workaround_bios_bug, it should enable VT-d and works
for you.
If you use iommu=force, it panics.

On my machine, each options have worked as described.

Thanks Noboru.
I tried:
xen-unstable c/s 20844 + drhd-ignore.patch + workaround-bios.patch
drhd-ignore.patch was already checked in as c/s 20846. Keir, pls check in the workaround-bios.patch. Thanks.

Regards,
Weidong
Thanks,
Noboru.

patch title: VT-d: add "iommu=workaround_bios_bug" option
patch description:
Add this option to workaround BIOS bugs. Currently it ignores DRHD if
"all" devices under its scope are not pci discoverable. This workarounds
a BIOS bug in some platforms to make VT-d work. But note that this
option doesn't guarantee security, because it might ignore DRHD.
So there are 3 options which handle BIOS bugs differently:
iommu=1 (default): If detect non-existent device under a DRHD's scope,
or find incorrect RMRR setting (base_address > end_address), disable
VT-d completely in Xen with warning messages. This guarantees security
when VT-d enabled, or just disable VT-d to let Xen work without VT-d.
iommu=force: it enforces to enable VT-d in Xen. If VT-d cannot be
enabled, it will crashes Xen. This is mainly for users who must need VT-d.
iommu=workaround_bogus_bios: it workarounds some BIOS bugs to make VT-d
still work. This might be insecure because there might be a device not
protected by any DRHD if the device is re-enabled by malicious s/w. This
is for users who want to use VT-d regardless of security.

Signed-off-by: Weidong Han <weidong.han@xxxxxxxxx>

Regards,
Weidong

Noboru Iwamatsu wrote:
Weidong, Keir,

I agree your suggestions.

Noboru.

Keir Fraser wrote:
On 25/01/2010 10:45, "Sander Eikelenboom" <linux@xxxxxxxxxxxxxx> wrote:

a) Could be discussed if panic should be default instead of disabling
iommu or
not, although there seem to be a lot of broken bioses, so that would
lead to a
lot of machines not booting.
Absolutely not acceptable. Warn and completely disable IOMMU is the
correct
default causing least pain to the most end users.

-- Keir

Agree. It should not crash Xen by default due to BIOS issues.
warn-and-disable is better. It won't impact common Xen users, and if a
user really wants to use VT-d, he can try iommu=workaround_bogus_bios,
or directly report to OEM vendor to get it fixed in BIOS. As VT-d is
used more and more widely, I think the BIOS issues will be found and
fixed more quickly than before, thus the situation should be better.

Regards,
Weidong







_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

<Prev in Thread] Current Thread [Next in Thread>