This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


Re: [Xen-devel] [PATCH] VT-d: improve RMRR validity checking

To: Weidong Han <weidong.han@xxxxxxxxx>
Subject: Re: [Xen-devel] [PATCH] VT-d: improve RMRR validity checking
From: Alex Williamson <alex.williamson@xxxxxx>
Date: Tue, 9 Mar 2010 14:39:10 -0700
Cc: "xen-devel@xxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxx>, Noboru Iwamatsu <n_iwamatsu@xxxxxxxxxxxxxx>, "Cihula, Joseph" <joseph.cihula@xxxxxxxxx>, "Kay, Allen M" <allen.m.kay@xxxxxxxxx>, "linux@xxxxxxxxxxxxxx" <linux@xxxxxxxxxxxxxx>, "keir.fraser@xxxxxxxxxxxxx" <keir.fraser@xxxxxxxxxxxxx>
Delivery-date: Tue, 09 Mar 2010 13:40:17 -0800
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:sender:received:in-reply-to :references:date:x-google-sender-auth:message-id:subject:from:to:cc :content-type:content-transfer-encoding; bh=f6/Ob/A/pj2vzf1Wo33ziQI64nitr5JiMK4/W4Ssp80=; b=sxEQpDVRvBAv7kU6JI/MlAIJMpyDXbFwCwKReFs8uZSdmsWX+fGshNYd93DcTXWNuH jUspypsw9YbeY7ln5FRzYxfmGaMYf2oX7wyebpp/1aSJH2CQWvSzekbz0ghH2yggDNOs tyj7x7sOPCl0tZQgpvcEexz2g/V2IspPoWqNI=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type :content-transfer-encoding; b=gjtjFJaI4RsehLN/3k1wju22AB6NL/NXymCXwRm8CopP+X8AKffg8AJN64IBV+0rGP Lih1qTePH2CcNWvTaeF/9pHLbyqPlHgh/lI885FqTsNbAvlbekP8ggnJehY613iu1Nna xW3wdTx3eKwIAvRv5rJpE337OY+pg7k9AG8OE=
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <4B59660F.4000909@xxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <C77E162B.6FE6%keir.fraser@xxxxxxxxxxxxx> <4B59098B.6000108@xxxxxxxxx> <4B590FA4.4000008@xxxxxxxxxxxxxx> <4B59132B.40607@xxxxxxxxx> <4B59188C.50901@xxxxxxxxxxxxxx> <4B59660F.4000909@xxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
On Fri, Jan 22, 2010 at 1:47 AM, Weidong Han <weidong.han@xxxxxxxxx> wrote:
> I implemented a patch and attached.
> patch description:
>   In order to make Xen more defensive to VT-d related BIOS issue, this patch
> ignores a DRHD if all devices under its scope are not pci discoverable, and
> regards a DRHD as invalid and then disable whole VT-d if some devices under
> its scope are not pci discoverable. But if iommu=force is set, it will
> enable all DRHDs reported by BIOS, to avoid any security vulnerability with
> malicious s/s re-enabling "supposed disabled" devices.  Pls note that we
> don't know the devices under the "Include_all" DRHD are existent or not,
> because the scope of "Include_all" DRHD  won't enumerate common pci device,
> it only enumerates I/OxAPIC and HPET devices.

Hi All,

I have a system with what I consider to be a valid DRHD that's getting
tripped up on this patch.  The problem is that the DRHD includes an
IOAPIC scope, where the IOAPIC is not materialized on the PCI bus.  I
think Xen is being overzealous in it's validity checking and that this
is a valid configuration.  What do others think?  Are IOAPICs a
special case that we can allow to be non-existent on the PCI bus?


Xen-devel mailing list