[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH] VT-d: improve RMRR validity checking

To: Pasi Kärkkäinen <pasik@xxxxxx>
From: Weidong Han <weidong.han@xxxxxxxxx>
Date: Sat, 23 Jan 2010 20:40:10 +0800
Cc: "xen-devel@xxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxx>, Noboru Iwamatsu <n_iwamatsu@xxxxxxxxxxxxxx>, "Cihula, Joseph" <joseph.cihula@xxxxxxxxx>, "Kay, Allen M" <allen.m.kay@xxxxxxxxx>, Sander Eikelenboom <linux@xxxxxxxxxxxxxx>, "keir.fraser@xxxxxxxxxxxxx" <keir.fraser@xxxxxxxxxxxxx>
Delivery-date: Sat, 23 Jan 2010 04:40:37 -0800
List-id: Xen developer discussion <xen-devel.lists.xensource.com>

Pasi Kärkkäinen wrote:

On Fri, Jan 22, 2010 at 08:15:11PM +0800, Weidong Han wrote:
Sander Eikelenboom wrote:
Hello Weidong,

Wouldn't it be more clear to add an option to iommu= for this case ?

if iommu=on,..,..,security

With the security option specified:
     -it would be most strict in it's checks, since enforcing security with the 
iommu requires that as you have pointed out.
     -warn,fail or panic incase it can't enable all to enforce the security.
iommu=force is for security. It does as you described above. So I think"security" option is not necessary.
Without the security option specified (default)
     - it tries to work as with the security option specified
     - but incase of problems makes the assumption the iommu's main task is not 
security, but making as much of vt-d working to keep the passthrough 
functionality
     - it will only warn, that you will lose the security part, that it would 
be wise to let your bios be fixed, and not making it panic
     - and keep vt-d enabled
the default iommu=1 works like iommu=force if BIOS is correct. But infact we encountered some buggy BIOS, and then we added some workaroundsto make VT-d still be enabled, or warn and disable VT-d if the issue isregarded as invalid and cannot be workarounded. These workarounds makeXen more defensive to VT-d BIOS issues. The panic only occurs whenoperating VT-d hardware fails, because it means the hardware is possiblymalfunctional.
In short, default iommu=1 can workaround known VT-d BIOS issues weobserved till now, while iommu=force ensures best security provided byVT-d.
So the default iommu=1 might be insecure? And iommu=force is always secure?
To me "force" sounds like it makes it work always, no matter if it's secure or 
not..

The "security" here means the protection provided VT-d. The maindifference between them is iommu=force tries to enable all VT-d units inany case, if any VT-d unit cannot enabled, it will quit Xen booting(panic), thus it guarantees security provided by VT-d. while wheniommu=1, in order to workaround some BIOS issues, it will ignore someinvalid DRHDs, or disable whole VT-d to keep Xen work without VT-d.

Regards,
Weidong




_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

Follow-Ups:
- Re: [Xen-devel] [PATCH] VT-d: improve RMRR validity checking
  - From: Pasi Kärkkäinen

References:
- Re: [Xen-devel] [PATCH] VT-d: improve RMRR validity checking
  - From: Keir Fraser
- Re: [Xen-devel] [PATCH] VT-d: improve RMRR validity checking
  - From: Weidong Han
- Re: [Xen-devel] [PATCH] VT-d: improve RMRR validity checking
  - From: Noboru Iwamatsu
- Re: [Xen-devel] [PATCH] VT-d: improve RMRR validity checking
  - From: Weidong Han
- Re: [Xen-devel] [PATCH] VT-d: improve RMRR validity checking
  - From: Noboru Iwamatsu
- Re: [Xen-devel] [PATCH] VT-d: improve RMRR validity checking
  - From: Weidong Han
- Re: [Xen-devel] [PATCH] VT-d: improve RMRR validity checking
  - From: Sander Eikelenboom
- Re: [Xen-devel] [PATCH] VT-d: improve RMRR validity checking
  - From: Weidong Han
- Re: [Xen-devel] [PATCH] VT-d: improve RMRR validity checking
  - From: Pasi Kärkkäinen

Prev by Date: Re: [Xen-devel] Re: follow up to a pciback "pv pci-passthrough co-assigned problem"
Next by Date: Re: [Xen-devel] [PATCH] VT-d: improve RMRR validity checking
Previous by thread: Re: [Xen-devel] [PATCH] VT-d: improve RMRR validity checking
Next by thread: Re: [Xen-devel] [PATCH] VT-d: improve RMRR validity checking
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.