[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] iommu=dom0-passthrough behavior

To: "Xiantao Zhang" <xiantao.zhang@xxxxxxxxx>, "Yang Z Zhang" <yang.z.zhang@xxxxxxxxx>
From: "Jan Beulich" <JBeulich@xxxxxxxx>
Date: Tue, 13 Nov 2012 15:29:08 +0000
Cc: "wei.huang2@xxxxxxx" <wei.huang2@xxxxxxx>, "weiwang.dd@xxxxxxxxx" <weiwang.dd@xxxxxxxxx>, xen-devel <xen-devel@xxxxxxxxxxxxx>
Delivery-date: Tue, 13 Nov 2012 15:29:26 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

>>> On 13.11.12 at 16:02, "Zhang, Xiantao" <xiantao.zhang@xxxxxxxxx> wrote:
>> From: Jan Beulich [mailto:JBeulich@xxxxxxxx]
>> > If software cannot see it, then how to use it? If there still have an
>> > approach to detect it, then xen can do it too and setup the context
>> > entry as passthrough.
>> 
>> We see it the latest at the point the fault occurs. So there are multiple
>> options:
>> a) if the device is "real" as in having a valid config space despite
>>     func 0 not advertising itself as multi-function, we have ways to
>>     discover the device (at boot time)
> 
> I think current Xen logic also covers multi-function devices case.  When Xen 
> boots up, it will scan all functions of devices on each bus, through reads 
> their vendor ID.  If the vendor ID is valid, Xen deems this BDF has a real 
> device/function existed there

Not anymore - we're now honoring the multi-function flag in
_scan_pci_devices() (as Linux always did in its bus scan logic);
see c/s 22337:7afd8dd1d6cb (with a subsequent adjustment in
c/s 25869:59b3663316db).

>> b) we could insert the context entry in the fault handler, assuming
>>     the device is able to recover
> At least current VT-d doesn't have recovery fault supported, so each 
> triggered faults are fatal. 

Fatal in what sense? I would assume that if the driver retries the
operation, it would succeed if the first fault causes the context
entry to be inserted.

>> c) we could provide a command line option to allow fake devices to
>>     be create
> 
> Agree, this maybe a feasible solution I can figure out, so far. 
> 
>> d) we could create context entries for all BDFs, whether or not a
>>     device exists there
> 
> As I said,  this maybe bring security issue. Even for the iommu-passthrough 
> option,  it is also not suggested to be used if security is considered. 

As said - it is clear that the basic thing here (using
"iommu=dom0-passthrough") is already weakening security. So
security isn't the concern in this discussion, that's left to whoever
is intending to use that option.

Jan


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

Follow-Ups:
- Re: [Xen-devel] iommu=dom0-passthrough behavior
  - From: Zhang, Xiantao

References:
- [Xen-devel] iommu=dom0-passthrough behavior
  - From: Jan Beulich
- Re: [Xen-devel] iommu=dom0-passthrough behavior
  - From: Zhang, Yang Z
- Re: [Xen-devel] iommu=dom0-passthrough behavior
  - From: Jan Beulich
- Re: [Xen-devel] iommu=dom0-passthrough behavior
  - From: Zhang, Xiantao
- Re: [Xen-devel] iommu=dom0-passthrough behavior
  - From: Jan Beulich
- Re: [Xen-devel] iommu=dom0-passthrough behavior
  - From: Zhang, Yang Z
- Re: [Xen-devel] iommu=dom0-passthrough behavior
  - From: Jan Beulich
- Re: [Xen-devel] iommu=dom0-passthrough behavior
  - From: Zhang, Xiantao

Prev by Date: Re: [Xen-devel] [PATCH] [RFC PATCH] xen: vmx: Use an INT 2 call to process real NMI's instead of self_nmi() in VMEXIT handler
Next by Date: Re: [Xen-devel] [PATCH] [RFC PATCH] xen: vmx: Use an INT 2 call to process real NMI's instead of self_nmi() in VMEXIT handler
Previous by thread: Re: [Xen-devel] iommu=dom0-passthrough behavior
Next by thread: Re: [Xen-devel] iommu=dom0-passthrough behavior
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.