[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Determining iommu groups in Xen?

On 28/08/14 17:48, Peter Kay wrote:
> On 28 August 2014 14:54:01 BST, Andrew Cooper <andrew.cooper3@xxxxxxxxxx> 
> wrote:
>> On 28/08/14 14:26, Peter Kay wrote:
>>> This should be a simple question, but I can't find the answer : how
>> are iommu groups determined/found in Xen?
> ...snip...
> >From memory, ACS is present to fix an interaction issue between PCI
>> Passthrough and peer-to-peer dma translations in the PCIe spec.  ACS
>> instructions a bridge/switch to forward the transaction to the upstream
>> port for translation by the IOMMU instead of resolving it privately as
>> a peer-to-peer transaction.
> Yes, precisely.
>> Unfortunately, a lot of 1st era PCIe switches after ACS was specified
>> have errata, caused by an ambiguity in the spec, which means that
>> despite claiming ACS support, they don't function correctly.  
> Yes. KVM has a list of quirks from Intel specifying which chipsets actually 
> work.
>> Certainly within XenServer, we state that customers using
>> PCIPassthrough must trust the guest administrators, which
>> 'fixes' the security aspect of things from the point of view
>> of malicious guests.
>> ~Andrew
> Fair enough; possibly not ideal but it's an administrator function with 
> calculated risk. A warning might be nice, though.

I am not aware of a single server platform which doesn't have a single
erraturm which breaks the end-to-end security or functionality of PCI
Passthrough.  I would love to be proved wrong in this regard.

> The more important question is : how do I determine the iommu groups? Do I 
> need to write some code? It isn't possible to discover from the motherboard 
> manual (it lies) and furthermore, as expansion cards are added and removed 
> the iommu groups change slightly as do the PCI IDs (which is also annoying as 
> it's then necessary to edit all the domU config files plus the pciback hide 
> parameters. KVM is just as broken here).

I am confused as to what exactly you mean by iommu groups in this
context.  My initial guess of the iommu context identifiers for HAP/EPT
tables was clearly wrong.

> I currently have an issue with the system spontaneously rebooting under both 
> 4.4 and -unstable as soon as I pass through the entire USB controller (or the 
> half on one set or other of PCI IDs). I don't know if it's a bug or something 
> daft is happening with iommu groups or similar.

Almost certainly to do with the (lack of correct) RMRR support.  There
is a patch series on-list attempting to remedy this problem.


> On the bright side, USB host device passthrough with a virtual USB controller 
> appears to work well under Windows, Linux and FreeBSD. KVM doesn't fare so 
> well under *BSD.
> PK

Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.