[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] Latest AMD, IOMMU Security Change causing CPU0 Panic and general Problems with AMD+IOMMU changes

To: Jan Beulich <JBeulich@xxxxxxxx>
From: Matthias <matthias.kannenberg@xxxxxxxxxxxxxx>
Date: Fri, 15 Feb 2013 14:53:45 +0100
Cc: "xen-users@xxxxxxxxxxxxx" <xen-users@xxxxxxxxxxxxx>, Boris Ostrovsky <boris.ostrovsky@xxxxxxxxxx>, Ian Campbell <Ian.Campbell@xxxxxxxxxx>
Delivery-date: Fri, 15 Feb 2013 13:55:29 +0000
List-id: Xen user discussion <xen-users.lists.xen.org>

Hi,

you were right. After your hint about my firmware, I did a BIOS update
which ultimately fixed my issue and now IOMMU is activated with your
patches, too. Sorry that I haven't thought about this earlier.

So in general I think this is solved for me. My xen now behaves rather
strange (random HDD / DMA read / write errors), but i can reproduce
this with and without your patches so I think this is a whole other
story.

Thank you for your help



2013/2/15 Jan Beulich <JBeulich@xxxxxxxx>:
>>>> On 15.02.13 at 03:55, Matthias <matthias.kannenberg@xxxxxxxxxxxxxx> wrote:
>> Unfortunatly, the changes disable my IOMMU rendering pci and vga
>> passthrough unusable for me. Now, I might have missed something, but
>> what exactly is the point of this at all? My Xen is running fine with
>> AMD IOMMU for years now but if i still want to do this, I have to
>> revert changes 26532, 26531, 26519, 26518 and 25617 (basically all the
>> AMD/IOMMU changes).
>
> No, you rather need to get your firmware fixed, because this
>
>> (XEN) IVHD Error: no information for IO-APIC 0x6
>
> is simply not tolerable. But you can, at the expense of security,
> revert to using the global interrupt remapping table, as pointed
> out in this same context to others before
> ("iommu=no-amd-iommu-perdev-intremap").
>
> And yes, we are indeed re-thinking the situation, but in everything
> to consider doing you need to realize the security implications. See
> for instance
> http://lists.xen.org/archives/html/xen-devel/2013-02/msg00591.html
> and the single IOMMU consideration in
> http://lists.xen.org/archives/html/xen-devel/2013-02/msg00817.html
> (but which I don't think will actually work without looking at the PCI
> bus topology). Feel free to participate in that discussion.
>
> Jan
>

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxx
http://lists.xen.org/xen-users

References:
- [Xen-users] Latest AMD, IOMMU Security Change causing CPU0 Panic and general Problems with AMD+IOMMU changes
  - From: Matthias
- Re: [Xen-users] Latest AMD, IOMMU Security Change causing CPU0 Panic and general Problems with AMD+IOMMU changes
  - From: Ian Campbell
- Re: [Xen-users] Latest AMD, IOMMU Security Change causing CPU0 Panic and general Problems with AMD+IOMMU changes
  - From: Jan Beulich
- Re: [Xen-users] Latest AMD, IOMMU Security Change causing CPU0 Panic and general Problems with AMD+IOMMU changes
  - From: Matthias
- Re: [Xen-users] Latest AMD, IOMMU Security Change causing CPU0 Panic and general Problems with AMD+IOMMU changes
  - From: Jan Beulich
- Re: [Xen-users] Latest AMD, IOMMU Security Change causing CPU0 Panic and general Problems with AMD+IOMMU changes
  - From: Matthias
- Re: [Xen-users] Latest AMD, IOMMU Security Change causing CPU0 Panic and general Problems with AMD+IOMMU changes
  - From: Jan Beulich

Prev by Date: [Xen-users] Xen Security Advisory 38 (CVE-2013-0215) - oxenstored incorrect handling of certain Xenbus ring states
Next by Date: [Xen-users] 3.7.8 kernel xen specific patches
Previous by thread: Re: [Xen-users] Latest AMD, IOMMU Security Change causing CPU0 Panic and general Problems with AMD+IOMMU changes
Next by thread: [Xen-users] Asrock X79 Extreme9 + Intel i7-3820
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.