From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
To: "Kay, Allen M" <allen.m.kay@intel.com>
Cc: "'xen-devel@lists.xensource.com'" <xen-devel@lists.xensource.com>,
Jan Beulich <JBeulich@novell.com>,
"Dugger, Donald D" <donald.d.dugger@intel.com>,
"'keir.fraser@eu.citrix.com'" <keir.fraser@eu.citrix.com>
Subject: Re: [PATCH][VTD] enabling PCI ACS P2P upstream forwarding
Date: Wed, 18 Nov 2009 09:53:36 -0500 [thread overview]
Message-ID: <20091118145336.GE15585@phenom.dumpdata.com> (raw)
In-Reply-To: <57C9024A16AD2D4C97DC78E552063EA3E3876DEA@orsmsx505.amr.corp.intel.com>
On Tue, Nov 17, 2009 at 01:49:09PM -0800, Kay, Allen M wrote:
> This patch enables P2P upstream forwarding in ACS capable PCIe switches. The enabling is conditioned on iommu_enabled variable. This code solves two potential problems in virtualization environment where a PCIe device is assigned to a guest domain using a HW iommu such as VT-d:
>
> 1) Unintentional failure caused by guest physical address programmed into the device's DMA that happens to match the memory address range of other downstream ports in the same PCIe switch. This causes the PCI transaction to go to the matching downstream port instead of go to the root complex to get translated by VT-d as it should be.
>
> 2) Malicious guest software intentionally attacks another downstream PCIe device by programming the DMA address into the assigned device that matches memory address range of the downstream PCIe port.
>
> Corresponding ACS filtering code is already in upstream control panel code that do not allow PCI device passthrough to guests if it is behind a PCIe switch that does not have ACS capability or with ACS capability but is not enabled.
Based on your description it sounds like the function should be called: pci_reset_acs.
Should there be a corresponding function to disable the P2P upstream forwarding?
next prev parent reply other threads:[~2009-11-18 14:53 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-11-17 21:49 [PATCH][VTD] enabling PCI ACS P2P upstream forwarding Kay, Allen M
2009-11-18 9:08 ` Jan Beulich
2009-11-18 14:53 ` Konrad Rzeszutek Wilk [this message]
2009-11-18 17:03 ` Kay, Allen M
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20091118145336.GE15585@phenom.dumpdata.com \
--to=konrad.wilk@oracle.com \
--cc=JBeulich@novell.com \
--cc=allen.m.kay@intel.com \
--cc=donald.d.dugger@intel.com \
--cc=keir.fraser@eu.citrix.com \
--cc=xen-devel@lists.xensource.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.