From mboxrd@z Thu Jan 1 00:00:00 1970 From: Noboru Iwamatsu Subject: Re: [PATCH] VT-d: improve RMRR validity checking Date: Thu, 21 Jan 2010 21:09:00 +0900 Message-ID: <4B5843DC.9020100@jp.fujitsu.com> References: <60E426D47DE8EA47AA104E65008A100D14458756F3@shzsmsx501.ccr.corp.intel.com> <4B580F8C.5090807@jp.fujitsu.com> <60E426D47DE8EA47AA104E65008A100D14458759D3@shzsmsx501.ccr.corp.intel.com> <4B582665.300@jp.fujitsu.com> <4B5828BB.1080006@intel.com> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="------------010208060103090508090602" Return-path: In-Reply-To: <4B5828BB.1080006@intel.com> List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xensource.com Errors-To: xen-devel-bounces@lists.xensource.com To: weidong.han@intel.com Cc: xen-devel@lists.xensource.com List-Id: xen-devel@lists.xenproject.org This is a multi-part message in MIME format. --------------010208060103090508090602 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Hi Weidong, Here is the log. Xen version is: xen-unstable c/s 20829 + return.patch + rmrr.patch Regards, Noboru > Noboru Iwamatsu wrote: >> Hi, >> >> After registered invalid DRHDs, Xen hangs in boot time. > > Can you post the logs? > > Regards, > Weidong >> About RMRR, I understood the logic. >> In my mainboard, unfortunately, RMRR has non-existent device under >> its scope, and to make matters worse, the RMRR range is invalid. >> So, I think RMRR that has no-existent device is valid. >> >> How do you think about these? >> >>> Hi Noboru, >>> >>> You should not ignore DRHD even if devices under its scope are not >>> pci discoverable. For the sake of security, we still enable these >>> DRHDs but don't set any context mappings. In that case, any DMA that >>> comes from these "supposedly disabled" devices will get blocked by >>> VT-d, and hence avoid any security vulnerability with malicious s/w >>> re-enabling these devices. >>> >>> You RMRR validity fixing is wrong. My RMRR patch is no problem. Pls >>> note that the RMRR checking logic is: >>> If all devices under RMRR's scope are not pci discoverable >>> Ignore the RMRR >>> Else if base_address> end_address >>> Return error >>> Else >>> Register RMRR >>> >>> Regards, >>> Weidong >>> >>> >>> -----Original Message----- >>> From: Noboru Iwamatsu [mailto:n_iwamatsu@jp.fujitsu.com] >>> Sent: Thursday, January 21, 2010 4:26 PM >>> To: Han, Weidong >>> Cc: xen-devel@lists.xensource.com; keir.fraser@eu.citrix.com >>> Subject: Re: [Xen-devel] [PATCH] VT-d: improve RMRR validity checking >>> >>> Hi, >>> >>> Some Q35 mainboard that has buggy BIOS, I have one of this, reports >>> invalid DRHD in addition to the invalid RMRR. >>> >>> Attached patch fixes this DRHD issue in the same way as RMRR. >>> And also, I fixed RMRR validity checking loop. >>> >>> Noboru. >>> >>> Signed-off-by: Noboru Iwamatsu >>> >>> >>> -------- Original Message -------- >>> Subject: [Xen-devel] [PATCH] VT-d: improve RMRR validity checking >>> From: Han, Weidong >>> To: xen-devel@lists.xensource.com >>> Date: Thu Jan 21 2010 11:46:12 GMT+0900 >>> >>>> Currently, Xen checks RMRR range and disables VT-d if RMRR range is >>>> set incorrectly in BIOS rigorously. But, actually we can ignore the >>>> RMRR if the device under its scope are not pci discoverable, because >>>> the RMRR won't be used by non-existed or disabled devices. >>>> >>>> This patch ignores the RMRR if the device under its scope are not >>>> pci discoverable, and only checks the validity of RMRRs that are >>>> actually used. In order to avoid duplicate pci device detection >>>> code, this patch defines a function pci_device_detect for it. >>>> >>>> Signed-off-by: Weidong Han >>>> >>>> >>>> >>>> _______________________________________________ >>>> Xen-devel mailing list >>>> Xen-devel@lists.xensource.com >>>> http://lists.xensource.com/xen-devel >> >> > --------------010208060103090508090602 Content-Type: text/plain; name="xen-serial.log" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="xen-serial.log" __ __ _ _ ___ ___ ____ \ \/ /___ _ __ | || | / _ \ / _ \ _ __ ___|___ \ _ __ _ __ ___ \ // _ \ '_ \ | || |_| | | | | | |__| '__/ __| __) |__| '_ \| '__/ _ \ / \ __/ | | | |__ _| |_| | |_| |__| | | (__ / __/|__| |_) | | | __/ /_/\_\___|_| |_| |_|(_)___(_)___/ |_| \___|_____| | .__/|_| \___| |_| (XEN) Xen version 4.0.0-rc2-pre (noboru@) (gcc version 4.4.2 20091222 (Red Hat 4.4.2-20) (GCC) ) Thu Jan 21 18:22:09 JST 2010 (XEN) Latest ChangeSet: Thu Jan 21 14:08:42 2010 +0900 20859:bbad08b156e9 (XEN) Command line: com1=115200,8n1 vga=text-80x25 console=com1,vga iommu=1 noreboot loglvl=all guest_loglvl=all (XEN) Video information: (XEN) VGA is text mode 80x25, font 8x0 (XEN) VBE/DDC methods: V2; EDID transfer time: 2 seconds (XEN) Disc information: (XEN) Found 1 MBR signatures (XEN) Found 1 EDD information structures (XEN) Xen-e820 RAM map: (XEN) 0000000000000000 - 000000000009e400 (usable) (XEN) 000000000009e400 - 00000000000a0000 (reserved) (XEN) 00000000000f0000 - 0000000000100000 (reserved) (XEN) 0000000000100000 - 00000000bfe90000 (usable) (XEN) 00000000bfe90000 - 00000000bfee3000 (ACPI NVS) (XEN) 00000000bfee3000 - 00000000bfef0000 (ACPI data) (XEN) 00000000bfef0000 - 00000000bff00000 (reserved) (XEN) 00000000e0000000 - 00000000f0000000 (reserved) (XEN) 00000000fec00000 - 0000000100000000 (reserved) (XEN) 0000000100000000 - 000000013c000000 (usable) (XEN) ACPI: RSDP 000F8B70, 0024 (r2 FUJ ) (XEN) ACPI: XSDT BFEE3080, 006C (r1 FUJ PC 30383232 AWRD 0) (XEN) ACPI: FACP BFEE8040, 00F4 (r3 FUJ PC 30383232 AWRD 0) (XEN) ACPI: DSDT BFEE3200, 4E24 (r1 FUJ AWRDACPI 80202 MSFT 3000000) (XEN) ACPI: FACS BFE90000, 0040 (XEN) ACPI: SLIC BFEE8240, 0176 (r1 FUJ PC 30383232 AWRD 1010101) (XEN) ACPI: ASF! BFEE8440, 008A (r16 FUJ PC 30383232 AWRD 0) (XEN) ACPI: HPET BFEE83C0, 0038 (r1 FUJ PC 30383232 AWRD 98) (XEN) ACPI: MCFG BFEE8400, 003C (r1 FUJ PC 30383232 AWRD 0) (XEN) ACPI: APIC BFEE8140, 0084 (r1 FUJ PC 30383232 AWRD 0) (XEN) ACPI: SSDT BFEE8E20, 07EF (r1 PmRef CpuPm 3000 INTL 20061109) (XEN) ACPI: BOOT BFEE9640, 0028 (r1 FUJ PC 30383232 AWRD 0) (XEN) ACPI: DMAR BFEE9680, 0110 (r1 IntelR AWRDACPI 322E3030 DRWA 2) (XEN) System RAM: 3910MB (4004452kB) (XEN) No NUMA configuration found (XEN) Faking a node at 0000000000000000-000000013c000000 (XEN) Domain heap initialised (XEN) found SMP MP-table at 000f44a0 (XEN) DMI 2.5 present. (XEN) Using APIC driver default (XEN) ACPI: PM-Timer IO Port: 0x408 (XEN) ACPI: ACPI SLEEP INFO: pm1x_cnt[404,0], pm1x_evt[400,0] (XEN) ACPI: wakeup_vec[bfe9000c], vec_size[20] (XEN) ACPI: Local APIC address 0xfee00000 (XEN) ACPI: LAPIC (acpi_id[0x00] lapic_id[0x00] enabled) (XEN) Processor #0 7:7 APIC version 20 (XEN) ACPI: LAPIC (acpi_id[0x01] lapic_id[0x03] enabled) (XEN) Processor #3 7:7 APIC version 20 (XEN) ACPI: LAPIC (acpi_id[0x02] lapic_id[0x01] enabled) (XEN) Processor #1 7:7 APIC version 20 (XEN) ACPI: LAPIC (acpi_id[0x03] lapic_id[0x02] enabled) (XEN) Processor #2 7:7 APIC version 20 (XEN) ACPI: LAPIC_NMI (acpi_id[0x00] high edge lint[0x1]) (XEN) ACPI: LAPIC_NMI (acpi_id[0x01] high edge lint[0x1]) (XEN) ACPI: LAPIC_NMI (acpi_id[0x02] high edge lint[0x1]) (XEN) ACPI: LAPIC_NMI (acpi_id[0x03] high edge lint[0x1]) (XEN) ACPI: IOAPIC (id[0x04] address[0xfec00000] gsi_base[0]) (XEN) IOAPIC[0]: apic_id 4, version 32, address 0xfec00000, GSI 0-23 (XEN) ACPI: INT_SRC_OVR (bus 0 bus_irq 0 global_irq 2 dfl dfl) (XEN) ACPI: INT_SRC_OVR (bus 0 bus_irq 9 global_irq 9 high level) (XEN) ACPI: IRQ0 used by override. (XEN) ACPI: IRQ2 used by override. (XEN) ACPI: IRQ9 used by override. (XEN) Enabling APIC mode: Flat. Using 1 I/O APICs (XEN) ACPI: HPET id: 0x8086a201 base: 0xfed00000 (XEN) [VT-D]dmar.c:580: Host address width 36 (XEN) [VT-D]dmar.c:589: found ACPI_DMAR_DRHD: (XEN) [VT-D]dmar.c:374: dmaru->address = fed90000 (XEN) [VT-D]dmar.c:326: endpoint: 0:1b.0 (XEN) [VT-D]dmar.c:589: found ACPI_DMAR_DRHD: (XEN) [VT-D]dmar.c:374: dmaru->address = fed91000 (XEN) [VT-D]dmar.c:326: endpoint: 0:2.1 (XEN) [VT-D]dmar.c:589: found ACPI_DMAR_DRHD: (XEN) [VT-D]dmar.c:374: dmaru->address = fed92000 (XEN) [VT-D]dmar.c:326: endpoint: 0:3.0 (XEN) [VT-D]dmar.c:326: endpoint: 0:3.2 (XEN) [VT-D]dmar.c:326: endpoint: 0:3.3 (XEN) [VT-D]dmar.c:589: found ACPI_DMAR_DRHD: (XEN) [VT-D]dmar.c:374: dmaru->address = fed93000 (XEN) [VT-D]dmar.c:386: flags: INCLUDE_ALL (XEN) [VT-D]dmar.c:593: found ACPI_DMAR_RMRR: (XEN) [VT-D]dmar.c:326: endpoint: 0:1d.0 (XEN) [VT-D]dmar.c:326: endpoint: 0:1d.1 (XEN) [VT-D]dmar.c:326: endpoint: 0:1d.2 (XEN) [VT-D]dmar.c:326: endpoint: 0:1d.7 (XEN) [VT-D]dmar.c:326: endpoint: 0:1a.0 (XEN) [VT-D]dmar.c:326: endpoint: 0:1a.1 (XEN) [VT-D]dmar.c:326: endpoint: 0:1a.2 (XEN) [VT-D]dmar.c:326: endpoint: 0:1a.7 (XEN) [VT-D]dmar.c:484: RMRR region: base_addr bfef0000 end_address bfefffff (XEN) [VT-D]dmar.c:593: found ACPI_DMAR_RMRR: (XEN) [VT-D]dmar.c:425: RMRR address range not in reserved memory base = c0000000 end = bfffffff; iommu_inclusive_mapping=1 parameter may be needed. (XEN) [VT-D]dmar.c:326: endpoint: 0:2.1 (XEN) [VT-D]dmar.c:469: Ignore the RMRR (c0000000, bfffffff) due to devices under its scope are not PCI discoverable! (XEN) PCI: MCFG configuration 0: base e0000000 segment 0 buses 0 - 255 (XEN) PCI: MCFG area at e0000000 reserved in E820 (XEN) Using ACPI (MADT) for SMP configuration information (XEN) Using scheduler: SMP Credit Scheduler (credit) (XEN) Initializing CPU#0 (XEN) Detected 2660.356 MHz processor. (XEN) Initing memory sharing. (XEN) CPU: L1 I cache: 32K, L1 D cache: 32K (XEN) CPU: L2 cache: 6144K (XEN) CPU: Physical Processor ID: 0 (XEN) CPU: Processor Core ID: 0 (XEN) VMX: Supported advanced features: (XEN) - APIC MMIO access virtualisation (XEN) - APIC TPR shadow (XEN) - Virtual NMI (XEN) - MSR direct-access bitmap (XEN) HVM: ASIDs disabled. (XEN) HVM: VMX enabled (XEN) Intel machine check reporting enabled on CPU#0. (XEN) CPU0: Thermal monitoring enabled (TM2) (XEN) CMCI: CPU0 has no CMCI support (XEN) [VT-D]iommu.c:1062: drhd->address = fed92000 (XEN) [VT-D]iommu.c:1063: iommu->reg = ffff82c3fff57000 (XEN) [VT-D]iommu.c:1062: drhd->address = fed91000 (XEN) [VT-D]iommu.c:1063: iommu->reg = ffff82c3fff56000 (XEN) [VT-D]iommu.c:1062: drhd->address = fed90000 (XEN) [VT-D]iommu.c:1063: iommu->reg = ffff82c3fff55000 (XEN) [VT-D]iommu.c:1062: drhd->address = fed93000 (XEN) [VT-D]iommu.c:1063: iommu->reg = ffff82c3fff54000 (XEN) Intel VT-d Snoop Control not supported. (XEN) Intel VT-d DMA Passthrough not supported. (XEN) Intel VT-d Queued Invalidation not supported. (XEN) Intel VT-d Interrupt Remapping not supported. (XEN) I/O virtualisation enabled (XEN) I/O virtualisation for PV guests disabled (XEN) CPU0: Intel(R) Core(TM)2 Quad CPU Q9450 @ 2.66GHz stepping 07 (XEN) Booting processor 1/3 eip 8c000 (XEN) Initializing CPU#1 (XEN) CPU: L1 I cache: 32K, L1 D cache: 32K (XEN) CPU: L2 cache: 6144K (XEN) CPU: Physical Processor ID: 0 (XEN) CPU: Processor Core ID: 3 (XEN) HVM: ASIDs disabled. (XEN) Intel machine check reporting enabled on CPU#1. (XEN) CPU1: Thermal monitoring enabled (TM2) (XEN) CMCI: CPU1 has no CMCI support (XEN) CPU1: Intel(R) Core(TM)2 Quad CPU Q9450 @ 2.66GHz stepping 07 (XEN) Booting processor 2/1 eip 8c000 (XEN) Initializing CPU#2 (XEN) CPU: L1 I cache: 32K, L1 D cache: 32K (XEN) CPU: L2 cache: 6144K (XEN) CPU: Physical Processor ID: 0 (XEN) CPU: Processor Core ID: 1 (XEN) HVM: ASIDs disabled. (XEN) Intel machine check reporting enabled on CPU#2. (XEN) CPU2: Thermal monitoring enabled (TM2) (XEN) CMCI: CPU2 has no CMCI support (XEN) CPU2: Intel(R) Core(TM)2 Quad CPU Q9450 @ 2.66GHz stepping 07 (XEN) Booting processor 3/2 eip 8c000 (XEN) Initializing CPU#3 (XEN) CPU: L1 I cache: 32K, L1 D cache: 32K (XEN) CPU: L2 cache: 6144K (XEN) CPU: Physical Processor ID: 0 (XEN) CPU: Processor Core ID: 2 (XEN) HVM: ASIDs disabled. (XEN) Intel machine check reporting enabled on CPU#3. (XEN) CPU3: Thermal monitoring enabled (TM2) (XEN) CMCI: CPU3 has no CMCI support (XEN) CPU3: Intel(R) Core(TM)2 Quad CPU Q9450 @ 2.66GHz stepping 07 (XEN) Total of 4 processors activated. (XEN) ENABLING IO-APIC IRQs (XEN) -> Using new ACK method (XEN) ..TIMER: vector=0xF0 apic1=0 pin1=2 apic2=-1 pin2=-1 (XEN) checking TSC synchronization across 4 CPUs: passed. (XEN) Platform timer is 14.318MHz HPET (XEN) microcode.c:73:d32767 microcode: CPU1 resumed (XEN) microcode.c:73:d32767 microcode: CPU3 resumed (XEN) Brought up 4 CPUs (XEN) microcode.c:73:d32767 microcode: CPU2 resumed (XEN) HPET: 4 timers in total, 0 timers will be used for broadcast (XEN) ACPI sleep modes: S3 (XEN) mcheck_poll: Machine check polling timer started. (XEN) [VT-D]iommu.c:1306:d32767 domain_context_mapping:PCI: bdf = 0:0.0 (XEN) [VT-D]mmconfig-shared.c:460: next cap:0:0.0: no extended config (XEN) [VT-D]iommu.c:1306:d32767 domain_context_mapping:PCI: bdf = 0:3.0 (XEN) [VT-D]mmconfig-shared.c:460: next cap:0:3.0: no extended config (XEN) [VT-D]iommu.c:1306:d32767 domain_context_mapping:PCI: bdf = 0:3.2 (XEN) [VT-D]mmconfig-shared.c:460: next cap:0:3.2: no extended config (XEN) [VT-D]iommu.c:1306:d32767 domain_context_mapping:PCI: bdf = 0:3.3 (XEN) [VT-D]mmconfig-shared.c:460: next cap:0:3.3: no extended config (XEN) [VT-D]iommu.c:1306:d32767 domain_context_mapping:PCI: bdf = 0:19.0 (XEN) [VT-D]mmconfig-shared.c:460: next cap:0:19.0: no extended config (XEN) [VT-D]iommu.c:1306:d32767 domain_context_mapping:PCI: bdf = 0:1a.0 (XEN) [VT-D]mmconfig-shared.c:460: next cap:0:1a.0: no extended config (XEN) [VT-D]iommu.c:1306:d32767 domain_context_mapping:PCI: bdf = 0:1a.1 (XEN) [VT-D]mmconfig-shared.c:460: next cap:0:1a.1: no extended config (XEN) [VT-D]iommu.c:1306:d32767 domain_context_mapping:PCI: bdf = 0:1a.2 (XEN) [VT-D]mmconfig-shared.c:460: next cap:0:1a.2: no extended config (XEN) [VT-D]iommu.c:1306:d32767 domain_context_mapping:PCI: bdf = 0:1a.7 (XEN) [VT-D]mmconfig-shared.c:460: next cap:0:1a.7: no extended config (XEN) [VT-D]iommu.c:1299:d32767 domain_context_mapping:PCIe: bdf = 0:1b.0 (XEN) [VT-D]iommu.c:1306:d32767 domain_context_mapping:PCI: bdf = 0:1d.0 (XEN) [VT-D]mmconfig-shared.c:460: next cap:0:1d.0: no extended config (XEN) [VT-D]iommu.c:1306:d32767 domain_context_mapping:PCI: bdf = 0:1d.1 (XEN) [VT-D]mmconfig-shared.c:460: next cap:0:1d.1: no extended config (XEN) [VT-D]iommu.c:1306:d32767 domain_context_mapping:PCI: bdf = 0:1d.2 (XEN) [VT-D]mmconfig-shared.c:460: next cap:0:1d.2: no extended config (XEN) [VT-D]iommu.c:1306:d32767 domain_context_mapping:PCI: bdf = 0:1d.7 (XEN) [VT-D]mmconfig-shared.c:460: next cap:0:1d.7: no extended config (XEN) [VT-D]mmconfig-shared.c:460: next cap:0:1e.0: no extended config (XEN) [VT-D]iommu.c:1306:d32767 domain_context_mapping:PCI: bdf = 0:1f.0 (XEN) [VT-D]mmconfig-shared.c:460: next cap:0:1f.0: no extended config (XEN) [VT-D]iommu.c:1306:d32767 domain_context_mapping:PCI: bdf = 0:1f.2 (XEN) [VT-D]iommu.c:1306:d32767 domain_context_mapping:PCI: bdf = 0:1f.3 (XEN) [VT-D]mmconfig-shared.c:460: next cap:0:1f.3: no extended config (XEN) [VT-D]iommu.c:1299:d32767 domain_context_mapping:PCIe: bdf = 1:0.0 (XEN) [VT-D]iommu.c:1299:d32767 domain_context_mapping:PCIe: bdf = 1:0.1 (XEN) [VT-D]mmconfig-shared.c:460: next cap:1:0.1: no extended config (XEN) [VT-D]iommu.c:1299:d32767 domain_context_mapping:PCIe: bdf = 3:0.0 (XEN) [VT-D]mmconfig-shared.c:460: next cap:3:0.0: no extended config (XEN) [VT-D]iommu.c:1306:d32767 domain_context_mapping:PCI: bdf = 4:5.0 (XEN) [VT-D]mmconfig-shared.c:460: next cap:4:5.0: no extended config (XEN) [VT-D]iommu.c:684: iommu_enable_translation: iommu->reg = ffff82c3fff57000 (XEN) [VT-D]iommu.c:684: iommu_enable_translation: iommu->reg = ffff82c3fff56000 (XEN) (XEN) **************************************** (XEN) Panic on CPU 0: (XEN) iommu.c:691:iommu_enable_translation: DMAR hardware is malfunctional (XEN) **************************************** (XEN) (XEN) Manual reset required ('noreboot' specified) --------------010208060103090508090602 Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel --------------010208060103090508090602--