From: Noboru Iwamatsu <n_iwamatsu@jp.fujitsu.com>
To: weidong.han@intel.com
Cc: xen-devel@lists.xensource.com, linux@eikelenboom.it,
joseph.cihula@intel.com, keir.fraser@eu.citrix.com
Subject: Re: [PATCH] VT-d: improve RMRR validity checking
Date: Fri, 22 Jan 2010 11:38:28 +0900 [thread overview]
Message-ID: <4B590FA4.4000008@jp.fujitsu.com> (raw)
In-Reply-To: <4B59098B.6000108@intel.com>
Hi Weidong,
I'm not sure why the security problem is caused by ignoring
the DRHD that has only non-existent devices.
Could you explain details or where to read the spec?
As you saying, security is the top-priority.
However, when iommu=force is specified, we should enable vt-d
if there are some potential issues.
Because users want to "force" anyway.
Regards,
Noboru.
> Keir Fraser wrote:
>> If we want to keep iommu=1 as default, then it is unacceptable to fail to
>> boot on a fairly wide range of modern systems. We have to
>> warn-and-disable,
>> partially or completely, unless iommu=force is specified. Or we need to
>> revert to iommu=0 as the default.
>>
>> What do you think, Weidong?
> Yes. I agree to warn-and-disable for these BIOS issues, and consider
> security more when iommu=force. Therefore I will implement a patch based
> on Nororu's patch.
>
> Regards,
> Weidong
>
>> -- Keir
>>
>> On 21/01/2010 14:17, "Sander Eikelenboom" <linux@eikelenboom.it> wrote:
>>
>>> Hello Weidong,
>>>
>>> The problem is most vendor's just don't fix it and ignore the problem
>>> completely.
>>> Most often hiding them selves behind: come back when it's a problem with
>>> Microsoft Windows, that the only single thing we support (and no other
>>> software, so no vmware, no xen, no linux, perhaps even no hypervisor)
>>> Well I don't know if the virtual pc in windows 7 supports an iommu
>>> now, but it
>>> didn't in the past as far as i know, so any complain bounces off, and
>>> there it
>>> all seems to end for them.
>>>
>>> Besides that i don't know if they do know what the problems with there
>>> implementation in BIOS is when someone reports it.
>>> I think some behind the scenes pressure from Intel to vendors might
>>> help to
>>> solve some of them.
>>> (my Q35 chipset, "Intel V-PRO" marketed motherboard (so much for
>>> that) also
>>> suffers RMRR problem when another graphics card is inserted which
>>> switches off
>>> the IGD).
>>>
>>> Although i think in my case your patch will work around that for me.
>>> Perhaps a
>>> third option is needed, which does all the workarounds possible and
>>> warns
>>> about potential security problem when requested ?
>>>
>>> --
>>> Sander
>>>
>>>
>>>
>>>
>>>
>>>
>>> Thursday, January 21, 2010, 1:46:39 PM, you wrote:
>>>
>>>> Noboru Iwamatsu wrote:
>>>>> Hi Weidong,
>>>>>
>>>>> I re-send the DRHD-fix patch.
>>>>>
>>>>> If DRHD does not have existent devices, ignore it.
>>>>> If DRHD has both existent and non-existent devices, consider it
>>>>> invalid
>>>>> and not register.
>>>> Although you patch workarounds your buggy BIOS, but we still need to
>>>> enable it for security purpose as I mentioned in previous mail. We
>>>> needn't workaround / fix all BIOS issues in software. I think security
>>>> is more important for this specific BIOS issue. Did you report the BIOS
>>>> issue to your OEM vendor? maybe it's better to get it fixed in BIOS.
>>>> Regards,
>>>> Weidong
>>>>> According to this patch and yours, my machine successfully booted
>>>>> with vt-d enabled.
>>>>>
>>>>> Signed-off-by: Noboru Iwamatsu <n_iwamatsu@jp.fujitsu.com>
>>>>>
>>>>>
>>>>>> Keir Fraser wrote:
>>>>>>> On 21/01/2010 10:19, "Weidong Han" <weidong.han@intel.com> wrote:
>>>>>>>
>>>>>>>>> Sorry this is typo.
>>>>>>>>> I mean:
>>>>>>>>> So, I think RMRR that has no-existent device is "invalid"
>>>>>>>>> and whole RMRR should be ignored.
>>>>>>>> looks reasonable.
>>>>>>>>
>>>>>>>> Keir, I Acks Noboru's rmrr patch. Or do you want us to merge
>>>>>>>> them to one
>>>>>>>> patch?
>>>>>>> Merge them up, re-send with both sign-off and acked-by all in one
>>>>>>> email.
>>>>>>>
>>>>>>> Thanks,
>>>>>>> Keir
>>>>>>>
>>>>>> Sorry, I disagree with Noboru after thinking it again. If the RMRR
>>>>>> has
>>>>>> both no-existent device and also has existent devices in its
>>>>>> scope, we
>>>>>> should not ignore it because the existent devices under its scope
>>>>>> will
>>>>>> be impacted without the RMRR. so I suggest to print a warning
>>>>>> instead of
>>>>>> ignore it. Attached a patch for it.
>>>>>>
>>>>>> Signed-off-by: Weidong Han <weidong.han@intel.com>
>>>
>>>
>>>
>>
>>
>
next prev parent reply other threads:[~2010-01-22 2:38 UTC|newest]
Thread overview: 76+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-01-21 2:46 [PATCH] VT-d: improve RMRR validity checking Han, Weidong
2010-01-21 8:25 ` Noboru Iwamatsu
2010-01-21 8:38 ` Han, Weidong
2010-01-21 10:03 ` Noboru Iwamatsu
2010-01-21 10:08 ` Noboru Iwamatsu
2010-01-21 10:19 ` Weidong Han
2010-01-21 10:27 ` Keir Fraser
2010-01-21 10:49 ` Weidong Han
2010-01-21 12:19 ` Noboru Iwamatsu
2010-01-21 12:46 ` Weidong Han
2010-01-21 14:01 ` Keir Fraser
2010-01-21 14:17 ` Sander Eikelenboom
2010-01-21 14:33 ` Keir Fraser
2010-01-22 2:12 ` Weidong Han
2010-01-22 2:38 ` Noboru Iwamatsu [this message]
2010-01-22 2:53 ` Weidong Han
2010-01-22 3:16 ` Noboru Iwamatsu
2010-01-22 8:47 ` Weidong Han
2010-01-22 9:19 ` Sander Eikelenboom
2010-01-22 12:15 ` Weidong Han
2010-01-22 12:32 ` Pasi Kärkkäinen
2010-01-23 12:40 ` Weidong Han
2010-01-23 13:08 ` Pasi Kärkkäinen
2010-01-23 14:33 ` Sander Eikelenboom
2010-01-23 14:54 ` [PATCH] VT-d: improve RMRR validity checking, documenting boot options Pasi Kärkkäinen
2010-01-25 16:40 ` Stephen Spector
2010-01-25 16:58 ` Documentation Xen-hypervisor and Dom0 xen-related boot options (was Re: [PATCH] VT-d: improve RMRR validity checking, documenting boot options) Sander Eikelenboom
2010-01-25 20:56 ` Stephen Spector
2010-01-27 11:33 ` Pasi Kärkkäinen
2010-01-25 7:06 ` [PATCH] VT-d: improve RMRR validity checking Noboru Iwamatsu
2010-01-25 7:56 ` Weidong Han
2010-01-25 9:02 ` Sander Eikelenboom
2010-01-25 9:11 ` Weidong Han
2010-01-25 9:22 ` Noboru Iwamatsu
2010-01-25 10:08 ` Weidong Han
2010-01-25 10:45 ` Sander Eikelenboom
2010-01-25 13:43 ` Keir Fraser
2010-01-25 13:57 ` Christian Tramnitz
2010-01-25 14:10 ` Weidong Han
2010-01-26 1:16 ` Noboru Iwamatsu
2010-01-26 5:51 ` Weidong Han
2010-01-26 6:38 ` Noboru Iwamatsu
2010-01-26 6:42 ` Weidong Han
2010-01-25 14:12 ` Weidong Han
2010-01-25 14:13 ` Han, Weidong
2010-03-09 21:39 ` Alex Williamson
2010-03-09 21:30 ` Konrad Rzeszutek Wilk
2010-03-09 21:57 ` Alex Williamson
2010-03-09 22:22 ` Konrad Rzeszutek Wilk
2010-03-09 23:05 ` Alex Williamson
2010-03-09 23:25 ` Alex Williamson
2010-03-10 2:13 ` Alex Williamson
2010-03-10 2:40 ` Weidong Han
2010-03-10 3:18 ` Alex Williamson
2010-03-10 3:28 ` Weidong Han
2010-03-10 3:37 ` Alex Williamson
2010-03-10 4:25 ` Weidong Han
2010-03-10 4:47 ` Alex Williamson
2010-03-10 7:03 ` Weidong Han
2010-03-10 13:56 ` Alex Williamson
2010-03-10 18:06 ` Alex Williamson
2010-03-11 2:11 ` Weidong Han
2010-03-11 2:32 ` Alex Williamson
2010-03-11 3:44 ` Weidong Han
2010-03-11 4:52 ` Alex Williamson
2010-03-11 8:30 ` Weidong Han
2010-01-21 15:28 ` Andrew Lyon
2010-01-21 15:04 ` Keir Fraser
2010-01-22 1:35 ` Noboru Iwamatsu
2010-01-21 10:13 ` Weidong Han
2010-01-21 12:09 ` Noboru Iwamatsu
2010-01-21 12:38 ` Weidong Han
2010-01-22 0:23 ` Noboru Iwamatsu
2010-01-21 8:45 ` Andrew Lyon
2010-01-21 10:03 ` Weidong Han
2010-01-21 9:15 ` Keir Fraser
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4B590FA4.4000008@jp.fujitsu.com \
--to=n_iwamatsu@jp.fujitsu.com \
--cc=joseph.cihula@intel.com \
--cc=keir.fraser@eu.citrix.com \
--cc=linux@eikelenboom.it \
--cc=weidong.han@intel.com \
--cc=xen-devel@lists.xensource.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.