I implemented a patch for it. Noboru, pls have a try on your machine.
If you use default iommu=1, VT-d will be disabled with warning messages.
If you use iommu=workaround_bios_bug, it should enable VT-d and works 
for you.
If you use iommu=force, it panics.

patch title: VT-d: add "iommu=workaround_bios_bug" option
patch description:
    Add this option to workaround BIOS bugs. Currently it ignores DRHD 
if "all" devices under its scope are not pci discoverable. This 
workarounds a BIOS bug in some platforms to make VT-d work. But note 
that this option doesn't guarantee security, because it might ignore DRHD.
    So there are 3 options which handle BIOS bugs differently:
    iommu=1 (default): If detect non-existent device under a DRHD's 
scope, or find incorrect RMRR setting (base_address > end_address), 
disable VT-d completely in Xen with warning messages. This guarantees 
security when VT-d enabled, or just disable VT-d to let Xen work without 
VT-d.
    iommu=force: it enforces to enable VT-d in Xen. If VT-d cannot be 
enabled, it will crashes Xen. This is mainly for users who must need VT-d.
    iommu=workaround_bogus_bios: it workarounds some BIOS bugs to make 
VT-d still work.  This might be insecure because there might be a device 
not protected by any DRHD if the device is re-enabled by malicious s/w. 
This is for users who want to use VT-d regardless of security.

Signed-off-by: Weidong Han <weidong.han@intel.com>

Regards,
Weidong

Noboru Iwamatsu wrote:
> Weidong, Keir,
>
> I agree your suggestions.
>
> Noboru.
>
>   
>> Keir Fraser wrote:
>>     
>>> On 25/01/2010 10:45, "Sander Eikelenboom" <linux@eikelenboom.it> wrote:
>>>
>>>       
>>>> a) Could be discussed if panic should be default instead of disabling
>>>> iommu or
>>>> not, although there seem to be a lot of broken bioses, so that would
>>>> lead to a
>>>> lot of machines not booting.
>>>>         
>>> Absolutely not acceptable. Warn and completely disable IOMMU is the
>>> correct
>>> default causing least pain to the most end users.
>>>
>>> -- Keir
>>>
>>>       
>> Agree. It should not crash Xen by default due to BIOS issues.
>> warn-and-disable is better. It won't impact common Xen users, and if a
>> user really wants to use VT-d, he can try iommu=workaround_bogus_bios,
>> or directly report to OEM vendor to get it fixed in BIOS. As VT-d is
>> used more and more widely, I think the BIOS issues will be found and
>> fixed more quickly than before, thus the situation should be better.
>>
>> Regards,
>> Weidong
>>
>>
>>
>>     
>
>
>