From: Noboru Iwamatsu <n_iwamatsu@jp.fujitsu.com>
To: weidong.han@intel.com
Cc: linux@eikelenboom.it, joseph.cihula@intel.com,
xen-devel@lists.xensource.com, allen.m.kay@intel.com,
keir.fraser@eu.citrix.com
Subject: Re: [PATCH] VT-d: improve RMRR validity checking
Date: Tue, 26 Jan 2010 15:38:40 +0900 [thread overview]
Message-ID: <4B5E8DF0.507@jp.fujitsu.com> (raw)
In-Reply-To: <4B5E82D1.8060206@intel.com>
Hi Weidong,
> I implemented a patch for it. Noboru, pls have a try on your machine.
> If you use default iommu=1, VT-d will be disabled with warning messages.
> If you use iommu=workaround_bios_bug, it should enable VT-d and works
> for you.
> If you use iommu=force, it panics.
On my machine, each options have worked as described.
I tried:
xen-unstable c/s 20844 + drhd-ignore.patch + workaround-bios.patch
Thanks,
Noboru.
> patch title: VT-d: add "iommu=workaround_bios_bug" option
> patch description:
> Add this option to workaround BIOS bugs. Currently it ignores DRHD if
> "all" devices under its scope are not pci discoverable. This workarounds
> a BIOS bug in some platforms to make VT-d work. But note that this
> option doesn't guarantee security, because it might ignore DRHD.
> So there are 3 options which handle BIOS bugs differently:
> iommu=1 (default): If detect non-existent device under a DRHD's scope,
> or find incorrect RMRR setting (base_address > end_address), disable
> VT-d completely in Xen with warning messages. This guarantees security
> when VT-d enabled, or just disable VT-d to let Xen work without VT-d.
> iommu=force: it enforces to enable VT-d in Xen. If VT-d cannot be
> enabled, it will crashes Xen. This is mainly for users who must need VT-d.
> iommu=workaround_bogus_bios: it workarounds some BIOS bugs to make VT-d
> still work. This might be insecure because there might be a device not
> protected by any DRHD if the device is re-enabled by malicious s/w. This
> is for users who want to use VT-d regardless of security.
>
> Signed-off-by: Weidong Han <weidong.han@intel.com>
>
> Regards,
> Weidong
>
> Noboru Iwamatsu wrote:
>> Weidong, Keir,
>>
>> I agree your suggestions.
>>
>> Noboru.
>>
>>> Keir Fraser wrote:
>>>> On 25/01/2010 10:45, "Sander Eikelenboom" <linux@eikelenboom.it> wrote:
>>>>
>>>>> a) Could be discussed if panic should be default instead of disabling
>>>>> iommu or
>>>>> not, although there seem to be a lot of broken bioses, so that would
>>>>> lead to a
>>>>> lot of machines not booting.
>>>> Absolutely not acceptable. Warn and completely disable IOMMU is the
>>>> correct
>>>> default causing least pain to the most end users.
>>>>
>>>> -- Keir
>>>>
>>> Agree. It should not crash Xen by default due to BIOS issues.
>>> warn-and-disable is better. It won't impact common Xen users, and if a
>>> user really wants to use VT-d, he can try iommu=workaround_bogus_bios,
>>> or directly report to OEM vendor to get it fixed in BIOS. As VT-d is
>>> used more and more widely, I think the BIOS issues will be found and
>>> fixed more quickly than before, thus the situation should be better.
>>>
>>> Regards,
>>> Weidong
>>>
>>>
>>>
>>
>>
>
next prev parent reply other threads:[~2010-01-26 6:38 UTC|newest]
Thread overview: 76+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-01-21 2:46 [PATCH] VT-d: improve RMRR validity checking Han, Weidong
2010-01-21 8:25 ` Noboru Iwamatsu
2010-01-21 8:38 ` Han, Weidong
2010-01-21 10:03 ` Noboru Iwamatsu
2010-01-21 10:08 ` Noboru Iwamatsu
2010-01-21 10:19 ` Weidong Han
2010-01-21 10:27 ` Keir Fraser
2010-01-21 10:49 ` Weidong Han
2010-01-21 12:19 ` Noboru Iwamatsu
2010-01-21 12:46 ` Weidong Han
2010-01-21 14:01 ` Keir Fraser
2010-01-21 14:17 ` Sander Eikelenboom
2010-01-21 14:33 ` Keir Fraser
2010-01-22 2:12 ` Weidong Han
2010-01-22 2:38 ` Noboru Iwamatsu
2010-01-22 2:53 ` Weidong Han
2010-01-22 3:16 ` Noboru Iwamatsu
2010-01-22 8:47 ` Weidong Han
2010-01-22 9:19 ` Sander Eikelenboom
2010-01-22 12:15 ` Weidong Han
2010-01-22 12:32 ` Pasi Kärkkäinen
2010-01-23 12:40 ` Weidong Han
2010-01-23 13:08 ` Pasi Kärkkäinen
2010-01-23 14:33 ` Sander Eikelenboom
2010-01-23 14:54 ` [PATCH] VT-d: improve RMRR validity checking, documenting boot options Pasi Kärkkäinen
2010-01-25 16:40 ` Stephen Spector
2010-01-25 16:58 ` Documentation Xen-hypervisor and Dom0 xen-related boot options (was Re: [PATCH] VT-d: improve RMRR validity checking, documenting boot options) Sander Eikelenboom
2010-01-25 20:56 ` Stephen Spector
2010-01-27 11:33 ` Pasi Kärkkäinen
2010-01-25 7:06 ` [PATCH] VT-d: improve RMRR validity checking Noboru Iwamatsu
2010-01-25 7:56 ` Weidong Han
2010-01-25 9:02 ` Sander Eikelenboom
2010-01-25 9:11 ` Weidong Han
2010-01-25 9:22 ` Noboru Iwamatsu
2010-01-25 10:08 ` Weidong Han
2010-01-25 10:45 ` Sander Eikelenboom
2010-01-25 13:43 ` Keir Fraser
2010-01-25 13:57 ` Christian Tramnitz
2010-01-25 14:10 ` Weidong Han
2010-01-26 1:16 ` Noboru Iwamatsu
2010-01-26 5:51 ` Weidong Han
2010-01-26 6:38 ` Noboru Iwamatsu [this message]
2010-01-26 6:42 ` Weidong Han
2010-01-25 14:12 ` Weidong Han
2010-01-25 14:13 ` Han, Weidong
2010-03-09 21:39 ` Alex Williamson
2010-03-09 21:30 ` Konrad Rzeszutek Wilk
2010-03-09 21:57 ` Alex Williamson
2010-03-09 22:22 ` Konrad Rzeszutek Wilk
2010-03-09 23:05 ` Alex Williamson
2010-03-09 23:25 ` Alex Williamson
2010-03-10 2:13 ` Alex Williamson
2010-03-10 2:40 ` Weidong Han
2010-03-10 3:18 ` Alex Williamson
2010-03-10 3:28 ` Weidong Han
2010-03-10 3:37 ` Alex Williamson
2010-03-10 4:25 ` Weidong Han
2010-03-10 4:47 ` Alex Williamson
2010-03-10 7:03 ` Weidong Han
2010-03-10 13:56 ` Alex Williamson
2010-03-10 18:06 ` Alex Williamson
2010-03-11 2:11 ` Weidong Han
2010-03-11 2:32 ` Alex Williamson
2010-03-11 3:44 ` Weidong Han
2010-03-11 4:52 ` Alex Williamson
2010-03-11 8:30 ` Weidong Han
2010-01-21 15:28 ` Andrew Lyon
2010-01-21 15:04 ` Keir Fraser
2010-01-22 1:35 ` Noboru Iwamatsu
2010-01-21 10:13 ` Weidong Han
2010-01-21 12:09 ` Noboru Iwamatsu
2010-01-21 12:38 ` Weidong Han
2010-01-22 0:23 ` Noboru Iwamatsu
2010-01-21 8:45 ` Andrew Lyon
2010-01-21 10:03 ` Weidong Han
2010-01-21 9:15 ` Keir Fraser
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4B5E8DF0.507@jp.fujitsu.com \
--to=n_iwamatsu@jp.fujitsu.com \
--cc=allen.m.kay@intel.com \
--cc=joseph.cihula@intel.com \
--cc=keir.fraser@eu.citrix.com \
--cc=linux@eikelenboom.it \
--cc=weidong.han@intel.com \
--cc=xen-devel@lists.xensource.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.