From mboxrd@z Thu Jan 1 00:00:00 1970 From: Andrew Cooper Subject: Re: [PATCH] VTd/dmar: Tweak how the DMAR table is clobbered Date: Thu, 9 Apr 2015 10:48:36 +0100 Message-ID: <55264AF4.9090207@citrix.com> References: <1428522270-17363-1-git-send-email-andrew.cooper3@citrix.com> <55263D7C.6030308@citrix.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <55263D7C.6030308@citrix.com> List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xen.org Errors-To: xen-devel-bounces@lists.xen.org To: David Vrabel , Xen-devel Cc: Yang Zhang , Kevin Tian List-Id: xen-devel@lists.xenproject.org On 09/04/15 09:51, David Vrabel wrote: > On 08/04/15 20:44, Andrew Cooper wrote: >> Intead of clobbering DMAR -> XMAR and back, clobber to RMAD instead. This >> means that changing the signature does not alter the checksum, which allows >> the clobbering/unclobbering to be peformed atomically and idempotently, which >> is an advantage on the kexec path which can reenter acpi_dmar_reinstate(). > Could RMAD be specified as a real table in the future? Does the > clobbered name have to start with X to avoid future conflicts? > > David I am not aware of any restrictions imposed by the APCI spec. Any clobbered signature is potentially a real table in the future. This DMAR clobbering was introduced by 83904107a33c9badc34ecdd1f8ca0f9271e5e370 which claims that the dom0 VT-d driver was capable of playing with the IOMMU(s) while Xen was also using them. An alternative approach might be to leave the DMAR table alone and sprinkle some iomem_deny_access() around to forcibly prevent dom0 from playing. ~Andrew