From: David Woodhouse <dwmw2-wEGCiKHe2LqWVfeAwA7xHQ@public.gmane.org>
To: Alex Williamson
<alex.williamson-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
Cc: "iommu-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org"
<iommu-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org>,
"Khan, Shuah" <shuah.khan-VXdhtT5mjnY@public.gmane.org>,
"Mingarelli,
Thomas" <Thomas.Mingarelli-VXdhtT5mjnY@public.gmane.org>
Subject: Re: [PATCH v2] Intel IOMMU patch to reprocess RMRR info
Date: Thu, 27 Sep 2012 22:50:05 +0100 [thread overview]
Message-ID: <1348782605.2036.117.camel@shinybook.infradead.org> (raw)
In-Reply-To: <1348781647.2320.264.camel-85EaTFmN5p//9pzu0YdTqQ@public.gmane.org>
[-- Attachment #1.1: Type: text/plain, Size: 1875 bytes --]
On Thu, 2012-09-27 at 15:34 -0600, Alex Williamson wrote:
> It really seems like RMRRs are incompatible with IOMMU API use though.
> If an RMRR is setup for a VM domain, that's bad because a) it gives the
> VM direct access to that range of host memory, and b) it interferes with
> the guest use of the address space. a) is also bad for isolating
> devices on the host, but the spec makes it available for abuse. For b),
> it's not hard to imagine an RMRR range on the host that overlaps with
> DMA'able space on the guest. Data is read or written to the host memory
> instead of the guest memory. So maybe the right answer is to make
> intel_iommu_attach_device return error if requested to act on a device
> with RMRR ranges.
That would include fairly much any USB host controller. The whole RMRR
concept is completely broken and should never have been invented. The
idea that firmware-controlled DMA should continue to happen *after* the
operating system has been booted and taken control of the hardware is
just insane.
The majority of RMRR use is for USB controllers, so that firmware can
emulate a legacy keyboard for the benefit of pre-USB operating systems.
But no operating system that old is ever going to support the IOMMU
anyway, so that's just mad. But that's why we've managed to get away
with setting up the RMRRs and then tearing them down when a native
driver has actually taken control of the hardware — because at that
point, it should have been reset and whatever the firmware had
configured to do has been abandoned.
Perhaps we should have a special case for USB controllers, which are
quite happy when you drop their RMRR regions when the OS takes over, and
for any *other* device with RMRRs, have a TAINT_YOUR_FIRMWARE_IS_INSANE
and just refuse to let a native driver do anything at all with them?
--
dwmw2
[-- Attachment #1.2: smime.p7s --]
[-- Type: application/x-pkcs7-signature, Size: 6171 bytes --]
[-- Attachment #2: Type: text/plain, Size: 0 bytes --]
next prev parent reply other threads:[~2012-09-27 21:50 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-09-18 16:49 [PATCH v2] Intel IOMMU patch to reprocess RMRR info Tom Mingarelli
[not found] ` <20120918164955.12296.28799.sendpatchset-jP8EmR9A9vELnkn81s9yt/egYHeGw8Jk@public.gmane.org>
2012-09-18 17:46 ` Don Dutile
2012-09-27 20:36 ` Alex Williamson
[not found] ` <1348778200.2320.241.camel-85EaTFmN5p//9pzu0YdTqQ@public.gmane.org>
2012-09-27 21:10 ` Mingarelli, Thomas
[not found] ` <9774516974AF5F4C8A2C3C69CD3412332338F452-KNyhpuZufFMSZAcGdq5asR6epYMZPwEe5NbjCUgZEJk@public.gmane.org>
2012-09-27 21:34 ` Alex Williamson
[not found] ` <1348781647.2320.264.camel-85EaTFmN5p//9pzu0YdTqQ@public.gmane.org>
2012-09-27 21:50 ` David Woodhouse [this message]
[not found] ` <1348782605.2036.117.camel-Fexsq3y4057IgHVZqg5X0TlWvGAXklZc@public.gmane.org>
2012-09-28 9:46 ` Joerg Roedel
[not found] ` <20120928094625.GI10549-5C7GfCeVMHo@public.gmane.org>
2012-09-28 10:23 ` David Woodhouse
[not found] ` <1348827803.2036.121.camel-Fexsq3y4057IgHVZqg5X0TlWvGAXklZc@public.gmane.org>
2012-09-28 12:03 ` Joerg Roedel
2012-09-27 21:50 ` Linda Knippers
[not found] ` <5064CA2D.3030206-VXdhtT5mjnY@public.gmane.org>
2012-09-27 21:48 ` Mingarelli, Thomas
2012-09-27 21:52 ` Alex Williamson
2012-09-28 9:43 ` Joerg Roedel
[not found] ` <20120928094301.GH10549-5C7GfCeVMHo@public.gmane.org>
2012-09-28 12:40 ` Alex Williamson
[not found] ` <1348836008.2320.284.camel-85EaTFmN5p//9pzu0YdTqQ@public.gmane.org>
2012-09-28 12:52 ` Joerg Roedel
[not found] ` <20120928125246.GK10549-5C7GfCeVMHo@public.gmane.org>
2012-09-28 13:21 ` Alex Williamson
-- strict thread matches above, loose matches on Subject: below --
2012-09-18 17:27 Tom Mingarelli
2012-09-28 15:52 David Woodhouse
[not found] ` <uh6q9m8bwu6c2jov69m2aivu.1348847561292-2ueSQiBKiTY7tOexoI0I+QC/G2K4zDHf@public.gmane.org>
2012-09-28 16:30 ` Alex Williamson
2012-09-28 16:36 ` Linda Knippers
[not found] ` <5065D1F5.1090003-VXdhtT5mjnY@public.gmane.org>
2012-09-28 17:01 ` Joerg Roedel
[not found] ` <20120928170106.GE18962-zLv9SwRftAIdnm+yROfE0A@public.gmane.org>
2012-09-28 17:06 ` Joerg Roedel
2012-09-28 17:28 ` Alex Williamson
2012-09-28 19:15 ` David Woodhouse
[not found] ` <1348859719.2036.128.camel-Fexsq3y4057IgHVZqg5X0TlWvGAXklZc@public.gmane.org>
2012-09-28 19:21 ` Mingarelli, Thomas
2012-09-28 19:35 ` Shuah Khan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1348782605.2036.117.camel@shinybook.infradead.org \
--to=dwmw2-wegcikhe2lqwvfeawa7xhq@public.gmane.org \
--cc=Thomas.Mingarelli-VXdhtT5mjnY@public.gmane.org \
--cc=alex.williamson-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=iommu-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org \
--cc=shuah.khan-VXdhtT5mjnY@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).