Re: [PATCH 00/19] Fix Intel IOMMU breakage in kdump kernel

Linux IOMMU Development
 help / color / mirror / Atom feed

From: David Woodhouse <dwmw2-wEGCiKHe2LqWVfeAwA7xHQ@public.gmane.org>
To: Joerg Roedel <jroedel-l3A5Bk7waGM@public.gmane.org>
Cc: iommu-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org,
	linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
	zhen-hual-VXdhtT5mjnY@public.gmane.org,
	dyoung-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org,
	jroedel-zLv9SwRftAIdnm+yROfE0A@public.gmane.org
Subject: Re: [PATCH 00/19] Fix Intel IOMMU breakage in kdump kernel
Date: Tue, 23 Jun 2015 15:38:54 +0100	[thread overview]
Message-ID: <1435070334.12045.24.camel@infradead.org> (raw)
In-Reply-To: <20150623140631.GB2724-l3A5Bk7waGM@public.gmane.org>


[-- Attachment #1.1: Type: text/plain, Size: 2287 bytes --]

On Tue, 2015-06-23 at 16:06 +0200, Joerg Roedel wrote:
> On Tue, Jun 23, 2015 at 02:31:30PM +0100, David Woodhouse wrote:
> > However, it's still fairly gratuitous for all non-broken hardware, and
> > will tend to hide hardware and driver bugs during testing of new
> > hardware.
> > 
> > I'd much rather see this limited to a blacklist of known-broken
> > devices, an accompanied by a kernel message along the lines of
> > 
> >  'Preserving VT-d page tables for broken HP device xxxx:xxxx'
> > 
> > For *any* device which isn't so broken that it craps itself on taking
> > a DMA fault and cannot be reset, this page table copy shouldn't be
> > needed, right?
> 
> In theory yes, but as it came to my mind recently, there is this BIOS
> "value-add" called APEI (ACPI Platform Error Interface) which has a
> 'Firmware first' mode.
> 
> So when this is active the firmware handles any errors happening in the
> system and reports them to the OS with a severity it can decide on its
> own.
> 
> Such errors could be DMA target aborts, for example. And I have seen
> systems where at least rejected interrupt requests were reported to the
> OS as fatal errors, causing a kernel panic in Linux. But the firmware is
> also free to report ordinary DMA failures as fatal errors, who knows...

Yay for BIOS value subtract.

The thing is, this would be utterly broken. The IOMMU is supposed to
protect us from rogue devices. In this hypothetical scenario, a device
can bring the entire system down and we have no chance to isolate it
and recover. It means that assigning devices to guests should be
*disallowed* because it can't be done securely.

On this kind of system, we might as well turn off the IOMMU entirely as
in a lot of respects, it's only making things *worse*.

> So while you are right that these changes might hide hardware and driver
> bugs, I think it is still the best to try avoiding such faults at all
> costs in the kdump kernel to actually get a dump, even if the device
> would actually be able to recover from the master abort.

How about an *option* to do it for all devices (which in turn can
perhaps be triggered by a system-level blacklist for things like APEI,
or perhaps just a system DMI match on "HP").

-- 
dwmw2

[-- Attachment #1.2: smime.p7s --]
[-- Type: application/x-pkcs7-signature, Size: 5691 bytes --]

[-- Attachment #2: Type: text/plain, Size: 0 bytes --]

next prev parent reply	other threads:[~2015-06-23 14:38 UTC|newest]

Thread overview: 26+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-06-13  6:47 [PATCH 00/19] Fix Intel IOMMU breakage in kdump kernel Joerg Roedel
2015-06-13  6:47 ` [PATCH 11/19] iommu/vt-d: Don't disable translation prior to OS handover Joerg Roedel
     [not found] ` <1434178047-17809-1-git-send-email-joro-zLv9SwRftAIdnm+yROfE0A@public.gmane.org>
2015-06-13  6:47   ` [PATCH 01/19] iommu/vt-d: Cleanup log messages Joerg Roedel
2015-06-13  6:47   ` [PATCH 02/19] iommu/vt-d: Init QI before root entry is allocated Joerg Roedel
2015-06-13  6:47   ` [PATCH 03/19] iommu/vt-d: Make root entry visible for hardware right after allocation Joerg Roedel
2015-06-13  6:47   ` [PATCH 04/19] iommu/vt-d: Detect pre enabled translation Joerg Roedel
2015-06-13  6:47   ` [PATCH 05/19] iommu/vt-d: Copy translation tables from old kernel Joerg Roedel
2015-06-13  6:47   ` [PATCH 06/19] iommu/vt-d: Do not re-use domain-ids from the " Joerg Roedel
2015-06-13  6:47   ` [PATCH 07/19] iommu/vt-d: Mark copied context entries Joerg Roedel
2015-06-13  6:47   ` [PATCH 08/19] iommu/vt-d: Allocate si_domain in init_dmars() Joerg Roedel
2015-06-13  6:47   ` [PATCH 09/19] iommu/vt-d: Don't do early domain assignment if kdump kernel Joerg Roedel
2015-06-13  6:47   ` [PATCH 10/19] iommu/vt-d: Don't copy translation tables if RTT bit needs to be changed Joerg Roedel
2015-06-13  6:47   ` [PATCH 12/19] iommu/vt-d: Enable Translation only if it was previously disabled Joerg Roedel
2015-06-13  6:47   ` [PATCH 13/19] iommu/vt-d: Move EIM detection to intel_prepare_irq_remapping Joerg Roedel
2015-06-13  6:47   ` [PATCH 14/19] iommu/vt-d: Move QI initializationt to intel_setup_irq_remapping Joerg Roedel
2015-06-13  6:47   ` [PATCH 15/19] iommu/vt-d: Disable IRQ remapping in intel_prepare_irq_remapping Joerg Roedel
2015-06-13  6:47   ` [PATCH 16/19] iommu/vt-d: Set IRTA in intel_setup_irq_remapping Joerg Roedel
2015-06-13  6:47   ` [PATCH 17/19] iommu/vt-d: Copy IR table from old kernel when in kdump mode Joerg Roedel
2015-06-13  6:47   ` [PATCH 18/19] iommu/vt-d: Make sure copied over IR entries are not reused Joerg Roedel
2015-06-13  6:47   ` [PATCH 19/19] iommu/vt-d: Don't disable IR when it was previously enabled Joerg Roedel
2015-06-25  6:40   ` [PATCH 00/19] Fix Intel IOMMU breakage in kdump kernel Li, ZhenHua
2015-06-23 13:31 ` David Woodhouse
     [not found]   ` <1435066290.12045.2.camel-wEGCiKHe2LqWVfeAwA7xHQ@public.gmane.org>
2015-06-23 14:06     ` Joerg Roedel
     [not found]       ` <20150623140631.GB2724-l3A5Bk7waGM@public.gmane.org>
2015-06-23 14:38         ` David Woodhouse [this message]
     [not found]           ` <1435070334.12045.24.camel-wEGCiKHe2LqWVfeAwA7xHQ@public.gmane.org>
2015-06-25  6:35             ` Li, ZhenHua
2015-06-25  8:06               ` David Woodhouse

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1435070334.12045.24.camel@infradead.org \
    --to=dwmw2-wegcikhe2lqwvfeawa7xhq@public.gmane.org \
    --cc=dyoung-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
    --cc=iommu-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org \
    --cc=jroedel-l3A5Bk7waGM@public.gmane.org \
    --cc=jroedel-zLv9SwRftAIdnm+yROfE0A@public.gmane.org \
    --cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
    --cc=zhen-hual-VXdhtT5mjnY@public.gmane.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox