From mboxrd@z Thu Jan 1 00:00:00 1970 From: Tim Deegan Subject: Re: [PATCH] IOMMU: don't disable bus mastering on faults for devices used by Xen or Dom0 Date: Tue, 6 Nov 2012 09:44:56 +0000 Message-ID: <20121106094456.GA45690@ocelot.phlegethon.org> References: <5097FD2902000078000A66BF@nat28.tlf.novell.com> <5098E19D02000078000A697A@nat28.tlf.novell.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: Content-Disposition: inline In-Reply-To: <5098E19D02000078000A697A@nat28.tlf.novell.com> List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xen.org Errors-To: xen-devel-bounces@lists.xen.org To: Jan Beulich Cc: Keir Fraser , wei.huang2@amd.com, xen-devel , Dario Faggioli , weiwang.dd@gmail.com, xiantao.zhang@intel.com List-Id: xen-devel@lists.xenproject.org At 09:08 +0000 on 06 Nov (1352192909), Jan Beulich wrote: > >>> On 05.11.12 at 18:15, Keir Fraser wrote: > > On 05/11/2012 16:53, "Jan Beulich" wrote: > > > >> Under the assumption that in these cases recurring faults aren't a > >> security issue and it can be expected that the drivers there are going > >> to try to take care of the problem. > >> > >> Signed-off-by: Jan Beulich > > > > Solving an observed problem? > > In the context of analyzing the situation described in > "iommu=dom0-passthrough behavior" > (http://lists.xen.org/archives/html/xen-devel/2012-11/msg00140.html) > I suppressed the IOMMU setup for some device in Dom0, and > was quite puzzled to find that only a single fault would occur. I think it would be better to allow some small number of faults per device before disabling it rather than give dom0 carte blanche. This check is really there to stop a mad device from hosing the system rather than to contain a malicious OS, and a properly out-of-control device needs to be stopped or it will livelock Xen with iommu faults. In a uniprocessor system, dom0 might never get the chance to fix it. Tim.