From mboxrd@z Thu Jan  1 00:00:00 1970
From: Malcolm Crossley <malcolm.crossley@citrix.com>
Subject: Re: [PATCH v4] hw/passthrough: Prevent QEMU from
 mapping PCI option ROM at address 0
Date: Tue, 17 Jun 2014 17:49:50 +0100
Message-ID: <53A071AE.80709@citrix.com>
References: <1399909019-5812-1-git-send-email-malcolm.crossley@citrix.com>
	<53710A6F02000078000118D0@mail.emea.novell.com>
	<5370EFE5.9050504@citrix.com>
	<5371D8D20200007800011A68@mail.emea.novell.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-bounces@lists.xen.org>
In-Reply-To: <5371D8D20200007800011A68@mail.emea.novell.com>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Sender: xen-devel-bounces@lists.xen.org
Errors-To: xen-devel-bounces@lists.xen.org
To: Jan Beulich <JBeulich@suse.com>
Cc: Ian.Jackson@citrix.com, Paul.Durrant@citrix.com, Ian.Campbell@citrix.com, xen-devel@lists.xen.org
List-Id: xen-devel@lists.xenproject.org

On 13/05/14 07:33, Jan Beulich wrote:
>>>> On 12.05.14 at 17:59, <malcolm.crossley@citrix.com> wrote:
>> On 12/05/14 16:52, Jan Beulich wrote:
>>>>>> On 12.05.14 at 17:36, <malcolm.crossley@citrix.com> wrote:
>>>> The PCI option ROM BAR uses the LSB to indicate if the BAR is enabled.
>>>> The AMD graphics driver sets the address bit's of the BAR to 0 but leaves 
>>>> the
>>>> LSB set to 1. Whilst this is not good practice, QEMU should be ignoring the
>>>> non address parts of the BAR.
>>>
>>> All you say above only warrants the PCI defined bits to be masked
>>> off, ...
>>>
>>
>> But we've only got 4k mapping granularity with the IOMMU, so if we try
>> to map to an address between 2k and 4k then we will overlap with the
>> bottom 2k which is likely to cause problems.
> 
> What has the IOMMU got to do with this? Any such overlap would
> be similarly (non-)problematic elsewhere in the address space.
> 

Sorry it took so long to reply to this. I wrongly said the IOMMU was
responsible for VM outbound mappings.

The 4k restriction is still there because QEMU uses the
xc_domain_memory_mapping function (see pt_iomem_map in qemu-trad) to
create the VM outbound mapping to the option ROM BAR. So you still have
a functional problem is the guest tries to map the option ROM to address
> 2k && < 4k  because then the guest cannot access RAM at address < 2k
due to the option ROM outbound mapping overlaps that region.

Malcolm


> Jan
>