From: "Jan Beulich" <JBeulich@suse.com>
To: Malcolm Crossley <malcolm.crossley@citrix.com>
Cc: Ian.Jackson@citrix.com, Paul.Durrant@citrix.com,
Ian.Campbell@citrix.com, xen-devel@lists.xen.org
Subject: Re: [PATCH v4] hw/passthrough: Prevent QEMU from mapping PCI option ROM at address 0
Date: Wed, 18 Jun 2014 12:57:48 +0100 [thread overview]
Message-ID: <53A19ADC020000780001B531@mail.emea.novell.com> (raw)
In-Reply-To: <53A071AE.80709@citrix.com>
>>> On 17.06.14 at 18:49, <malcolm.crossley@citrix.com> wrote:
> On 13/05/14 07:33, Jan Beulich wrote:
>>>>> On 12.05.14 at 17:59, <malcolm.crossley@citrix.com> wrote:
>>> On 12/05/14 16:52, Jan Beulich wrote:
>>>>>>> On 12.05.14 at 17:36, <malcolm.crossley@citrix.com> wrote:
>>>>> The PCI option ROM BAR uses the LSB to indicate if the BAR is enabled.
>>>>> The AMD graphics driver sets the address bit's of the BAR to 0 but leaves
>>>>> the
>>>>> LSB set to 1. Whilst this is not good practice, QEMU should be ignoring the
>>>>> non address parts of the BAR.
>>>>
>>>> All you say above only warrants the PCI defined bits to be masked
>>>> off, ...
>>>>
>>>
>>> But we've only got 4k mapping granularity with the IOMMU, so if we try
>>> to map to an address between 2k and 4k then we will overlap with the
>>> bottom 2k which is likely to cause problems.
>>
>> What has the IOMMU got to do with this? Any such overlap would
>> be similarly (non-)problematic elsewhere in the address space.
>>
>
> Sorry it took so long to reply to this. I wrongly said the IOMMU was
> responsible for VM outbound mappings.
>
> The 4k restriction is still there because QEMU uses the
> xc_domain_memory_mapping function (see pt_iomem_map in qemu-trad) to
> create the VM outbound mapping to the option ROM BAR. So you still have
> a functional problem is the guest tries to map the option ROM to address
>> 2k && < 4k because then the guest cannot access RAM at address < 2k
> due to the option ROM outbound mapping overlaps that region.
Still this sub-4k consideration isn't applicable just for this case, or
just for page 0.
Furthermore, the purpose of the patch will be fulfilled as much when
comparing just the low 11 bits to zero, at least if your description of
the problem at hand is to be trusted.
Jan
prev parent reply other threads:[~2014-06-18 11:57 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-05-12 15:36 [PATCH v4] hw/passthrough: Prevent QEMU from mapping PCI option ROM at address 0 Malcolm Crossley
2014-05-12 15:52 ` Jan Beulich
2014-05-12 15:59 ` Malcolm Crossley
2014-05-13 6:33 ` Jan Beulich
2014-06-17 16:49 ` Malcolm Crossley
2014-06-18 11:57 ` Jan Beulich [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=53A19ADC020000780001B531@mail.emea.novell.com \
--to=jbeulich@suse.com \
--cc=Ian.Campbell@citrix.com \
--cc=Ian.Jackson@citrix.com \
--cc=Paul.Durrant@citrix.com \
--cc=malcolm.crossley@citrix.com \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).