From: Andrew Cooper <andrew.cooper3@citrix.com>
To: Roger Pau Monne <roger.pau@citrix.com>, xen-devel@lists.xenproject.org
Cc: Brian Woods <brian.woods@amd.com>,
Suravee Suthikulpanit <suravee.suthikulpanit@amd.com>
Subject: Re: [PATCH v4 4/5] amd/iommu: assign iommu devices to Xen
Date: Wed, 14 Nov 2018 12:33:46 +0000 [thread overview]
Message-ID: <6ea6b76d-3ea8-de3a-0a43-a60b4c9b9f3b@citrix.com> (raw)
In-Reply-To: <20181114115740.1050-5-roger.pau@citrix.com>
On 14/11/2018 11:57, Roger Pau Monne wrote:
> AMD IOMMU devices are exposed on the PCI bus, and thus are assigned by
> default to the hardware domain. This can cause issues because the
> IOMMU devices are not behind an IOMMU, and conceptually it's also wrong
> to give the hardware domain ownership of those devices since they are
> in use by Xen.
>
> Fix this by assigning the PCI IOMMU devices to Xen.
>
> Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>
This is unfortunately a symptom of much more basic bug in Xen.
Particularly on recent server parts, there are many PCI devices which
represent processor internals and aren't safe to give even to dom0.
There should be a whitelist of devices we consider safe, not a blacklist
of those we know to be unsafe.
Most of this can be class based, and perhaps we can default-allow all
devices which are slots in a root port, but I am -1 to this patch
because it is fixing a symptom, not the problem.
~Andrew
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
next prev parent reply other threads:[~2018-11-14 12:33 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-11-14 11:57 [PATCH v4 0/5] x86/pvh: fix fixes for PVH Dom0 Roger Pau Monne
2018-11-14 11:57 ` [PATCH v4 1/5] vpci: fix updating the command register Roger Pau Monne
2018-11-16 12:00 ` Jan Beulich
2018-11-16 14:32 ` Roger Pau Monné
2018-11-19 8:26 ` Jan Beulich
2018-11-19 11:09 ` Roger Pau Monné
2018-11-19 11:31 ` Jan Beulich
2018-11-14 11:57 ` [PATCH v4 2/5] vpci: fix deferral of long operations Roger Pau Monne
2018-11-14 12:08 ` Paul Durrant
2018-11-16 12:11 ` Jan Beulich
2018-11-16 14:57 ` Roger Pau Monné
2018-11-19 8:27 ` Jan Beulich
2018-11-14 11:57 ` [PATCH v4 3/5] vpci/msix: carve p2m hole for MSIX MMIO regions Roger Pau Monne
2018-11-19 14:56 ` Jan Beulich
2018-11-20 14:35 ` Roger Pau Monné
2018-11-14 11:57 ` [PATCH v4 4/5] amd/iommu: assign iommu devices to Xen Roger Pau Monne
2018-11-14 12:33 ` Andrew Cooper [this message]
2018-11-14 13:53 ` Jan Beulich
2018-11-14 16:09 ` Roger Pau Monné
2018-11-15 15:34 ` Jan Beulich
2018-11-15 16:00 ` Roger Pau Monné
2018-11-14 11:57 ` [PATCH v4 5/5] amd/iommu: skip bridge devices when updating IOMMU page tables Roger Pau Monne
2018-11-15 15:40 ` Jan Beulich
2018-11-15 15:48 ` Roger Pau Monné
2018-11-15 16:13 ` Jan Beulich
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=6ea6b76d-3ea8-de3a-0a43-a60b4c9b9f3b@citrix.com \
--to=andrew.cooper3@citrix.com \
--cc=brian.woods@amd.com \
--cc=roger.pau@citrix.com \
--cc=suravee.suthikulpanit@amd.com \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).