Xen project Mailing List

RE: [Xen-devel] [PATCH] [VTD] Add 'force_iommu' option

To: "Keir Fraser" <keir.fraser@xxxxxxxxxxxxx>

From: "Cihula, Joseph" <joseph.cihula@xxxxxxxxx>

Date: Wed, 6 Aug 2008 09:09:09 -0700

Cc: Espen Skoglund <espen.skoglund@xxxxxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxx, "Han, Weidong" <weidong.han@xxxxxxxxx>

Delivery-date: Wed, 06 Aug 2008 09:10:11 -0700

List-id: Xen developer discussion <xen-devel.lists.xensource.com>

Thread-index: Acj3xL2WYDYpNlk2Tsyf60iWhTOIDQAGZQjA

Thread-topic: [Xen-devel] [PATCH] [VTD] Add 'force_iommu' option

I'd like to petition this patch to be included in 3.3, so that the official releases continue to fully support the TXT/tboot trust model. Joe -----Original Message----- From: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx [mailto:xen-devel-bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of Espen Skoglund Sent: Wednesday, August 06, 2008 6:02 AM To: Han, Weidong Cc: xen-devel@xxxxxxxxxxxxxxxxxxx Subject: Re: [Xen-devel] [PATCH] [VTD] Add 'force_iommu' option [Weidong Han] > For security reasons, add 'force_iommu' option to ensure that it should > not be possible under any conditions to boot Xen w/o VT-d being enabled. > This would only be specified by users that really want the added > security. Here's a followup which collects all the iommu parameters into a single parameter. Makes things more intuitive from a users perspective. eSk --- iommu: Make the iommu boot parameters more generic and flexible Make the 'iommu' boot parameter take a comma separated value indicating wheter iommu is required to boot and whether to enable iommu for pv domains. Signed-off-by: Espen Skoglund <espen.skoglund@xxxxxxxxxxxxx> diff -r 152ba12fc55c xen/drivers/passthrough/iommu.c --- a/xen/drivers/passthrough/iommu.c Wed Aug 06 13:07:34 2008 +0100 +++ b/xen/drivers/passthrough/iommu.c Wed Aug 06 13:55:46 2008 +0100 @@ -20,18 +20,48 @@ extern struct iommu_ops intel_iommu_ops; extern struct iommu_ops amd_iommu_ops; +static void parse_iommu_param(char *s); static int iommu_populate_page_table(struct domain *d); int intel_vtd_setup(void); int amd_iov_detect(void); +/* + * The 'iommu' parameter enables the IOMMU. Optional comma separated + * value may contain: + * + * off|no|false|disable Disable IOMMU (default) + * pv Enable IOMMU for PV domains + * no-pv Disable IOMMU for PV domains (default) + * force|required Don't boot unless IOMMU is enabled + */ +custom_param("iommu", parse_iommu_param); int iommu_enabled = 0; -boolean_param("iommu", iommu_enabled); +int iommu_pv_enabled = 0; +int force_iommu = 0; -int iommu_pv_enabled = 0; -boolean_param("iommu_pv", iommu_pv_enabled); +static void __init parse_iommu_param(char *s) +{ + char *ss; + iommu_enabled = 1; -int force_iommu = 0; -boolean_param("force_iommu", force_iommu); + do { + ss = strchr(s, ','); + if ( ss ) + *ss = '\0'; + + if ( !strcmp(s, "off") || !strcmp(s, "no") || !strcmp(s, "false") || + !strcmp(s, "0") || !strcmp(s, "disable") ) + iommu_enabled = 0; + else if ( !strcmp(s, "pv") ) + iommu_pv_enabled = 1; + else if ( !strcmp(s, "no-pv") ) + iommu_pv_enabled = 0; + else if ( !strcmp(s, "force") || !strcmp(s, "required") ) + force_iommu = 1; + + s = ss + 1; + } while ( ss ); +} int iommu_domain_init(struct domain *domain) { _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.