Xen project Mailing List

Re: [Xen-devel] [PATCH v2] libxl: disallow PCI device assignment for HVM guest when PoD is enabled

To: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>

From: Ian Campbell <Ian.Campbell@xxxxxxxxxx>

Date: Wed, 15 Jan 2014 14:12:23 +0000

Cc: George Dunlap <george.dunlap@xxxxxxxxxxxxx>, Ian Jackson <ian.jackson@xxxxxxxxxxxxx>, Wei Liu <wei.liu2@xxxxxxxxxx>, xen-devel@xxxxxxxxxxxxx

Delivery-date: Wed, 15 Jan 2014 14:13:12 +0000

List-id: Xen developer discussion <xen-devel.lists.xen.org>

On Tue, 2014-01-14 at 14:54 +0000, Andrew Cooper wrote: > On 14/01/14 14:50, Ian Campbell wrote: > > On Mon, 2014-01-13 at 11:52 +0000, Wei Liu wrote: > >> This replicates a Xend behavior, see ec789523749 ("xend: Dis-allow > >> device assignment if PoD is enabled."). > >> > >> This change is restricted to HVM guest, as only HVM is relevant in the > >> counterpart in Xend. We're late in release cycle so the change should > >> only do what's necessary. Probably we can revisit it if we need to do > >> the same thing for PV guest in the future. > >> > >> Signed-off-by: Wei Liu <wei.liu2@xxxxxxxxxx> > > Acked-by: Ian Campbell <ian.campbell@xxxxxxxxxx> > > > > Release hat: The risk here is of a false positive detecting whether PoD > > would be used and therefore refusing to start a domain. However Wei > > directed me earlier on to the code in setup_guest which sets > > XENMEMF_populate_on_demand and I believe it is using the same logic. > > > > The benefit of this is that it will stop people starting a domain in an > > invalid configuration -- but what is the downside here? Is it an > > unhandled IOMMU fault or another host-fatal error? That would make the > > argument for taking this patch pretty strong. On the other hand if the > > failure were simply to kill this domain, that would be a less serious > > issue and I'd be in two minds, mainly due to George not being here to > > confirm that the pod_enabled logic is correct (although if he were here > > I wouldn't be wrestling with this question at all ;-)). > > > > I'm leaning towards taking this fix, but I'd really like to know what > > the current failure case looks like. > > > > Ian. > > The answer is likely hardware specific. > > An IOMMU fault (however handled by Xen) will result in a master abort on > the DMA transaction for the PCI device which has suffered the fault. > That device can then do anything from continue blindly to issuing an NMI > IOCK/SERR which will likely be fatal to the entire server. Thanks, that tips me over into: Release-ack: Ian Campbell I applied, there was a reject against "libxl: Auto-assign NIC devids in initiate_domain_create" which I fixed up. _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.