[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH 15/16] xen/vtd: prevent from assign the device with shared rmrr



>>> On 03.09.15 at 21:39, <tamas.k.lengyel@xxxxxxxxx> wrote:
> So this change in 4.6 prevents me from passing through devices that have
> worked previously with VT-d:
> 
> (XEN) [VT-D] cannot assign 0000:00:1a.0 with shared RMRR at ae8a9000 for
> Dom30.
> (XEN) [VT-D] cannot assign 0000:00:1d.0 with shared RMRR at ae8a9000 for
> Dom31.
> 
> The devices are the USB 2.0 devices on a DQ67SW motherboard:
> 
> 00:1a.0 USB controller: Intel Corporation 6 Series/C200 Series Chipset
> Family USB Enhanced Host Controller #2 (rev 04)
> 00:1d.0 USB controller: Intel Corporation 6 Series/C200 Series Chipset
> Family USB Enhanced Host Controller #1 (rev 04)

Please don't top post. And I'm also puzzled by you sending this to
Ian rather than the author.

Technically - Tiejun, should this perhaps be permitted in relaxed
mode, at least until group assignment gets implemented? (Or
Tamas, do you actually mean to assign these to _different_
guests, considering the log fragment above?)

Jan

> On Wed, Jul 22, 2015 at 9:44 AM, Ian Jackson <ian.jackson@xxxxxxxxxxxxx>
> wrote:
> 
>> From: Tiejun Chen <tiejun.chen@xxxxxxxxx>
>>
>> Currently we're intending to cover this kind of devices
>> with shared RMRR simply since the case of shared RMRR is
>> a rare case according to our previous experiences. But
>> late we can group these devices which shared rmrr, and
>> then allow all devices within a group to be assigned to
>> same domain.
>>
>> CC: Yang Zhang <yang.z.zhang@xxxxxxxxx>
>> CC: Kevin Tian <kevin.tian@xxxxxxxxx>
>> Signed-off-by: Tiejun Chen <tiejun.chen@xxxxxxxxx>
>> Acked-by: Kevin Tian <kevin.tian@xxxxxxxxx>
>> ---
>>  xen/drivers/passthrough/vtd/iommu.c |   30 +++++++++++++++++++++++++++---
>>  1 file changed, 27 insertions(+), 3 deletions(-)
>>
>> diff --git a/xen/drivers/passthrough/vtd/iommu.c
>> b/xen/drivers/passthrough/vtd/iommu.c
>> index 8a8d763..ce5c295 100644
>> --- a/xen/drivers/passthrough/vtd/iommu.c
>> +++ b/xen/drivers/passthrough/vtd/iommu.c
>> @@ -2293,13 +2293,37 @@ static int intel_iommu_assign_device(
>>      if ( list_empty(&acpi_drhd_units) )
>>          return -ENODEV;
>>
>> +    seg = pdev->seg;
>> +    bus = pdev->bus;
>> +    /*
>> +     * In rare cases one given rmrr is shared by multiple devices but
>> +     * obviously this would put the security of a system at risk. So
>> +     * we should prevent from this sort of device assignment.
>> +     *
>> +     * TODO: in the future we can introduce group device assignment
>> +     * interface to make sure devices sharing RMRR are assigned to the
>> +     * same domain together.
>> +     */
>> +    for_each_rmrr_device( rmrr, bdf, i )
>> +    {
>> +        if ( rmrr->segment == seg &&
>> +             PCI_BUS(bdf) == bus &&
>> +             PCI_DEVFN2(bdf) == devfn &&
>> +             rmrr->scope.devices_cnt > 1 )
>> +        {
>> +            printk(XENLOG_G_ERR VTDPREFIX
>> +                   " cannot assign %04x:%02x:%02x.%u"
>> +                   " with shared RMRR at %"PRIx64" for Dom%d.\n",
>> +                   seg, bus, PCI_SLOT(devfn), PCI_FUNC(devfn),
>> +                   rmrr->base_address, d->domain_id);
>> +            return -EPERM;
>> +        }
>> +    }
>> +
>>      ret = reassign_device_ownership(hardware_domain, d, devfn, pdev);
>>      if ( ret )
>>          return ret;
>>
>> -    seg = pdev->seg;
>> -    bus = pdev->bus;
>> -
>>      /* Setup rmrr identity mapping */
>>      for_each_rmrr_device( rmrr, bdf, i )
>>      {
>> --
>> 1.7.10.4
>>
>>
>> _______________________________________________
>> Xen-devel mailing list
>> Xen-devel@xxxxxxxxxxxxx 
>> http://lists.xen.org/xen-devel 
>>




_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.