[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v4 4/5] amd/iommu: assign iommu devices to Xen

On Wed, Nov 14, 2018 at 12:33:46PM +0000, Andrew Cooper wrote:
> On 14/11/2018 11:57, Roger Pau Monne wrote:
> > AMD IOMMU devices are exposed on the PCI bus, and thus are assigned by
> > default to the hardware domain. This can cause issues because the
> > IOMMU devices are not behind an IOMMU, and conceptually it's also wrong
> > to give the hardware domain ownership of those devices since they are
> > in use by Xen.
> >
> > Fix this by assigning the PCI IOMMU devices to Xen.
> >
> > Signed-off-by: Roger Pau Monné <roger.pau@xxxxxxxxxx>
> This is unfortunately a symptom of much more basic bug in Xen.
> Particularly on recent server parts, there are many PCI devices which
> represent processor internals and aren't safe to give even to dom0.
> There should be a whitelist of devices we consider safe, not a blacklist
> of those we know to be unsafe.
> Most of this can be class based, and perhaps we can default-allow all
> devices which are slots in a root port, but I am -1 to this patch
> because it is fixing a symptom, not the problem.

While the whitelisting sounds fine to me, I still think we need this
patch anyway.

If we look at the IOMMU specific case, the device class should be 8
(system peripheral) and subclass 6 (IOMMU), but it's quite likely
there are IOMMU devices with class 8 and subclass 0x80 (generic

In the above case we know for sure the sbdf of the IOMMU devices, so I
think it doesn't hurt to assign them to Xen straight away, regardless
of whether we end up doing a whitelisting before assigning devices to
the hardware domain.

Thanks, Roger.

Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.