[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] VT-d: Tylersburg errata apply to further steppings


  • To: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
  • From: Jan Beulich <jbeulich@xxxxxxxx>
  • Date: Wed, 18 Aug 2021 14:02:43 +0200
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=AaF4+4uygjMfOWH5UZKPDItCFvCiNzrP3PQhde84PV8=; b=IcqcKGaiHaCL57eCF1tdyh+t5UtEG2xylTpmsh1bOb/715gUlnNDyfvKvv0E+FtWCHEtUg0aVrVZaXdbis/f8+hx6itQKyEvFyoQC0i4lqfT497/Rs+dqRlMmijeSnMqlymbF5mQmZ0T5F4jOu3gMVhXNQWstbU2Kz+6iVejajaHMf6P08hOoZ0XWcgn8ITjecYgWtbcCfs5NhPFLQ7mZ2udAVapElMdBKXn+tOWGK6lXJoR4awkHEbgyBqGr3V81qQmtX87wwLUzzdraRcaIGmzVF6kyrSOODsSObzaEYEhB5ezydCPG9GrCNBhLjgiBWbZUGbmzryyFBfzUVbquQ==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Liwf0CQzohgP7n5hu1Njfp+b4uppAlGQxRn73m+2ZrlkUcCWzt0El5yJX6eaV9dmYfpyIMU8LFS29kou5r0QpgYACt1++FsE4rli1XE8n+LJ1669b2ui6DLIhKTQeK+I5V8fCIFmO6HfW8cVAqptR0xyk+mtPefhuHeD8vGuj5mfyjTQKuE/mooOXqlIl50zZrbt+OxmZbxjkvOQBqrDCeWAByZIwnm+j8JfyXOh85s3Wbdc0NSWEkXdUBE7U1Rlu2vaW8CcJvE5ncxJze+PX83JNSPUHL3EOhpOFV3HDqRUWExJC/+gVzR6VD0CVOo8JjnZQ34jcdyyaC3TADpBiw==
  • Authentication-results: lists.xenproject.org; dkim=none (message not signed) header.d=none;lists.xenproject.org; dmarc=none action=none header.from=suse.com;
  • Cc: Kevin Tian <kevin.tian@xxxxxxxxx>, Marek Marczykowski-Górecki <marmarek@xxxxxxxxxxxxxxxxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • Delivery-date: Wed, 18 Aug 2021 12:02:56 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 18.08.2021 13:32, Andrew Cooper wrote:
> On 03/08/2021 12:13, Jan Beulich wrote:
>> While for 5500 and 5520 chipsets only B3 and C2 are mentioned in the
>> spec update, X58's also mentions B2, and searching the internet suggests
>> systems with this stepping are actually in use. Even worse, for X58
>> erratum #69 is marked applicable even to C2. Split the check to cover
>> all applicable steppings and to also report applicable errata numbers in
>> the log message. The splitting requires using the DMI port instead of
>> the System Management Registers device, but that's then in line (also
>> revision checking wise) with the spec updates.
>>
>> Fixes: 6890cebc6a98 ("VT-d: deal with 5500/5520/X58 errata")
>> Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
>> ---
>> As to disabling just interrupt remapping (as the initial version of the
>> original patch did) vs disabling the IOMMU as a whole: Using a less
>> heavy workaround would of course be desirable, but then we need to
>> ensure not to misguide the tool stack about the state of the system.
> 
> This reasoning is buggy.
> 
> This errata is very specifically to do with interrupt remapping only. 
> Disabling the whole IOMMU in response is inappropriate.

That's your view, and I accept it as a reasonable one. I don't accept
it as being the only reasonable one though, and hence I object to you
tagging other views (here just like in various cases elsewhere) as
"buggy" (or sometimes worse).

>> It uses the PHYSCAP_directio sysctl output to determine whether PCI pass-
>> through can be made use of, yet that flag is driven by "iommu_enabled"
>> alone, without regard to the setting of "iommu_intremap".
> 
> The fact that range of hardware, including Tylersburg, don't have
> interrupt remapping, and noone plumbed this nicely to the toolstack is
> suboptimal.
> 
> But it is wholly inappropriate to punish users with Tylersburg hardware
> because you don't like the fact that the toolstack can't see when
> interrupt remapping is off.  The two issues are entirely orthogonal.
> 
> Tylersburg (taking this erratum into account) works just as well as and
> securely as several previous generations of hardware, and should behave
> the same.

Should behave the same - yes. Previous generations without interrupt
remapping also shouldn't allow pass-through by default, i.e. require
admin consent to run guests in this less secure mode (except, perhaps,
for devices without interrupts, albeit I'm unaware of ways to tell).

Jan




 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.