[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] VT-d: Tylersburg errata apply to further steppings

  • To: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
  • From: Jan Beulich <jbeulich@xxxxxxxx>
  • Date: Wed, 18 Aug 2021 14:02:43 +0200
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=AaF4+4uygjMfOWH5UZKPDItCFvCiNzrP3PQhde84PV8=; b=IcqcKGaiHaCL57eCF1tdyh+t5UtEG2xylTpmsh1bOb/715gUlnNDyfvKvv0E+FtWCHEtUg0aVrVZaXdbis/f8+hx6itQKyEvFyoQC0i4lqfT497/Rs+dqRlMmijeSnMqlymbF5mQmZ0T5F4jOu3gMVhXNQWstbU2Kz+6iVejajaHMf6P08hOoZ0XWcgn8ITjecYgWtbcCfs5NhPFLQ7mZ2udAVapElMdBKXn+tOWGK6lXJoR4awkHEbgyBqGr3V81qQmtX87wwLUzzdraRcaIGmzVF6kyrSOODsSObzaEYEhB5ezydCPG9GrCNBhLjgiBWbZUGbmzryyFBfzUVbquQ==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Liwf0CQzohgP7n5hu1Njfp+b4uppAlGQxRn73m+2ZrlkUcCWzt0El5yJX6eaV9dmYfpyIMU8LFS29kou5r0QpgYACt1++FsE4rli1XE8n+LJ1669b2ui6DLIhKTQeK+I5V8fCIFmO6HfW8cVAqptR0xyk+mtPefhuHeD8vGuj5mfyjTQKuE/mooOXqlIl50zZrbt+OxmZbxjkvOQBqrDCeWAByZIwnm+j8JfyXOh85s3Wbdc0NSWEkXdUBE7U1Rlu2vaW8CcJvE5ncxJze+PX83JNSPUHL3EOhpOFV3HDqRUWExJC/+gVzR6VD0CVOo8JjnZQ34jcdyyaC3TADpBiw==
  • Authentication-results: lists.xenproject.org; dkim=none (message not signed) header.d=none;lists.xenproject.org; dmarc=none action=none header.from=suse.com;
  • Cc: Kevin Tian <kevin.tian@xxxxxxxxx>, Marek Marczykowski-Górecki <marmarek@xxxxxxxxxxxxxxxxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • Delivery-date: Wed, 18 Aug 2021 12:02:56 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 18.08.2021 13:32, Andrew Cooper wrote:
> On 03/08/2021 12:13, Jan Beulich wrote:
>> While for 5500 and 5520 chipsets only B3 and C2 are mentioned in the
>> spec update, X58's also mentions B2, and searching the internet suggests
>> systems with this stepping are actually in use. Even worse, for X58
>> erratum #69 is marked applicable even to C2. Split the check to cover
>> all applicable steppings and to also report applicable errata numbers in
>> the log message. The splitting requires using the DMI port instead of
>> the System Management Registers device, but that's then in line (also
>> revision checking wise) with the spec updates.
>>
>> Fixes: 6890cebc6a98 ("VT-d: deal with 5500/5520/X58 errata")
>> Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
>> ---
>> As to disabling just interrupt remapping (as the initial version of the
>> original patch did) vs disabling the IOMMU as a whole: Using a less
>> heavy workaround would of course be desirable, but then we need to
>> ensure not to misguide the tool stack about the state of the system.
> 
> This reasoning is buggy.
> 
> This errata is very specifically to do with interrupt remapping only. 
> Disabling the whole IOMMU in response is inappropriate.

That's your view, and I accept it as a reasonable one. I don't accept
it as being the only reasonable one though, and hence I object to you
tagging other views (here just like in various cases elsewhere) as
"buggy" (or sometimes worse).

>> It uses the PHYSCAP_directio sysctl output to determine whether PCI pass-
>> through can be made use of, yet that flag is driven by "iommu_enabled"
>> alone, without regard to the setting of "iommu_intremap".
> 
> The fact that range of hardware, including Tylersburg, don't have
> interrupt remapping, and noone plumbed this nicely to the toolstack is
> suboptimal.
> 
> But it is wholly inappropriate to punish users with Tylersburg hardware
> because you don't like the fact that the toolstack can't see when
> interrupt remapping is off.  The two issues are entirely orthogonal.
> 
> Tylersburg (taking this erratum into account) works just as well as and
> securely as several previous generations of hardware, and should behave
> the same.

Should behave the same - yes. Previous generations without interrupt
remapping also shouldn't allow pass-through by default, i.e. require
admin consent to run guests in this less secure mode (except, perhaps,
for devices without interrupts, albeit I'm unaware of ways to tell).

Jan

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.