|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: BUG: libxenlight fails to grant permission to access Intel IGD Opregion
On 3/11/22 3:09 AM, Jan Beulich wrote: On 11.03.2022 06:01, Chuck Zmudzinski wrote:Here is the patch that fixes the bug on Debian sid/Xen 4.16:As to an actual patch for us to take - please see docs/process/sending-patches.pandoc for the formal requirements. (Note this was recently introduced, so you won't find it in the 4.16 sources. But your patch wants to be against latest staging anyway.) Jan OK, I took a look at the process and I also studied this issue more closely, and my conclusion is that I would not recommend fixing this old bug now until we have a better idea about how good our current tests for the Intel IGD are. AFAICT, if our tests for the Intel IGD result in a false positive, then hvmloader will map three pages in the guest for the IGD opregion, but the mapped memory would certainly not be the expected IGD opregion if the device is not actually an IGD or GPU with an opregion. In such a case, we would be mapping three pages of unexpected memory to the guest. So before proposing a patch that would fix this bug but have the unintended consequence of allowing access to unexpected memory in the case of a false positive detection of an Intel IGD, I will first spend some time deciding if a more accurate and reliable test is needed to determine if a PCI device with class VGA and vendor Intel actually has an IGD opregion. Once I am confident that the risk of a false positive when testing for the Intel IGD is acceptably low , then I would consider submitting a patch that fixes this bug. Our tests check if the PCI device has class VGA and that the vendor is Intel, and we also check if the gfx_passthru option is enabled. Those tests are applied both in hvmloader and in libxenlight to decide about mapping the IGD opregion to the guest and informing Qemu about the mapped address. I don't think these tests for the Intel IGD account for recent developments such as newer discrete Intel GPUs that might not have an IGD opregion, nor do they account for older Intel IGDs/GPUs that also might not have an IGD opregion. I think some time is needed to look at the i915 Linux kernel driver code to more precisely identify the devices that need access to the IGD opregion. Other devices either are not compatible with the feature of VGA passthrough or do not need to have access to the IGD opregion. With this information, a patch can be developed that will more accurately determine when the guest needs access to the IGD opregion. With such a patch committed in Xen, I would be more comfortable submitting a fix for this bug. Regards, Chuck
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |