Re: [XEN PATCH] tools/libs/light/libxl_pci.c: explicitly grant access to Intel IGD opregion

[Jason Andryuk <jandryuk@xxxxxxxxx>]

On Wed, Mar 30, 2022 at 11:54 PM Chuck Zmudzinski <brchuckz@xxxxxxxxxxxx> wrote:
>
> On 3/30/22 1:27 PM, Andrew Cooper wrote:
> > On 30/03/2022 18:15, Anthony PERARD wrote:
> >>
> >> Some more though on that, looking at QEMU, it seems that there's already
> >> a call to xc_domain_iomem_permission(), in igd_write_opregion().
> > This has been discussed before, but noone's done anything about it.
> > It's a massive layering violation for QEMU to issue
> > xc_domain_iomem_permission()/etc hypercalls.
> >
> > It should be the toolstack, and only the toolstack, which makes
> > permissions hypercalls, which in turn will fix a slew of "QEMU doesn't
> > work when it doesn't have dom0 superpowers" bugs with stubdomains.
>
> How much say does the Xen project have over the code
> in Qemu under hw/xen? I would not be against having libxl
> do the permissions hypercalls in this case instead of Qemu
> doing it. My test with Qemu traditional and this patch proves
> the permission can be granted by libxl instead of the device
> model.

Qubes patches libxl and QEMU, and they move the hypercalls to the
toolstack.  They are using linux stubdoms, and I think it works for
them.

QEMU:
https://github.com/QubesOS/qubes-vmm-xen-stubdom-linux/blob/master/qemu/patches/0015-IGD-fix-undefined-behaviour.patch
https://github.com/QubesOS/qubes-vmm-xen-stubdom-linux/blob/master/qemu/patches/0016-IGD-improve-legacy-vbios-handling.patch
https://github.com/QubesOS/qubes-vmm-xen-stubdom-linux/blob/master/qemu/patches/0017-IGD-move-enabling-opregion-access-to-libxl.patch
libxl:
https://github.com/QubesOS/qubes-vmm-xen/blob/xen-4.14/patch-fix-igd-passthrough-with-linux-stubdomain.patch
maybe this one, too:
https://github.com/QubesOS/qubes-vmm-xen/blob/xen-4.14/patch-libxl-automatically-enable-gfx_passthru-if-IGD-is-as.patch

Regards,
Jason