* [PATCH] xend: passthrough: add an option pci-passthrough-strict-check
@ 2009-09-07 10:02 Cui, Dexuan
2009-09-07 23:41 ` Simon Horman
0 siblings, 1 reply; 4+ messages in thread
From: Cui, Dexuan @ 2009-09-07 10:02 UTC (permalink / raw)
To: Keir Fraser, xen-devel
[-- Attachment #1: Type: text/plain, Size: 606 bytes --]
Currently when assigning device to HVM guest, we use the strict check for HVM
guest by default.(For PV guest we use loose check automatically if necessary.)
When we assign device to HVM guest, if we meet with the co-assignment issues or
the ACS issue (see changeset 20081: 4a517458406f), we could try changing the
option to 'no' -- however, we have to realize this may incur security issue and
we can't make sure the device assignment could really work properly even after
we do this.
The option is located in /etc/xen/xend-config.sxp:
(pci-passthrough-strict-check yes)
Thanks,
-- Dexuan
[-- Attachment #2: pci-passthrough-strict-check.patch --]
[-- Type: application/octet-stream, Size: 7102 bytes --]
xend: passthrough: add an option pci-passthrough-strict-check
Currently when assigning device to HVM guest, we use the strict check for HVM
guest by default.(For PV guest we use loose check automatically if necessary.)
When we assign device to HVM guest, if we meet with the co-assignment issues or
the ACS issue (see changeset 20081: 4a517458406f), we could try changing the
option to 'no' -- however, we have to realize this may incur security issue and
we can't make sure the device assignment could really work properly even after
we do this.
The option is located in /etc/xen/xend-config.sxp:
(pci-passthrough-strict-check yes)
Signed-off-by: Dexuan Cui <dexuan.cui@intel.com>
diff -r a2ab11e31f91 tools/examples/xend-config.sxp
--- a/tools/examples/xend-config.sxp Mon Sep 07 09:00:21 2009 +0100
+++ b/tools/examples/xend-config.sxp Mon Sep 07 17:29:45 2009 +0800
@@ -260,3 +260,10 @@
#(device-create-timeout 100)
#(device-destroy-timeout 100)
+# When assigning device to HVM guest, we use the strict check for HVM guest by
+# default. (For PV guest, we use loose check automatically if necessary.)
+# When we assign device to HVM guest, if we meet with the co-assignment
+# issues or the ACS issue, we could try changing the option to 'no' -- however,
+# we have to realize this may incur security issue and we can't make sure the
+# device assignment could really work properly even after we do this.
+#(pci-passthrough-strict-check yes)
diff -r a2ab11e31f91 tools/python/xen/util/pci.py
--- a/tools/python/xen/util/pci.py Mon Sep 07 09:00:21 2009 +0100
+++ b/tools/python/xen/util/pci.py Mon Sep 07 17:29:45 2009 +0800
@@ -1065,7 +1065,7 @@ class PciDevice:
', but it is not owned by pciback or pci-stub.'
raise PciDeviceAssignmentError(err_msg % (pci_dev, self.name))
- def do_FLR(self, is_hvm):
+ def do_FLR(self, is_hvm, strict_check):
""" Perform FLR (Functional Level Reset) for the device.
"""
if self.dev_type == DEV_TYPE_PCIe_ENDPOINT:
@@ -1084,6 +1084,8 @@ class PciDevice:
funcs = self.find_all_the_multi_functions()
if not is_hvm and (len(funcs) > 1):
+ return
+ if is_hvm and not strict_check:
return
self.devs_check_driver(funcs)
@@ -1112,6 +1114,8 @@ class PciDevice:
del devs[0]
if not is_hvm and (len(devs) > 1):
+ return
+ if is_hvm and not strict_check:
return
self.devs_check_driver(devs)
diff -r a2ab11e31f91 tools/python/xen/xend/XendDomainInfo.py
--- a/tools/python/xen/xend/XendDomainInfo.py Mon Sep 07 09:00:21 2009 +0100
+++ b/tools/python/xen/xend/XendDomainInfo.py Mon Sep 07 17:29:45 2009 +0800
@@ -311,7 +311,7 @@ def do_FLR(domid, is_hvm):
except Exception, e:
raise VmError("pci: failed to locate device and "+
"parse it's resources - "+str(e))
- dev.do_FLR(is_hvm)
+ dev.do_FLR(is_hvm, xoptions.get_pci_dev_assign_strict_check())
class XendDomainInfo:
"""An object represents a domain.
@@ -709,6 +709,9 @@ class XendDomainInfo:
# PV guest has less checkings.
if not self.info.is_hvm():
+ return
+
+ if not xoptions.get_pci_dev_assign_strict_check():
return
# Check if there is intermediate PCIe switch bewteen the device and
diff -r a2ab11e31f91 tools/python/xen/xend/XendOptions.py
--- a/tools/python/xen/xend/XendOptions.py Mon Sep 07 09:00:21 2009 +0100
+++ b/tools/python/xen/xend/XendOptions.py Mon Sep 07 17:29:45 2009 +0800
@@ -148,6 +148,10 @@ class XendOptions:
"""Default timeout for device destruction."""
device_destroy_timeout_default = 100
+ """By default, we use the strict check for HVM guest. (For PV guest, we
+ use loose check automatically if necessary."""
+ pci_dev_assign_strict_check_default = True
+
def __init__(self):
self.configure()
@@ -413,6 +417,9 @@ class XendOptions:
return self.get_config_int("device-destroy-timeout",
self.device_destroy_timeout_default)
+ def get_pci_dev_assign_strict_check(self):
+ return self.get_config_bool("pci-passthrough-strict-check",
+ self.pci_dev_assign_strict_check_default)
class XendOptionsFile(XendOptions):
diff -r a2ab11e31f91 tools/python/xen/xend/server/pciif.py
--- a/tools/python/xen/xend/server/pciif.py Mon Sep 07 09:00:21 2009 +0100
+++ b/tools/python/xen/xend/server/pciif.py Mon Sep 07 17:29:45 2009 +0800
@@ -21,6 +21,9 @@ import time
import time
from xen.xend import sxp
+from xen.xend import XendOptions
+xoptions = XendOptions.instance()
+
from xen.xend import arch
from xen.xend.XendError import VmError
from xen.xend.XendLogging import log
@@ -356,6 +359,7 @@ class PciController(DevController):
if len(pci_str_list) != len(set(pci_str_list)):
raise VmError('pci: duplicate devices specified in guest config?')
+ strict_check = xoptions.get_pci_dev_assign_strict_check()
for pci_dev in pci_dev_list:
try:
dev = PciDevice(pci_dev)
@@ -365,7 +369,8 @@ class PciController(DevController):
# Check if there is intermediate PCIe switch bewteen the device and
# Root Complex.
- if self.vm.info.is_hvm() and dev.is_behind_switch_lacking_acs():
+ if self.vm.info.is_hvm() and dev.is_behind_switch_lacking_acs() \
+ and strict_check:
err_msg = 'pci: to avoid potential security issue, %s is not'+\
' allowed to be assigned to guest since it is behind'+\
' PCIe switch that does not support or enable ACS.'
@@ -381,6 +386,8 @@ class PciController(DevController):
log.warn(err_msg % dev.name)
else:
if not self.vm.info.is_hvm():
+ continue
+ if not strict_check:
continue
funcs = dev.find_all_the_multi_functions()
@@ -405,6 +412,8 @@ class PciController(DevController):
else:
if not self.vm.info.is_hvm():
continue
+ if not strict_check:
+ continue
# All devices behind the uppermost PCI/PCI-X bridge must be\
# co-assigned to the same guest.
@@ -466,7 +475,8 @@ class PciController(DevController):
# Need to do FLR here before deassign device in order to terminate
# DMA transaction, etc
- dev.do_FLR(self.vm.info.is_hvm())
+ dev.do_FLR(self.vm.info.is_hvm(),
+ xoptions.get_pci_dev_assign_strict_check())
bdf = xc.deassign_device(fe_domid, pci_dict_to_xc_str(pci_dev))
pci_str = pci_dict_to_bdf_str(pci_dev)
[-- Attachment #3: Type: text/plain, Size: 138 bytes --]
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] xend: passthrough: add an option pci-passthrough-strict-check
2009-09-07 10:02 [PATCH] xend: passthrough: add an option pci-passthrough-strict-check Cui, Dexuan
@ 2009-09-07 23:41 ` Simon Horman
2009-09-08 0:23 ` Cui, Dexuan
0 siblings, 1 reply; 4+ messages in thread
From: Simon Horman @ 2009-09-07 23:41 UTC (permalink / raw)
To: Cui, Dexuan; +Cc: xen-devel, Keir Fraser
On Mon, Sep 07, 2009 at 06:02:02PM +0800, Cui, Dexuan wrote:
> Currently when assigning device to HVM guest, we use the strict check for HVM
> guest by default.(For PV guest we use loose check automatically if necessary.)
>
> When we assign device to HVM guest, if we meet with the co-assignment issues or
> the ACS issue (see changeset 20081: 4a517458406f), we could try changing the
> option to 'no' -- however, we have to realize this may incur security issue and
> we can't make sure the device assignment could really work properly even after
> we do this.
>
> The option is located in /etc/xen/xend-config.sxp:
> (pci-passthrough-strict-check yes)
This sounds like it opens a can of worms to me.
I take it that you have equipment and a set-up in
mind that needs this.
^ permalink raw reply [flat|nested] 4+ messages in thread
* RE: [PATCH] xend: passthrough: add an option pci-passthrough-strict-check
2009-09-07 23:41 ` Simon Horman
@ 2009-09-08 0:23 ` Cui, Dexuan
2009-09-08 1:58 ` Simon Horman
0 siblings, 1 reply; 4+ messages in thread
From: Cui, Dexuan @ 2009-09-08 0:23 UTC (permalink / raw)
To: Simon Horman; +Cc: xen-devel, Keir Fraser
By default the option is "yes" so we're safe and since the option is in the global xend config file, only an administrator can change it.
In some cases, if an administrator knows clearly what he's doing, he may want to try to use the device assignment feature at the risk of some potential security issues -- usually some of the potential issue are not very likely to occur. So I guess the option should be useful. :-)
Thanks,
-- Dexuan
-----Original Message-----
From: Simon Horman [mailto:horms@verge.net.au]
Sent: 2009?9?8? 7:42
To: Cui, Dexuan
Cc: Keir Fraser; xen-devel@lists.xensource.com
Subject: Re: [Xen-devel] [PATCH] xend: passthrough: add an option pci-passthrough-strict-check
On Mon, Sep 07, 2009 at 06:02:02PM +0800, Cui, Dexuan wrote:
> Currently when assigning device to HVM guest, we use the strict check for HVM
> guest by default.(For PV guest we use loose check automatically if necessary.)
>
> When we assign device to HVM guest, if we meet with the co-assignment issues or
> the ACS issue (see changeset 20081: 4a517458406f), we could try changing the
> option to 'no' -- however, we have to realize this may incur security issue and
> we can't make sure the device assignment could really work properly even after
> we do this.
>
> The option is located in /etc/xen/xend-config.sxp:
> (pci-passthrough-strict-check yes)
This sounds like it opens a can of worms to me.
I take it that you have equipment and a set-up in
mind that needs this.
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] xend: passthrough: add an option pci-passthrough-strict-check
2009-09-08 0:23 ` Cui, Dexuan
@ 2009-09-08 1:58 ` Simon Horman
0 siblings, 0 replies; 4+ messages in thread
From: Simon Horman @ 2009-09-08 1:58 UTC (permalink / raw)
To: Cui, Dexuan; +Cc: xen-devel, Keir Fraser
On Tue, Sep 08, 2009 at 08:23:38AM +0800, Cui, Dexuan wrote:
> By default the option is "yes" so we're safe and since the option is in the global xend config file, only an administrator can change it.
> In some cases, if an administrator knows clearly what he's doing, he may want to try to use the device assignment feature at the risk of some potential security issues -- usually some of the potential issue are not very likely to occur. So I guess the option should be useful. :-)
Ok, that sounds reasonable.
Acked-by: Simon Horman <horms@verge.net.au>
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2009-09-08 1:58 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2009-09-07 10:02 [PATCH] xend: passthrough: add an option pci-passthrough-strict-check Cui, Dexuan
2009-09-07 23:41 ` Simon Horman
2009-09-08 0:23 ` Cui, Dexuan
2009-09-08 1:58 ` Simon Horman
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.