All of lore.kernel.org
 help / color / mirror / Atom feed
From: "Jan Beulich" <JBeulich@suse.com>
To: Xiantao Zhang <xiantao.zhang@intel.com>,
	Yang Z Zhang <yang.z.zhang@intel.com>
Cc: "wei.huang2@amd.com" <wei.huang2@amd.com>,
	"weiwang.dd@gmail.com" <weiwang.dd@gmail.com>,
	xen-devel <xen-devel@lists.xen.org>
Subject: Re: iommu=dom0-passthrough behavior
Date: Tue, 13 Nov 2012 09:41:34 +0000	[thread overview]
Message-ID: <50A223DE02000078000A7FE6@nat28.tlf.novell.com> (raw)
In-Reply-To: <B6C2EB9186482D47BD0C5A9A4834564403370DFE@SHSMSX101.ccr.corp.intel.com>

>>> On 13.11.12 at 09:50, "Zhang, Xiantao" <xiantao.zhang@intel.com> wrote:
>> From: Jan Beulich [mailto:JBeulich@suse.com]
>> We need to settle on the concept here first: What specifically is said 
>> option intended to do? 
> 
> Basically,  this options just allows the transactions from dom0's devices 
> not subject to VT-d engine.  Actually,  It is not targeted to fix something, 
> but just allows users isolating VT-d issues from dom0. 
> As I know, in early days, VT-d is not that stable,   if dom0's devices are 
> controlled by VT-d,  some strange issues may trigger in system's boot stage, 
> so use this options to disable VT-d for Dom0. 

Which it doesn't, as the specific case here shows.

>> Bottom line - I'm seeking advice as to whether working around this problem
>> in the IOMMU code is desirable/necessary, or whether this is a design flaw
>> on the device's side that just cannot be tolerated with an IOMMU in the
>> picture (which would need good reasoning, so that a customer expecting
>> such a device to work regardless of IOMMU usage can understand that this
>> cannot reasonably be made work).
> 
> The issue is why the non-zero functions don't claim themselves during PCI bus 
> scan.

As said - I can't tell whether there is a secondary function in the
first place (and I didn't try to find out because it doesn't really
matter for the purpose of finding a solution/workaround).

>   From security point of view,  VT-d shouldn't allow transactions from 
> the unknown devices. 

That's inconsistent with what you say above: Either there is a way
to suppress IOMMU involvement in Dom0 operation (which is
inherently insecure), or there is not. If there is, there's no point in
claiming security for one aspect but not another.

I think it is obvious that I'm not suggesting to allow pass through of
such a device at this point (albeit even that would seem possible and,
from a customer's pov, desirable), and as long as users are aware of
the security implications when using the option under discussion here,
I don't see why that option shouldn't be made fully work. It should be
left to the admins of individual systems to decide between security
and functionality, we should provide them with ways to implement
their choice.

Otoh I'm unaware of a similar option for native Linux, yet it is
suffering the same problem on that system when DMA translation
gets turned on.

But the direction you give to the discussion doesn't lead us towards
a solution for the customer (or a profound explanation why none
is possible), so if we could please focus on that aspect again.

Jan

  reply	other threads:[~2012-11-13  9:41 UTC|newest]

Thread overview: 18+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-11-05 14:30 iommu=dom0-passthrough behavior Jan Beulich
2012-11-13  0:11 ` Zhang, Yang Z
2012-11-13  8:07   ` Jan Beulich
2012-11-13  8:50     ` Zhang, Xiantao
2012-11-13  9:41       ` Jan Beulich [this message]
2012-11-13 11:13         ` Zhang, Yang Z
2012-11-13 11:24           ` Jan Beulich
2012-11-13 15:02             ` Zhang, Xiantao
2012-11-13 15:29               ` Jan Beulich
2012-11-14  0:37                 ` Zhang, Xiantao
2012-11-14 13:40                   ` Jan Beulich
2012-11-15  8:23                     ` Zhang, Xiantao
2012-11-15  9:05                       ` Jan Beulich
2012-11-16  6:21                         ` Zhang, Xiantao
2012-11-16  8:22                           ` Jan Beulich
2012-11-16  9:26                           ` Jan Beulich
2012-11-16  9:43                             ` Zhang, Xiantao
2012-11-16  9:53                               ` Jan Beulich

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=50A223DE02000078000A7FE6@nat28.tlf.novell.com \
    --to=jbeulich@suse.com \
    --cc=wei.huang2@amd.com \
    --cc=weiwang.dd@gmail.com \
    --cc=xen-devel@lists.xen.org \
    --cc=xiantao.zhang@intel.com \
    --cc=yang.z.zhang@intel.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.