From mboxrd@z Thu Jan  1 00:00:00 1970
From: "Jan Beulich" <JBeulich@suse.com>
Subject: Re: iommu=dom0-passthrough behavior
Date: Thu, 15 Nov 2012 09:05:33 +0000
Message-ID: <50A4BE6D02000078000A8B89@nat28.tlf.novell.com>
References: <5097DB9102000078000A65C7@nat28.tlf.novell.com>
	<A9667DDFB95DB7438FA9D7D576C3D87E2B0A42@SHSMSX101.ccr.corp.intel.com>
	<50A20DE302000078000A7F6B@nat28.tlf.novell.com>
	<B6C2EB9186482D47BD0C5A9A4834564403370DFE@SHSMSX101.ccr.corp.intel.com>
	<50A223DE02000078000A7FE6@nat28.tlf.novell.com>
	<A9667DDFB95DB7438FA9D7D576C3D87E2B15EE@SHSMSX101.ccr.corp.intel.com>
	<50A23C0C02000078000A8085@nat28.tlf.novell.com>
	<B6C2EB9186482D47BD0C5A9A48345644033714CD@SHSMSX101.ccr.corp.intel.com>
	<50A2755402000078000A837D@nat28.tlf.novell.com>
	<B6C2EB9186482D47BD0C5A9A4834564403371EA4@SHSMSX101.ccr.corp.intel.com>
	<50A3AD4E02000078000A87BD@nat28.tlf.novell.com>
	<B6C2EB9186482D47BD0C5A9A4834564403374F44@SHSMSX101.ccr.corp.intel.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-bounces@lists.xen.org>
In-Reply-To: <B6C2EB9186482D47BD0C5A9A4834564403374F44@SHSMSX101.ccr.corp.intel.com>
Content-Disposition: inline
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Sender: xen-devel-bounces@lists.xen.org
Errors-To: xen-devel-bounces@lists.xen.org
To: Xiantao Zhang <xiantao.zhang@intel.com>, Yang Z Zhang <yang.z.zhang@intel.com>
Cc: "wei.huang2@amd.com" <wei.huang2@amd.com>, "weiwang.dd@gmail.com" <weiwang.dd@gmail.com>, xen-devel <xen-devel@lists.xen.org>
List-Id: xen-devel@lists.xenproject.org

>>> On 15.11.12 at 09:23, "Zhang, Xiantao" <xiantao.zhang@intel.com> wrote:

> 
>> -----Original Message-----
>> From: Jan Beulich [mailto:JBeulich@suse.com]
>> Sent: Wednesday, November 14, 2012 9:40 PM
>> To: Zhang, Xiantao; Zhang, Yang Z
>> Cc: wei.huang2@amd.com; weiwang.dd@gmail.com; xen-devel
>> Subject: RE: [Xen-devel] iommu=dom0-passthrough behavior
>> 
>> >>> On 14.11.12 at 01:37, "Zhang, Xiantao" <xiantao.zhang@intel.com>
>> wrote:
>> >> >> c) we could provide a command line option to allow fake devices to
>> >> >>     be create
>> >> >
>> >> > Agree, this maybe a feasible solution I can figure out, so far.
>> >> >
>> >> >> d) we could create context entries for all BDFs, whether or not a
>> >> >>     device exists there
>> >> >
>> >> > As I said,  this maybe bring security issue. Even for the
>> >> > iommu-passthrough option,  it is also not suggested to be used if
>> >> > security
>> > is
>> >> considered.
>> >>
>> >> As said - it is clear that the basic thing here (using
>> >> "iommu=dom0-passthrough") is already weakening security. So security
>> >> isn't the concern in this discussion, that's left to whoever is
>> >> intending to use
>> > that
>> >> option.
>> >
>> > Okay,  I vote your option C if don't care security.
>> 
>> Which, if I'm not mistaken, could be implemented entirely independent of
>> "iommu=dom0-passthrough". I'll see if that helps on the offending system.
> 
> I mean this one: 
>>>c) we could provide a command line option to allow fake devices to be create
> 
> Yes,  I don't think "iommu=dom0-passthrough" can meet your requirement.
>  We had better add a cmd line option to  pass the related information to 
> hypervisor and VT-d can create 
> the pass-through context entry  for the undetectable device.  

You misunderstood: What I was saying (and seeking confirmation)
is that I don't think the new command line option would need to
have any connection to the existing, non-suitable one. In
particular, for it to take effect, "iommu=dom0-passthrough"
wouldn't need to be specified at all.

Jan