debuggers.hg

changeset 20896:9ec971345d9f

VT-d: add "iommu=workaround_bios_bug" option

Add this option to workaround BIOS bugs. Currently it ignores DRHD
if "all" devices under its scope are not pci discoverable. This
workarounds a BIOS bug in some platforms to make VT-d work. But note
that this option doesn't guarantee security, because it might ignore
DRHD.

So there are 3 options which handle BIOS bugs differently:
iommu=1 (default): If detect non-existent device under a DRHD's
scope, or find incorrect RMRR setting (base_address > end_address),
disable VT-d completely in Xen with warning messages. This guarantees
security when VT-d enabled, or just disable VT-d to let Xen work
without VT-d.
iommu=force: it enforces to enable VT-d in Xen. If VT-d cannot be
enabled, it will crashes Xen. This is mainly for users who must need
VT-d.
iommu=workaround_bogus_bios: it workarounds some BIOS bugs to make
VT-d still work. This might be insecure because there might be a
device not protected by any DRHD if the device is re-enabled by
malicious s/w. This is for users who want to use VT-d regardless of
security.

Signed-off-by: Weidong Han <weidong.han@intel.com>
author Keir Fraser <keir.fraser@citrix.com>
date Tue Jan 26 07:51:20 2010 +0000 (2010-01-26)
parents 23a2ae169779
children e5e4573bcaba
files xen/drivers/passthrough/iommu.c xen/drivers/passthrough/vtd/dmar.c xen/include/xen/iommu.h
line diff
     1.1 --- a/xen/drivers/passthrough/iommu.c	Tue Jan 26 07:50:04 2010 +0000
     1.2 +++ b/xen/drivers/passthrough/iommu.c	Tue Jan 26 07:51:20 2010 +0000
     1.3 @@ -30,6 +30,8 @@ static int iommu_populate_page_table(str
     1.4   *   pv                         Enable IOMMU for PV domains
     1.5   *   no-pv                      Disable IOMMU for PV domains (default)
     1.6   *   force|required             Don't boot unless IOMMU is enabled
     1.7 + *   workaround_bios_bug        Workaround some bios issue to still enable
     1.8 +                                VT-d, don't guarantee security
     1.9   *   passthrough                Enable VT-d DMA passthrough (no DMA
    1.10   *                              translation for Dom0)
    1.11   *   no-snoop                   Disable VT-d Snoop Control
    1.12 @@ -40,6 +42,7 @@ custom_param("iommu", parse_iommu_param)
    1.13  int iommu_enabled = 1;
    1.14  int iommu_pv_enabled;
    1.15  int force_iommu;
    1.16 +int iommu_workaround_bios_bug;
    1.17  int iommu_passthrough;
    1.18  int iommu_snoop = 1;
    1.19  int iommu_qinval = 1;
    1.20 @@ -65,6 +68,8 @@ static void __init parse_iommu_param(cha
    1.21              iommu_pv_enabled = 0;
    1.22          else if ( !strcmp(s, "force") || !strcmp(s, "required") )
    1.23              force_iommu = 1;
    1.24 +        else if ( !strcmp(s, "workaround_bios_bug") )
    1.25 +            iommu_workaround_bios_bug = 1;
    1.26          else if ( !strcmp(s, "passthrough") )
    1.27              iommu_passthrough = 1;
    1.28          else if ( !strcmp(s, "no-snoop") )
     2.1 --- a/xen/drivers/passthrough/vtd/dmar.c	Tue Jan 26 07:50:04 2010 +0000
     2.2 +++ b/xen/drivers/passthrough/vtd/dmar.c	Tue Jan 26 07:51:20 2010 +0000
     2.3 @@ -421,17 +421,21 @@ acpi_parse_one_drhd(struct acpi_dmar_ent
     2.4          if ( invalid_cnt )
     2.5          {
     2.6              xfree(dmaru);
     2.7 -            if ( invalid_cnt == dmaru->scope.devices_cnt )
     2.8 +
     2.9 +            if ( iommu_workaround_bios_bug &&
    2.10 +                 invalid_cnt == dmaru->scope.devices_cnt )
    2.11              {
    2.12                  dprintk(XENLOG_WARNING VTDPREFIX,
    2.13 -                    "  Ignore the DRHD due to all devices under "
    2.14 -                    "its scope are not PCI discoverable!\n");
    2.15 +                    "  Workaround BIOS bug: ignore the DRHD due to all "
    2.16 +                    "devices under its scope are not PCI discoverable!\n");
    2.17              }
    2.18              else
    2.19              {
    2.20                  dprintk(XENLOG_WARNING VTDPREFIX,
    2.21 -                    "  The DRHD is invalid due to some devices under "
    2.22 -                    "its scope are not PCI discoverable!\n");
    2.23 +                    "  The DRHD is invalid due to there are devices under "
    2.24 +                    "its scope are not PCI discoverable! Pls try option "
    2.25 +                    "iommu=force or iommu=workaround_bios_bug if you "
    2.26 +                    "really want VT-d\n");
    2.27                  ret = -EINVAL;
    2.28              }
    2.29          }
     3.1 --- a/xen/include/xen/iommu.h	Tue Jan 26 07:50:04 2010 +0000
     3.2 +++ b/xen/include/xen/iommu.h	Tue Jan 26 07:51:20 2010 +0000
     3.3 @@ -29,6 +29,7 @@
     3.4  extern int iommu_enabled;
     3.5  extern int iommu_pv_enabled;
     3.6  extern int force_iommu;
     3.7 +extern int iommu_workaround_bios_bug;
     3.8  extern int iommu_passthrough;
     3.9  extern int iommu_snoop;
    3.10  extern int iommu_qinval;