diff options
| author | Andrew Cooper <andrew.cooper3@citrix.com> | 2011-07-08 08:57:11 +0100 |
|---|---|---|
| committer | Andrew Cooper <andrew.cooper3@citrix.com> | 2011-07-08 08:57:11 +0100 |
| commit | c2523e973bf4ba8433df9d2186194a1230cf7c3a (patch) | |
| tree | 3aa0dc4186bd524da66f44d74e01fa36bb237b61 | |
| parent | dfe164f643a2d9fa712658f55295b17c7979bfec (diff) | |
| download | xen-c2523e973bf4ba8433df9d2186194a1230cf7c3a.tar.gz xen-c2523e973bf4ba8433df9d2186194a1230cf7c3a.tar.bz2 xen-c2523e973bf4ba8433df9d2186194a1230cf7c3a.zip | |
KEXEC: disconnect all PCI devices from the PCI bus on crash
In the case of a crash, IOMMU DMA remapping gets turned off so that
the kdump kernel may boot. However, this is warned as being dangerous
in the VTD specification if a DMA transaction is in progress.
Also, in the case of a crash, DMA transactions and interrupts from
peripheral devices such as network cards are likely to keep coming in.
Without DMA remapping enabled, the transactions will be writing over
low memory, corrupting the crash state, and perhaps even the kdump
reserved memory.
Therefore, on the crash path, we can disconnect all PCI devices from
their respective buses so that they are no longer able to be DMA
busmasters. This reduces the risk of DMA transactions corrupting
state (and will also reduce spurious interrupts arriving to the kdump
kernel) until the kdump kernel and properly reset the PCI devices.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
xen-unstable changeset: 23666:b96f8bdcaa15
xen-unstable date: Fri Jul 08 08:38:35 2011 +0100
| -rw-r--r-- | xen/arch/x86/crash.c | 3 | ||||
| -rw-r--r-- | xen/drivers/passthrough/pci.c | 19 | ||||
| -rw-r--r-- | xen/include/xen/pci.h | 2 |
3 files changed, 24 insertions, 0 deletions
diff --git a/xen/arch/x86/crash.c b/xen/arch/x86/crash.c index ab18abb4d1..392c8d2395 100644 --- a/xen/arch/x86/crash.c +++ b/xen/arch/x86/crash.c @@ -28,6 +28,7 @@ #include <asm/apic.h> #include <asm/io_apic.h> #include <xen/iommu.h> +#include <xen/pci.h> static atomic_t waiting_for_crash_ipi; static unsigned int crashing_cpu; @@ -78,6 +79,8 @@ static void nmi_shootdown_cpus(void) msecs--; } + disconnect_pci_devices(); + /* Crash shutdown any IOMMU functionality as the crashdump kernel is not * happy when booting if interrupt/dma remapping is still enabled */ iommu_crash_shutdown(); diff --git a/xen/drivers/passthrough/pci.c b/xen/drivers/passthrough/pci.c index 94312c788d..7da4a93986 100644 --- a/xen/drivers/passthrough/pci.c +++ b/xen/drivers/passthrough/pci.c @@ -462,6 +462,25 @@ int __init scan_pci_devices(void) return 0; } +/* Disconnect all PCI devices from the PCI buses. From the PCI spec: + * "When a 0 is written to [the COMMAND] register, the device is + * logically disconnected from the PCI bus for all accesses except + * configuration accesses. All devices are required to support + * this base level of functionality." + */ +void disconnect_pci_devices(void) +{ + struct pci_dev *pdev; + + spin_lock(&pcidevs_lock); + + list_for_each_entry ( pdev, &alldevs_list, alldevs_list ) + pci_conf_write16(pdev->bus, PCI_SLOT(pdev->devfn), + PCI_FUNC(pdev->devfn), PCI_COMMAND, 0); + + spin_unlock(&pcidevs_lock); +} + #ifdef SUPPORT_MSI_REMAPPING static void dump_pci_devices(unsigned char ch) { diff --git a/xen/include/xen/pci.h b/xen/include/xen/pci.h index 40c9847335..67dea10e59 100644 --- a/xen/include/xen/pci.h +++ b/xen/include/xen/pci.h @@ -92,6 +92,8 @@ int pci_add_device_ext(u8 bus, u8 devfn, struct pci_dev_info *info); struct pci_dev *pci_get_pdev(int bus, int devfn); struct pci_dev *pci_get_pdev_by_domain(struct domain *d, int bus, int devfn); +void disconnect_pci_devices(void); + uint8_t pci_conf_read8( unsigned int bus, unsigned int dev, unsigned int func, unsigned int reg); uint16_t pci_conf_read16( |