diff options
author | Keir Fraser <keir.fraser@citrix.com> | 2010-01-26 07:51:20 +0000 |
---|---|---|
committer | Keir Fraser <keir.fraser@citrix.com> | 2010-01-26 07:51:20 +0000 |
commit | f30a5d2eceb2fa3d6145e7527cae7ff34cb70e49 (patch) | |
tree | cb10928826a954ff3dcedfcc0f166c1ece4ecfff | |
parent | 224c24a3df88e20c0fa4685284506c0c45b6b401 (diff) | |
download | xen-f30a5d2eceb2fa3d6145e7527cae7ff34cb70e49.tar.gz xen-f30a5d2eceb2fa3d6145e7527cae7ff34cb70e49.tar.bz2 xen-f30a5d2eceb2fa3d6145e7527cae7ff34cb70e49.zip |
VT-d: add "iommu=workaround_bios_bug" option
Add this option to workaround BIOS bugs. Currently it ignores DRHD
if "all" devices under its scope are not pci discoverable. This
workarounds a BIOS bug in some platforms to make VT-d work. But note
that this option doesn't guarantee security, because it might ignore
DRHD.
So there are 3 options which handle BIOS bugs differently:
iommu=1 (default): If detect non-existent device under a DRHD's
scope, or find incorrect RMRR setting (base_address > end_address),
disable VT-d completely in Xen with warning messages. This guarantees
security when VT-d enabled, or just disable VT-d to let Xen work
without VT-d.
iommu=force: it enforces to enable VT-d in Xen. If VT-d cannot be
enabled, it will crashes Xen. This is mainly for users who must need
VT-d.
iommu=workaround_bogus_bios: it workarounds some BIOS bugs to make
VT-d still work. This might be insecure because there might be a
device not protected by any DRHD if the device is re-enabled by
malicious s/w. This is for users who want to use VT-d regardless of
security.
Signed-off-by: Weidong Han <weidong.han@intel.com>
-rw-r--r-- | xen/drivers/passthrough/iommu.c | 5 | ||||
-rw-r--r-- | xen/drivers/passthrough/vtd/dmar.c | 14 | ||||
-rw-r--r-- | xen/include/xen/iommu.h | 1 |
3 files changed, 15 insertions, 5 deletions
diff --git a/xen/drivers/passthrough/iommu.c b/xen/drivers/passthrough/iommu.c index 5c4a3d5e86..702d81afe9 100644 --- a/xen/drivers/passthrough/iommu.c +++ b/xen/drivers/passthrough/iommu.c @@ -30,6 +30,8 @@ static int iommu_populate_page_table(struct domain *d); * pv Enable IOMMU for PV domains * no-pv Disable IOMMU for PV domains (default) * force|required Don't boot unless IOMMU is enabled + * workaround_bios_bug Workaround some bios issue to still enable + VT-d, don't guarantee security * passthrough Enable VT-d DMA passthrough (no DMA * translation for Dom0) * no-snoop Disable VT-d Snoop Control @@ -40,6 +42,7 @@ custom_param("iommu", parse_iommu_param); int iommu_enabled = 1; int iommu_pv_enabled; int force_iommu; +int iommu_workaround_bios_bug; int iommu_passthrough; int iommu_snoop = 1; int iommu_qinval = 1; @@ -65,6 +68,8 @@ static void __init parse_iommu_param(char *s) iommu_pv_enabled = 0; else if ( !strcmp(s, "force") || !strcmp(s, "required") ) force_iommu = 1; + else if ( !strcmp(s, "workaround_bios_bug") ) + iommu_workaround_bios_bug = 1; else if ( !strcmp(s, "passthrough") ) iommu_passthrough = 1; else if ( !strcmp(s, "no-snoop") ) diff --git a/xen/drivers/passthrough/vtd/dmar.c b/xen/drivers/passthrough/vtd/dmar.c index 604a2eb830..544d0115b8 100644 --- a/xen/drivers/passthrough/vtd/dmar.c +++ b/xen/drivers/passthrough/vtd/dmar.c @@ -421,17 +421,21 @@ acpi_parse_one_drhd(struct acpi_dmar_entry_header *header) if ( invalid_cnt ) { xfree(dmaru); - if ( invalid_cnt == dmaru->scope.devices_cnt ) + + if ( iommu_workaround_bios_bug && + invalid_cnt == dmaru->scope.devices_cnt ) { dprintk(XENLOG_WARNING VTDPREFIX, - " Ignore the DRHD due to all devices under " - "its scope are not PCI discoverable!\n"); + " Workaround BIOS bug: ignore the DRHD due to all " + "devices under its scope are not PCI discoverable!\n"); } else { dprintk(XENLOG_WARNING VTDPREFIX, - " The DRHD is invalid due to some devices under " - "its scope are not PCI discoverable!\n"); + " The DRHD is invalid due to there are devices under " + "its scope are not PCI discoverable! Pls try option " + "iommu=force or iommu=workaround_bios_bug if you " + "really want VT-d\n"); ret = -EINVAL; } } diff --git a/xen/include/xen/iommu.h b/xen/include/xen/iommu.h index 064a96d006..6ff4ebc647 100644 --- a/xen/include/xen/iommu.h +++ b/xen/include/xen/iommu.h @@ -29,6 +29,7 @@ extern int iommu_enabled; extern int iommu_pv_enabled; extern int force_iommu; +extern int iommu_workaround_bios_bug; extern int iommu_passthrough; extern int iommu_snoop; extern int iommu_qinval; |