VT-d: add "iommu=workaround_bios_bug" option

Add this option to workaround BIOS bugs. Currently it ignores DRHD if "all" devices under its scope are not pci discoverable. This workarounds a BIOS bug in some platforms to make VT-d work. But note that this option doesn't guarantee security, because it might ignore DRHD. So there are 3 options which handle BIOS bugs differently: iommu=1 (default): If detect non-existent device under a DRHD's scope, or find incorrect RMRR setting (base_address > end_address), disable VT-d completely in Xen with warning messages. This guarantees security when VT-d enabled, or just disable VT-d to let Xen work without VT-d. iommu=force: it enforces to enable VT-d in Xen. If VT-d cannot be enabled, it will crashes Xen. This is mainly for users who must need VT-d. iommu=workaround_bogus_bios: it workarounds some BIOS bugs to make VT-d still work. This might be insecure because there might be a device not protected by any DRHD if the device is re-enabled by malicious s/w. This is for users who want to use VT-d regardless of security. Signed-off-by: Weidong Han <weidong.han@intel.com>
author: Keir Fraser <keir.fraser@citrix.com> 2010-01-26 07:51:20 +0000
committer: Keir Fraser <keir.fraser@citrix.com> 2010-01-26 07:51:20 +0000
commit: f30a5d2eceb2fa3d6145e7527cae7ff34cb70e49 (patch)
tree: cb10928826a954ff3dcedfcc0f166c1ece4ecfff
parent: 224c24a3df88e20c0fa4685284506c0c45b6b401 (diff)
download: xen-f30a5d2eceb2fa3d6145e7527cae7ff34cb70e49.tar.gz
xen-f30a5d2eceb2fa3d6145e7527cae7ff34cb70e49.tar.bz2
xen-f30a5d2eceb2fa3d6145e7527cae7ff34cb70e49.zip
3 files changed, 15 insertions, 5 deletions
diff --git a/xen/drivers/passthrough/iommu.c b/xen/drivers/passthrough/iommu.c
index 5c4a3d5e86..702d81afe9 100644
--- a/xen/drivers/passthrough/iommu.c
+++ b/xen/drivers/passthrough/iommu.c
@@ -30,6 +30,8 @@ static int iommu_populate_page_table(struct domain *d);
  *   pv                         Enable IOMMU for PV domains
  *   no-pv                      Disable IOMMU for PV domains (default)
  *   force|required             Don't boot unless IOMMU is enabled
+ *   workaround_bios_bug        Workaround some bios issue to still enable
+                                VT-d, don't guarantee security
  *   passthrough                Enable VT-d DMA passthrough (no DMA
  *                              translation for Dom0)
  *   no-snoop                   Disable VT-d Snoop Control
@@ -40,6 +42,7 @@ custom_param("iommu", parse_iommu_param);
 int iommu_enabled = 1;
 int iommu_pv_enabled;
 int force_iommu;
+int iommu_workaround_bios_bug;
 int iommu_passthrough;
 int iommu_snoop = 1;
 int iommu_qinval = 1;
@@ -65,6 +68,8 @@ static void __init parse_iommu_param(char *s)
             iommu_pv_enabled = 0;
         else if ( !strcmp(s, "force") || !strcmp(s, "required") )
             force_iommu = 1;
+        else if ( !strcmp(s, "workaround_bios_bug") )
+            iommu_workaround_bios_bug = 1;
         else if ( !strcmp(s, "passthrough") )
             iommu_passthrough = 1;
         else if ( !strcmp(s, "no-snoop") )
diff --git a/xen/drivers/passthrough/vtd/dmar.c b/xen/drivers/passthrough/vtd/dmar.c
index 604a2eb830..544d0115b8 100644
--- a/xen/drivers/passthrough/vtd/dmar.c
+++ b/xen/drivers/passthrough/vtd/dmar.c
@@ -421,17 +421,21 @@ acpi_parse_one_drhd(struct acpi_dmar_entry_header *header)
         if ( invalid_cnt )
         {
             xfree(dmaru);
-            if ( invalid_cnt == dmaru->scope.devices_cnt )
+
+            if ( iommu_workaround_bios_bug &&
+                 invalid_cnt == dmaru->scope.devices_cnt )
             {
                 dprintk(XENLOG_WARNING VTDPREFIX,
-                    "  Ignore the DRHD due to all devices under "
-                    "its scope are not PCI discoverable!\n");
+                    "  Workaround BIOS bug: ignore the DRHD due to all "
+                    "devices under its scope are not PCI discoverable!\n");
             }
             else
             {
                 dprintk(XENLOG_WARNING VTDPREFIX,
-                    "  The DRHD is invalid due to some devices under "
-                    "its scope are not PCI discoverable!\n");
+                    "  The DRHD is invalid due to there are devices under "
+                    "its scope are not PCI discoverable! Pls try option "
+                    "iommu=force or iommu=workaround_bios_bug if you "
+                    "really want VT-d\n");
                 ret = -EINVAL;
             }
         }
diff --git a/xen/include/xen/iommu.h b/xen/include/xen/iommu.h
index 064a96d006..6ff4ebc647 100644
--- a/xen/include/xen/iommu.h
+++ b/xen/include/xen/iommu.h
@@ -29,6 +29,7 @@
 extern int iommu_enabled;
 extern int iommu_pv_enabled;
 extern int force_iommu;
+extern int iommu_workaround_bios_bug;
 extern int iommu_passthrough;
 extern int iommu_snoop;
 extern int iommu_qinval;
author	Keir Fraser <keir.fraser@citrix.com>	2010-01-26 07:51:20 +0000
committer	Keir Fraser <keir.fraser@citrix.com>	2010-01-26 07:51:20 +0000
commit	f30a5d2eceb2fa3d6145e7527cae7ff34cb70e49 (patch)
tree	cb10928826a954ff3dcedfcc0f166c1ece4ecfff
parent	224c24a3df88e20c0fa4685284506c0c45b6b401 (diff)
download	xen-f30a5d2eceb2fa3d6145e7527cae7ff34cb70e49.tar.gz xen-f30a5d2eceb2fa3d6145e7527cae7ff34cb70e49.tar.bz2 xen-f30a5d2eceb2fa3d6145e7527cae7ff34cb70e49.zip