RE: [PATCH v4] IOMMU: make DMA containment of quarantined devices optional

2020-11-30 Thread Paul Durrant
> -Original Message- > From: Jan Beulich > Sent: 30 November 2020 11:59 > To: p...@xen.org > Cc: 'Andrew Cooper' ; 'Kevin Tian' > ; xen- > de...@lists.xenproject.org > Subject: Re: [PATCH v4] IOMMU: make DMA containment of quarantined device

Re: [PATCH v4] IOMMU: make DMA containment of quarantined devices optional

2020-11-30 Thread Jan Beulich
On 30.11.2020 11:45, Paul Durrant wrote: >> From: Jan Beulich >> Sent: 27 November 2020 16:46 >> >> --- a/docs/misc/xen-command-line.pandoc >> +++ b/docs/misc/xen-command-line.pandoc >> @@ -1278,7 +1278,7 @@ detection of systems known to misbehave >> > Default: `new` unless directed-EOI is suppor

RE: [PATCH v4] IOMMU: make DMA containment of quarantined devices optional

2020-11-30 Thread Paul Durrant
> -Original Message- > From: Jan Beulich > Sent: 27 November 2020 16:46 > To: xen-devel@lists.xenproject.org > Cc: Andrew Cooper ; Paul Durrant ; > Kevin Tian > > Subject: [PATCH v4] IOMMU: make DMA containment of quarantined devices > optional > > C

Re: [PATCH v4] IOMMU: make DMA containment of quarantined devices optional

2020-11-30 Thread Jan Beulich
On 30.11.2020 09:05, Tian, Kevin wrote: >> From: Jan Beulich >> Sent: Monday, November 30, 2020 3:35 PM >> >> On 30.11.2020 07:13, Tian, Kevin wrote: From: Jan Beulich Sent: Saturday, November 28, 2020 12:46 AM @@ -1316,11 +1316,32 @@ boolean (e.g. `iommu=no`) can override t >

RE: [PATCH v4] IOMMU: make DMA containment of quarantined devices optional

2020-11-30 Thread Tian, Kevin
> From: Jan Beulich > Sent: Monday, November 30, 2020 3:35 PM > > On 30.11.2020 07:13, Tian, Kevin wrote: > >> From: Jan Beulich > >> Sent: Saturday, November 28, 2020 12:46 AM > >> > >> @@ -1316,11 +1316,32 @@ boolean (e.g. `iommu=no`) can override t > >> will prevent Xen from booting if I

Re: [PATCH v4] IOMMU: make DMA containment of quarantined devices optional

2020-11-29 Thread Jan Beulich
On 30.11.2020 07:13, Tian, Kevin wrote: >> From: Jan Beulich >> Sent: Saturday, November 28, 2020 12:46 AM >> >> @@ -1316,11 +1316,32 @@ boolean (e.g. `iommu=no`) can override t >> will prevent Xen from booting if IOMMUs aren't discovered and enabled >> successfully. >> >> -* The `quar

RE: [PATCH v4] IOMMU: make DMA containment of quarantined devices optional

2020-11-29 Thread Tian, Kevin
> From: Jan Beulich > Sent: Saturday, November 28, 2020 12:46 AM > > Containing still in flight DMA was introduced to work around certain > devices / systems hanging hard upon hitting a "not-present" IOMMU fault. > Passing through (such) devices (on such systems) is inherently insecure > (as gues

[PATCH v4] IOMMU: make DMA containment of quarantined devices optional

2020-11-27 Thread Jan Beulich
Containing still in flight DMA was introduced to work around certain devices / systems hanging hard upon hitting a "not-present" IOMMU fault. Passing through (such) devices (on such systems) is inherently insecure (as guests could easily arrange for IOMMU faults of any kind to occur). Defaulting to