On Wed, Nov 14, 2018 at 12:33:46PM +0000, Andrew Cooper wrote: > On 14/11/2018 11:57, Roger Pau Monne wrote: > > AMD IOMMU devices are exposed on the PCI bus, and thus are assigned by > > default to the hardware domain. This can cause issues because the > > IOMMU devices are not behind an IOMMU, and conceptually it's also wrong > > to give the hardware domain ownership of those devices since they are > > in use by Xen. > > > > Fix this by assigning the PCI IOMMU devices to Xen. > > > > Signed-off-by: Roger Pau Monné <roger....@citrix.com> > > This is unfortunately a symptom of much more basic bug in Xen. > > Particularly on recent server parts, there are many PCI devices which > represent processor internals and aren't safe to give even to dom0. > > There should be a whitelist of devices we consider safe, not a blacklist > of those we know to be unsafe. > > Most of this can be class based, and perhaps we can default-allow all > devices which are slots in a root port, but I am -1 to this patch > because it is fixing a symptom, not the problem.
While the whitelisting sounds fine to me, I still think we need this patch anyway. If we look at the IOMMU specific case, the device class should be 8 (system peripheral) and subclass 6 (IOMMU), but it's quite likely there are IOMMU devices with class 8 and subclass 0x80 (generic peripheral). In the above case we know for sure the sbdf of the IOMMU devices, so I think it doesn't hurt to assign them to Xen straight away, regardless of whether we end up doing a whitelisting before assigning devices to the hardware domain. Thanks, Roger. _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel
