[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20181112195121.GC5367@araj-mobl1.jf.intel.com>
Date: Mon, 12 Nov 2018 11:51:21 -0800
From: "Raj, Ashok" <ashok.raj@...el.com>
To: Alex Williamson <alex.williamson@...hat.com>
Cc: Mika Westerberg <mika.westerberg@...ux.intel.com>,
iommu@...ts.linux-foundation.org, Mario.Limonciello@...l.com,
Michael Jamet <michael.jamet@...el.com>,
Christian Kellner <ckellner@...hat.com>,
"Rafael J. Wysocki" <rjw@...ysocki.net>,
Yehezkel Bernat <YehezkelShB@...il.com>,
Anthony Wong <anthony.wong@...onical.com>,
Andreas Noever <andreas.noever@...il.com>,
Lukas Wunner <lukas@...ner.de>,
Jacob jun Pan <jacob.jun.pan@...el.com>,
linux-pci@...r.kernel.org, Bjorn Helgaas <bhelgaas@...gle.com>,
linux-acpi@...r.kernel.org, David Woodhouse <dwmw2@...radead.org>,
linux-kernel@...r.kernel.org, Ashok Raj <ashok.raj@...el.com>
Subject: Re: [PATCH 2/4] iommu/vt-d: Force IOMMU on for platform opt in hint
On Mon, Nov 12, 2018 at 11:09:00AM -0700, Alex Williamson wrote:
> On Mon, 12 Nov 2018 19:06:26 +0300
> Mika Westerberg <mika.westerberg@...ux.intel.com> wrote:
>
> > From: Lu Baolu <baolu.lu@...ux.intel.com>
> >
> > Intel VT-d spec added a new DMA_CTRL_PLATFORM_OPT_IN_FLAG flag
> > in DMAR ACPI table for BIOS to report compliance about platform
> > initiated DMA restricted to RMRR ranges when transferring control
> > to the OS. The OS treats this as a hint that the IOMMU should be
> > enabled to prevent DMA attacks from possible malicious devices.
>
> Does this in any way suggest that there are additional recommended uses
> cases from Intel for RMRRs? My concern here is the incompatibility we
> have with RMRRs and device assignment as we currently cannot assign
> devices where the IOVA address space is encumbered by RMRR
> requirements. Unfortunately RMRRs do not indicate any sort or
> lifespan, so firmware enabling an RMRR simply to support some boot-time
> DMA encumbers the device with that RMRR for the life of that boot,
> unless we have VT-d code that decides it knows better. Thanks,
IMO any new platform that requires RMRR should be a bug. It was designed
originally for some legacy keyboard emulation etc.
The best behavior is to continue to not allow devices with RMRR be direct assigned.
Technically ignoring RMRR's and continuing to assign those devices is risky.
The problem is IF BIOS/SMM initiates some IO in the RMRR range and it happens to be
mapped by the direct assigned GPA its going to be ugly failure.
Powered by blists - more mailing lists