On 18/02/2019 16:21, Igor Druzhinin wrote: > It's unsafe to disable IOMMU on a live system which is the case > if we're crashing since remapping hardware doesn't usually know what > to do with ongoing bus transactions and frequently raises NMI/MCE/SMI, > etc. (depends on the firmware configuration) to signal these abnormalities. > This, in turn, doesn't play well with kexec transition process as there is > no any handling available at the moment for this kind of events resulting > in failures to enter the kernel. > > Modern Linux kernels taught to copy all the necessary DMAR/IR tables > following kexec from the previous kernel (Xen in our case) - so it's > currently normal to keep IOMMU enabled. It would only require to change > crash kernel command line by enabling IOMMU drivers from the existing users. > > An option is left for compatibility with ancient crash kernels which > didn't like to have IOMMU active under their feet on boot. > > Signed-off-by: Igor Druzhinin <igor.druzhi...@citrix.com>
To provide a bit of extra background, it turns out that in hindsight, turning off the IOMMU in a crash usually makes things worse rather than better. In particular, any guest with a PCI device which happens to allocate a DMA buffer in GFN space which matches the crash region in MFN space will end up corrupting the crash kernel when DMA remapping gets turned off. Being able to boot with an IOMMU already active is becoming common, not least because of the ongoing efforts to enforce pre-DXE DMA protection to protect against cold-boot DMA rootkits. ~Andrew _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel
