On 19/02/2019 07:43, Jan Beulich wrote: > >>> An option is left for compatibility with ancient crash kernels which >>> didn't like to have IOMMU active under their feet on boot. >>> >>> Signed-off-by: Igor Druzhinin <igor.druzhi...@citrix.com> >> To provide a bit of extra background, it turns out that in hindsight, >> turning off the IOMMU in a crash usually makes things worse rather than >> better. > For an unknown definition of "usually". Corrupted (IOMMU) page > tables are not really an impossible crash reason.
And? Why is this relevant in context? > >> In particular, any guest with a PCI device which happens to allocate a >> DMA buffer in GFN space which matches the crash region in MFN space will >> end up corrupting the crash kernel when DMA remapping gets turned off. > Indeed, but that's only PVH Dom0 (unsupported as of yet) or PV > Dom0 using PV IOMMU functionality (not even in tree as of yet). It is every single HVM guest with a PCI device. The kexec/crash path is very broken already in Xen as soon as any kind of PCI Passthrough is in use. >> Being able to boot with an IOMMU already active is becoming common, not >> least because of the ongoing efforts to enforce pre-DXE DMA protection >> to protect against cold-boot DMA rootkits. > What about the interrupt remapping part of the IOMMU functionality? What about it? It is a necessary part of protection against rogue devices. ~Andrew _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel
