Ross Philipson
2009-Feb-23 20:00 UTC
[Xen-devel] [PATCH] Included reserved memory regions in dom0 iommu mappings
This adds a boolean boot parameter to xen to allow reserved memory regions to be added to the iommu mappings for dom0. The parameter is "iommu_include_reserved" and is off by default. A warning is also traced when incorrect RMRR to system memory map values are detected. This is being added to address some incorrect BIOS''s that do not report correctly the requied reserved memory ranges in the RMRRs. When this occurs it currently can cause early boot hangs and crashes. Signed-off-by: Ross Philipson <ross.philipson@citrix.com> Based on changeset 19238 Thanks Ross Ross Philipson Senior Software Engineer Citrix Systems, Inc 14 Crosby Drive Bedford, MA 01730 781-301-7949 ross.philipson@citrix.com<mailto:ross.philipson@citrix.com> _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
Cui, Dexuan
2009-Feb-26 09:20 UTC
RE: [Xen-devel] [PATCH] Included reserved memory regions in dom0 iommu mappings
The patch is useful when BIOS doesn’t report RMRR correctly; however the patch may not help in some situations. E.g., to work around a buggy BIOS, we may have to map such an E820 entry (XEN) 00000000cff0b000 - 00000000d0000000 (reserved). But if we use a xen parameter "mem=512m", or, if the host only has 512m memory, the variable 'max_page" is 512m/PAGE_SIZE, so even with the patch, the E820 entry would not be mapped, and Xen would still hang. -- Dexuan ________________________________________ From: xen-devel-bounces@lists.xensource.com [mailto:xen-devel-bounces@lists.xensource.com] On Behalf Of Ross Philipson Sent: 2009年2月24日 4:01 To: xen-devel@lists.xensource.com Subject: [Xen-devel] [PATCH] Included reserved memory regions in dom0 iommu mappings This adds a boolean boot parameter to xen to allow reserved memory regions to be added to the iommu mappings for dom0. The parameter is "iommu_include_reserved" and is off by default. A warning is also traced when incorrect RMRR to system memory map values are detected. This is being added to address some incorrect BIOS's that do not report correctly the requied reserved memory ranges in the RMRRs. When this occurs it currently can cause early boot hangs and crashes. Signed-off-by: Ross Philipson <ross.philipson@citrix.com> Based on changeset 19238 Thanks Ross Ross Philipson Senior Software Engineer Citrix Systems, Inc 14 Crosby Drive Bedford, MA 01730 781-301-7949 ross.philipson@citrix.com _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
Ross Philipson
2009-Feb-26 14:05 UTC
RE: [Xen-devel] [PATCH] Included reserved memory regions in dom0 iommu mappings
Agreed. Bear in mind it is a workaround just for some cases we have seen. But yes if there are reserved ranges beyond the highest E820_RAM type in the memory map then they would still be excluded. The workaround could be extended to add these but I guess where does the working around end. For example I got an email yesterday from someone who has a really broken BIOS where the RMRR end addresses are higher than the start addresses. The patch can''t help here either. Thanks Ross -----Original Message----- From: Cui, Dexuan [mailto:dexuan.cui@intel.com] Sent: Thursday, February 26, 2009 4:20 AM To: Ross Philipson; xen-devel@lists.xensource.com Subject: RE: [Xen-devel] [PATCH] Included reserved memory regions in dom0 iommu mappings The patch is useful when BIOS doesn’t report RMRR correctly; however the patch may not help in some situations. E.g., to work around a buggy BIOS, we may have to map such an E820 entry (XEN) 00000000cff0b000 - 00000000d0000000 (reserved). But if we use a xen parameter "mem=512m", or, if the host only has 512m memory, the variable ''max_page" is 512m/PAGE_SIZE, so even with the patch, the E820 entry would not be mapped, and Xen would still hang. -- Dexuan ________________________________________ From: xen-devel-bounces@lists.xensource.com [mailto:xen-devel-bounces@lists.xensource.com] On Behalf Of Ross Philipson Sent: 2009年2月24日 4:01 To: xen-devel@lists.xensource.com Subject: [Xen-devel] [PATCH] Included reserved memory regions in dom0 iommu mappings This adds a boolean boot parameter to xen to allow reserved memory regions to be added to the iommu mappings for dom0. The parameter is "iommu_include_reserved" and is off by default. A warning is also traced when incorrect RMRR to system memory map values are detected. This is being added to address some incorrect BIOS''s that do not report correctly the requied reserved memory ranges in the RMRRs. When this occurs it currently can cause early boot hangs and crashes. Signed-off-by: Ross Philipson <ross.philipson@citrix.com> Based on changeset 19238 Thanks Ross Ross Philipson Senior Software Engineer Citrix Systems, Inc 14 Crosby Drive Bedford, MA 01730 781-301-7949 ross.philipson@citrix.com _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
Keir Fraser
2009-Feb-26 15:30 UTC
Re: [Xen-devel] [PATCH] Included reserved memory regions in dom0 iommu mappings
I''m not keen on Ross''s patch anyway. I think if you have such a broken system, the cmdline option should simply identity-map everything below 4GB, unconditionally. Easy. -- Keir On 26/02/2009 09:20, "Cui, Dexuan" <dexuan.cui@intel.com> wrote:> The patch is useful when BIOS doesn’t report RMRR correctly; however the patch > may not help in some situations. > E.g., to work around a buggy BIOS, we may have to map such an E820 entry > (XEN) 00000000cff0b000 - 00000000d0000000 (reserved). > But if we use a xen parameter "mem=512m", or, if the host only has 512m > memory, the variable ''max_page" is 512m/PAGE_SIZE, so even with the patch, the > E820 entry would not be mapped, and Xen would still hang. > > -- Dexuan > > ________________________________________ > From: xen-devel-bounces@lists.xensource.com > [mailto:xen-devel-bounces@lists.xensource.com] On Behalf Of Ross Philipson > Sent: 2009年2月24日 4:01 > To: xen-devel@lists.xensource.com > Subject: [Xen-devel] [PATCH] Included reserved memory regions in dom0 iommu > mappings > > This adds a boolean boot parameter to xen to allow reserved memory > regions to be added to the iommu mappings for dom0. The parameter > is "iommu_include_reserved" and is off by default. A warning is > also traced when incorrect RMRR to system memory map values are > detected. This is being added to address some incorrect BIOS''s that > do not report correctly the requied reserved memory ranges in > the RMRRs. When this occurs it currently can cause early boot hangs > and crashes. > > Signed-off-by: Ross Philipson <ross.philipson@citrix.com> > > Based on changeset 19238 > > Thanks > Ross > > > Ross Philipson > Senior Software Engineer > Citrix Systems, Inc > 14 Crosby Drive > Bedford, MA 01730 > 781-301-7949 > ross.philipson@citrix.com >_______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
Ross Philipson
2009-Feb-26 15:38 UTC
RE: [Xen-devel] [PATCH] Included reserved memory regions in dom0 iommu mappings
There are some regions that I think would really need to be excluded that are related to TXT and tboot too though. The current tboot code puts these in the e820 as unusable as apposed to reserved. What if we mapped in all 4GB with the exception of unusable ranges and where xen is? Thanks Ross -----Original Message----- From: Keir Fraser Sent: Thursday, February 26, 2009 10:30 AM To: Cui, Dexuan; Ross Philipson; xen-devel@lists.xensource.com Subject: Re: [Xen-devel] [PATCH] Included reserved memory regions in dom0 iommu mappings I''m not keen on Ross''s patch anyway. I think if you have such a broken system, the cmdline option should simply identity-map everything below 4GB, unconditionally. Easy. -- Keir On 26/02/2009 09:20, "Cui, Dexuan" <dexuan.cui@intel.com> wrote:> The patch is useful when BIOS doesn’t report RMRR correctly; however the patch > may not help in some situations. > E.g., to work around a buggy BIOS, we may have to map such an E820 entry > (XEN) 00000000cff0b000 - 00000000d0000000 (reserved). > But if we use a xen parameter "mem=512m", or, if the host only has 512m > memory, the variable ''max_page" is 512m/PAGE_SIZE, so even with the patch, the > E820 entry would not be mapped, and Xen would still hang. > > -- Dexuan > > ________________________________________ > From: xen-devel-bounces@lists.xensource.com > [mailto:xen-devel-bounces@lists.xensource.com] On Behalf Of Ross Philipson > Sent: 2009年2月24日 4:01 > To: xen-devel@lists.xensource.com > Subject: [Xen-devel] [PATCH] Included reserved memory regions in dom0 iommu > mappings > > This adds a boolean boot parameter to xen to allow reserved memory > regions to be added to the iommu mappings for dom0. The parameter > is "iommu_include_reserved" and is off by default. A warning is > also traced when incorrect RMRR to system memory map values are > detected. This is being added to address some incorrect BIOS''s that > do not report correctly the requied reserved memory ranges in > the RMRRs. When this occurs it currently can cause early boot hangs > and crashes. > > Signed-off-by: Ross Philipson <ross.philipson@citrix.com> > > Based on changeset 19238 > > Thanks > Ross > > > Ross Philipson > Senior Software Engineer > Citrix Systems, Inc > 14 Crosby Drive > Bedford, MA 01730 > 781-301-7949 > ross.philipson@citrix.com >_______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
Keir Fraser
2009-Feb-26 16:11 UTC
Re: [Xen-devel] [PATCH] Included reserved memory regions in dom0 iommu mappings
Yes, blacklist rather than whitelist, below 4G. Sounds good. -- Keir On 26/02/2009 15:38, "Ross Philipson" <Ross.Philipson@citrix.com> wrote:> There are some regions that I think would really need to be excluded that are > related to TXT and tboot too though. The current tboot code puts these in the > e820 as unusable as apposed to reserved. What if we mapped in all 4GB with the > exception of unusable ranges and where xen is? > > Thanks > Ross > > -----Original Message----- > From: Keir Fraser > Sent: Thursday, February 26, 2009 10:30 AM > To: Cui, Dexuan; Ross Philipson; xen-devel@lists.xensource.com > Subject: Re: [Xen-devel] [PATCH] Included reserved memory regions in dom0 > iommu mappings > > I''m not keen on Ross''s patch anyway. I think if you have such a broken > system, the cmdline option should simply identity-map everything below 4GB, > unconditionally. Easy. > > -- Keir > > On 26/02/2009 09:20, "Cui, Dexuan" <dexuan.cui@intel.com> wrote: > >> The patch is useful when BIOS doesn’t report RMRR correctly; however the >> patch >> may not help in some situations. >> E.g., to work around a buggy BIOS, we may have to map such an E820 entry >> (XEN) 00000000cff0b000 - 00000000d0000000 (reserved). >> But if we use a xen parameter "mem=512m", or, if the host only has 512m >> memory, the variable ''max_page" is 512m/PAGE_SIZE, so even with the patch, >> the >> E820 entry would not be mapped, and Xen would still hang. >> >> -- Dexuan >> >> ________________________________________ >> From: xen-devel-bounces@lists.xensource.com >> [mailto:xen-devel-bounces@lists.xensource.com] On Behalf Of Ross Philipson >> Sent: 2009年2月24日 4:01 >> To: xen-devel@lists.xensource.com >> Subject: [Xen-devel] [PATCH] Included reserved memory regions in dom0 iommu >> mappings >> >> This adds a boolean boot parameter to xen to allow reserved memory >> regions to be added to the iommu mappings for dom0. The parameter >> is "iommu_include_reserved" and is off by default. A warning is >> also traced when incorrect RMRR to system memory map values are >> detected. This is being added to address some incorrect BIOS''s that >> do not report correctly the requied reserved memory ranges in >> the RMRRs. When this occurs it currently can cause early boot hangs >> and crashes. >> >> Signed-off-by: Ross Philipson <ross.philipson@citrix.com> >> >> Based on changeset 19238 >> >> Thanks >> Ross >> >> >> Ross Philipson >> Senior Software Engineer >> Citrix Systems, Inc >> 14 Crosby Drive >> Bedford, MA 01730 >> 781-301-7949 >> ross.philipson@citrix.com >> > >_______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
Ross Philipson
2009-Feb-26 16:15 UTC
RE: [Xen-devel] [PATCH] Included reserved memory regions in dom0 iommu mappings
I will put together something like this then and resubmit. I would like Joe Cihula at Intel to comment and make sure I am not missing something that will impact tboot security. Thanks Ross -----Original Message----- From: Keir Fraser Sent: Thursday, February 26, 2009 11:12 AM To: Ross Philipson; Cui, Dexuan; xen-devel@lists.xensource.com Subject: Re: [Xen-devel] [PATCH] Included reserved memory regions in dom0 iommu mappings Yes, blacklist rather than whitelist, below 4G. Sounds good. -- Keir On 26/02/2009 15:38, "Ross Philipson" <Ross.Philipson@citrix.com> wrote:> There are some regions that I think would really need to be excluded that are > related to TXT and tboot too though. The current tboot code puts these in the > e820 as unusable as apposed to reserved. What if we mapped in all 4GB with the > exception of unusable ranges and where xen is? > > Thanks > Ross > > -----Original Message----- > From: Keir Fraser > Sent: Thursday, February 26, 2009 10:30 AM > To: Cui, Dexuan; Ross Philipson; xen-devel@lists.xensource.com > Subject: Re: [Xen-devel] [PATCH] Included reserved memory regions in dom0 > iommu mappings > > I''m not keen on Ross''s patch anyway. I think if you have such a broken > system, the cmdline option should simply identity-map everything below 4GB, > unconditionally. Easy. > > -- Keir > > On 26/02/2009 09:20, "Cui, Dexuan" <dexuan.cui@intel.com> wrote: > >> The patch is useful when BIOS doesn’t report RMRR correctly; however the >> patch >> may not help in some situations. >> E.g., to work around a buggy BIOS, we may have to map such an E820 entry >> (XEN) 00000000cff0b000 - 00000000d0000000 (reserved). >> But if we use a xen parameter "mem=512m", or, if the host only has 512m >> memory, the variable ''max_page" is 512m/PAGE_SIZE, so even with the patch, >> the >> E820 entry would not be mapped, and Xen would still hang. >> >> -- Dexuan >> >> ________________________________________ >> From: xen-devel-bounces@lists.xensource.com >> [mailto:xen-devel-bounces@lists.xensource.com] On Behalf Of Ross Philipson >> Sent: 2009年2月24日 4:01 >> To: xen-devel@lists.xensource.com >> Subject: [Xen-devel] [PATCH] Included reserved memory regions in dom0 iommu >> mappings >> >> This adds a boolean boot parameter to xen to allow reserved memory >> regions to be added to the iommu mappings for dom0. The parameter >> is "iommu_include_reserved" and is off by default. A warning is >> also traced when incorrect RMRR to system memory map values are >> detected. This is being added to address some incorrect BIOS''s that >> do not report correctly the requied reserved memory ranges in >> the RMRRs. When this occurs it currently can cause early boot hangs >> and crashes. >> >> Signed-off-by: Ross Philipson <ross.philipson@citrix.com> >> >> Based on changeset 19238 >> >> Thanks >> Ross >> >> >> Ross Philipson >> Senior Software Engineer >> Citrix Systems, Inc >> 14 Crosby Drive >> Bedford, MA 01730 >> 781-301-7949 >> ross.philipson@citrix.com >> > >_______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
Cihula, Joseph
2009-Feb-26 17:34 UTC
RE: [Xen-devel] [PATCH] Included reserved memory regions in dom0 iommu mappings
> From: xen-devel-bounces@lists.xensource.com [mailto:xen-devel-bounces@lists.xensource.com] On > Behalf Of Ross Philipson > > I will put together something like this then and resubmit. I would like Joe Cihula at Intel to > comment and make sure I am not missing something that will impact tboot security. > > Thanks > RossI don''t see a better way to solve this problem, so I''m OK with this as long as the Xen checks are left in. It will mostly be the same as Ross''s patch but including a larger memory region and also the ACPI and NV memory types. As long as E820_UNUSABLE is still excluded, that will cover tboot''s memory. Joe> > -----Original Message----- > From: Keir Fraser > Sent: Thursday, February 26, 2009 11:12 AM > To: Ross Philipson; Cui, Dexuan; xen-devel@lists.xensource.com > Subject: Re: [Xen-devel] [PATCH] Included reserved memory regions in dom0 iommu mappings > > Yes, blacklist rather than whitelist, below 4G. Sounds good. > > -- Keir > > On 26/02/2009 15:38, "Ross Philipson" <Ross.Philipson@citrix.com> wrote: > > > There are some regions that I think would really need to be excluded that are > > related to TXT and tboot too though. The current tboot code puts these in the > > e820 as unusable as apposed to reserved. What if we mapped in all 4GB with the > > exception of unusable ranges and where xen is? > > > > Thanks > > Ross > > > > -----Original Message----- > > From: Keir Fraser > > Sent: Thursday, February 26, 2009 10:30 AM > > To: Cui, Dexuan; Ross Philipson; xen-devel@lists.xensource.com > > Subject: Re: [Xen-devel] [PATCH] Included reserved memory regions in dom0 > > iommu mappings > > > > I''m not keen on Ross''s patch anyway. I think if you have such a broken > > system, the cmdline option should simply identity-map everything below 4GB, > > unconditionally. Easy. > > > > -- Keir > > > > On 26/02/2009 09:20, "Cui, Dexuan" <dexuan.cui@intel.com> wrote: > > > >> The patch is useful when BIOS doesn’t report RMRR correctly; however the > >> patch > >> may not help in some situations. > >> E.g., to work around a buggy BIOS, we may have to map such an E820 entry > >> (XEN) 00000000cff0b000 - 00000000d0000000 (reserved). > >> But if we use a xen parameter "mem=512m", or, if the host only has 512m > >> memory, the variable ''max_page" is 512m/PAGE_SIZE, so even with the patch, > >> the > >> E820 entry would not be mapped, and Xen would still hang. > >> > >> -- Dexuan > >> > >> ________________________________________ > >> From: xen-devel-bounces@lists.xensource.com > >> [mailto:xen-devel-bounces@lists.xensource.com] On Behalf Of Ross Philipson > >> Sent: 2009年2月24日 4:01 > >> To: xen-devel@lists.xensource.com > >> Subject: [Xen-devel] [PATCH] Included reserved memory regions in dom0 iommu > >> mappings > >> > >> This adds a boolean boot parameter to xen to allow reserved memory > >> regions to be added to the iommu mappings for dom0. The parameter > >> is "iommu_include_reserved" and is off by default. A warning is > >> also traced when incorrect RMRR to system memory map values are > >> detected. This is being added to address some incorrect BIOS''s that > >> do not report correctly the requied reserved memory ranges in > >> the RMRRs. When this occurs it currently can cause early boot hangs > >> and crashes. > >> > >> Signed-off-by: Ross Philipson <ross.philipson@citrix.com> > >> > >> Based on changeset 19238 > >> > >> Thanks > >> Ross > >> > >> > >> Ross Philipson > >> Senior Software Engineer > >> Citrix Systems, Inc > >> 14 Crosby Drive > >> Bedford, MA 01730 > >> 781-301-7949 > >> ross.philipson@citrix.com > >> > > > > > > > > _______________________________________________ > Xen-devel mailing list > Xen-devel@lists.xensource.com > http://lists.xensource.com/xen-devel_______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
Ross Philipson
2009-Feb-26 18:11 UTC
RE: [Xen-devel] [PATCH] Included reserved memory regions in dom0 iommu mappings
OK, I will remake the patch to include all memory under 4GB excluding xen and memory marked as unusable in sys memory map. I will make a new param to enable this - it will be off by default. Thaks Ross -----Original Message----- From: Cihula, Joseph [mailto:joseph.cihula@intel.com] Sent: Thursday, February 26, 2009 12:34 PM To: Ross Philipson; Keir Fraser; Cui, Dexuan; xen-devel@lists.xensource.com Subject: RE: [Xen-devel] [PATCH] Included reserved memory regions in dom0 iommu mappings> From: xen-devel-bounces@lists.xensource.com [mailto:xen-devel-bounces@lists.xensource.com] On > Behalf Of Ross Philipson > > I will put together something like this then and resubmit. I would like Joe Cihula at Intel to > comment and make sure I am not missing something that will impact tboot security. > > Thanks > RossI don''t see a better way to solve this problem, so I''m OK with this as long as the Xen checks are left in. It will mostly be the same as Ross''s patch but including a larger memory region and also the ACPI and NV memory types. As long as E820_UNUSABLE is still excluded, that will cover tboot''s memory. Joe> > -----Original Message----- > From: Keir Fraser > Sent: Thursday, February 26, 2009 11:12 AM > To: Ross Philipson; Cui, Dexuan; xen-devel@lists.xensource.com > Subject: Re: [Xen-devel] [PATCH] Included reserved memory regions in dom0 iommu mappings > > Yes, blacklist rather than whitelist, below 4G. Sounds good. > > -- Keir > > On 26/02/2009 15:38, "Ross Philipson" <Ross.Philipson@citrix.com> wrote: > > > There are some regions that I think would really need to be excluded that are > > related to TXT and tboot too though. The current tboot code puts these in the > > e820 as unusable as apposed to reserved. What if we mapped in all 4GB with the > > exception of unusable ranges and where xen is? > > > > Thanks > > Ross > > > > -----Original Message----- > > From: Keir Fraser > > Sent: Thursday, February 26, 2009 10:30 AM > > To: Cui, Dexuan; Ross Philipson; xen-devel@lists.xensource.com > > Subject: Re: [Xen-devel] [PATCH] Included reserved memory regions in dom0 > > iommu mappings > > > > I''m not keen on Ross''s patch anyway. I think if you have such a broken > > system, the cmdline option should simply identity-map everything below 4GB, > > unconditionally. Easy. > > > > -- Keir > > > > On 26/02/2009 09:20, "Cui, Dexuan" <dexuan.cui@intel.com> wrote: > > > >> The patch is useful when BIOS doesn’t report RMRR correctly; however the > >> patch > >> may not help in some situations. > >> E.g., to work around a buggy BIOS, we may have to map such an E820 entry > >> (XEN) 00000000cff0b000 - 00000000d0000000 (reserved). > >> But if we use a xen parameter "mem=512m", or, if the host only has 512m > >> memory, the variable ''max_page" is 512m/PAGE_SIZE, so even with the patch, > >> the > >> E820 entry would not be mapped, and Xen would still hang. > >> > >> -- Dexuan > >> > >> ________________________________________ > >> From: xen-devel-bounces@lists.xensource.com > >> [mailto:xen-devel-bounces@lists.xensource.com] On Behalf Of Ross Philipson > >> Sent: 2009年2月24日 4:01 > >> To: xen-devel@lists.xensource.com > >> Subject: [Xen-devel] [PATCH] Included reserved memory regions in dom0 iommu > >> mappings > >> > >> This adds a boolean boot parameter to xen to allow reserved memory > >> regions to be added to the iommu mappings for dom0. The parameter > >> is "iommu_include_reserved" and is off by default. A warning is > >> also traced when incorrect RMRR to system memory map values are > >> detected. This is being added to address some incorrect BIOS''s that > >> do not report correctly the requied reserved memory ranges in > >> the RMRRs. When this occurs it currently can cause early boot hangs > >> and crashes. > >> > >> Signed-off-by: Ross Philipson <ross.philipson@citrix.com> > >> > >> Based on changeset 19238 > >> > >> Thanks > >> Ross > >> > >> > >> Ross Philipson > >> Senior Software Engineer > >> Citrix Systems, Inc > >> 14 Crosby Drive > >> Bedford, MA 01730 > >> 781-301-7949 > >> ross.philipson@citrix.com > >> > > > > > > > > _______________________________________________ > Xen-devel mailing list > Xen-devel@lists.xensource.com > http://lists.xensource.com/xen-devel_______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel