Cui, Dexuan
2009-Aug-19 02:26 UTC
[Xen-devel] [PATCH] xend: passthrough: check if a device is behind PCIe switch that lacks ACS
Imagine a PCIe switch, which doesn't support ACS (Access Control Services), has 2 downstream ports: A and B, according to PCIe spec, the PCIe switch should directly route the transaction that is from A and to a device under B -- the Root Complex and IOMMU engine are bypassed -- this doesn't work at all in the case of hvm guest and can even incur potential security issue, so we should not allow such kind of device assignment. If all the intermediate PCIe swiches between a device and Root Complex support and enable ACS, we can safely asssign the device to guest. Allen Kay will enable ACS later. Thanks, -- Dexuan _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
Kay, Allen M
2009-Aug-19 19:00 UTC
[Xen-devel] RE: [PATCH] xend: passthrough: check if a device is behind PCIe switch that lacks ACS
Attached patch fixes following xend error caused by the ACS patch.
Signed-off-by: Allen Kay <allen.m.kay@intel.com>
==========
xend start
Traceback (most recent call last):
File "/usr/sbin/xend", line 36, in <module>
from xen.xend.server import SrvDaemon
File
"usr/lib64/python2.5/site-packages/xen/xend/server/SrvDaemon.py", line
26, in <module>
File
"usr/lib64/python2.5/site-packages/xen/xend/server/relocate.py", line
28, in <module>
File "usr/lib64/python2.5/site-packages/xen/xend/XendDomain.py",
line 35, in <module>
File "usr/lib64/python2.5/site-packages/xen/xend/XendCheckpoint.py",
line 23, in <module>
File "usr/lib64/python2.5/site-packages/xen/xend/XendConfig.py",
line 28, in <module>
File "usr/lib64/python2.5/site-packages/xen/xend/XendPPCI.py", line
23, in <module>
File "/usr/lib64/python2.5/site-packages/xen/util/pci.py", line 1006
PCI_EXT_CAP_ACS_ENABLED
^
SyntaxError: invalid syntax
-----Original Message-----
From: Cui, Dexuan
Sent: Tuesday, August 18, 2009 7:27 PM
To: Keir Fraser; xen-devel@lists.xensource.com
Cc: Kay, Allen M
Subject: [PATCH] xend: passthrough: check if a device is behind PCIe switch that
lacks ACS
Imagine a PCIe switch, which doesn''t support ACS (Access Control
Services),
has 2 downstream ports: A and B, according to PCIe spec, the PCIe switch
should directly route the transaction that is from A and to a device under
B -- the Root Complex and IOMMU engine are bypassed -- this doesn''t
work at
all in the case of hvm guest and can even incur potential security issue, so
we should not allow such kind of device assignment.
If all the intermediate PCIe swiches between a device and Root Complex support
and enable ACS, we can safely asssign the device to guest.
Allen Kay will enable ACS later.
Thanks,
-- Dexuan
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel
Cui, Dexuan
2009-Aug-20 01:31 UTC
[Xen-devel] RE: [PATCH] xend: passthrough: check if a device is behind PCIe switch that lacks ACS
Oh, sorry, I missed a colon...
Please check in Allen''s fix for that.
Thanks,
-- Dexuan
-----Original Message-----
From: Kay, Allen M
Sent: 2009?8?20? 3:01
To: Cui, Dexuan; Keir Fraser; xen-devel@lists.xensource.com
Subject: RE: [PATCH] xend: passthrough: check if a device is behind PCIe switch
that lacks ACS
Attached patch fixes following xend error caused by the ACS patch.
Signed-off-by: Allen Kay <allen.m.kay@intel.com>
==========
xend start
Traceback (most recent call last):
File "/usr/sbin/xend", line 36, in <module>
from xen.xend.server import SrvDaemon
File
"usr/lib64/python2.5/site-packages/xen/xend/server/SrvDaemon.py", line
26, in <module>
File
"usr/lib64/python2.5/site-packages/xen/xend/server/relocate.py", line
28, in <module>
File "usr/lib64/python2.5/site-packages/xen/xend/XendDomain.py",
line 35, in <module>
File "usr/lib64/python2.5/site-packages/xen/xend/XendCheckpoint.py",
line 23, in <module>
File "usr/lib64/python2.5/site-packages/xen/xend/XendConfig.py",
line 28, in <module>
File "usr/lib64/python2.5/site-packages/xen/xend/XendPPCI.py", line
23, in <module>
File "/usr/lib64/python2.5/site-packages/xen/util/pci.py", line 1006
PCI_EXT_CAP_ACS_ENABLED
^
SyntaxError: invalid syntax
-----Original Message-----
From: Cui, Dexuan
Sent: Tuesday, August 18, 2009 7:27 PM
To: Keir Fraser; xen-devel@lists.xensource.com
Cc: Kay, Allen M
Subject: [PATCH] xend: passthrough: check if a device is behind PCIe switch that
lacks ACS
Imagine a PCIe switch, which doesn''t support ACS (Access Control
Services),
has 2 downstream ports: A and B, according to PCIe spec, the PCIe switch
should directly route the transaction that is from A and to a device under
B -- the Root Complex and IOMMU engine are bypassed -- this doesn''t
work at
all in the case of hvm guest and can even incur potential security issue, so
we should not allow such kind of device assignment.
If all the intermediate PCIe swiches between a device and Root Complex support
and enable ACS, we can safely asssign the device to guest.
Allen Kay will enable ACS later.
Thanks,
-- Dexuan
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel