Cui, Dexuan
2009-Aug-19 02:26 UTC
[Xen-devel] [PATCH] xend: passthrough: check if a device is behind PCIe switch that lacks ACS
Imagine a PCIe switch, which doesn't support ACS (Access Control Services), has 2 downstream ports: A and B, according to PCIe spec, the PCIe switch should directly route the transaction that is from A and to a device under B -- the Root Complex and IOMMU engine are bypassed -- this doesn't work at all in the case of hvm guest and can even incur potential security issue, so we should not allow such kind of device assignment. If all the intermediate PCIe swiches between a device and Root Complex support and enable ACS, we can safely asssign the device to guest. Allen Kay will enable ACS later. Thanks, -- Dexuan _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
Kay, Allen M
2009-Aug-19 19:00 UTC
[Xen-devel] RE: [PATCH] xend: passthrough: check if a device is behind PCIe switch that lacks ACS
Attached patch fixes following xend error caused by the ACS patch. Signed-off-by: Allen Kay <allen.m.kay@intel.com> ========== xend start Traceback (most recent call last): File "/usr/sbin/xend", line 36, in <module> from xen.xend.server import SrvDaemon File "usr/lib64/python2.5/site-packages/xen/xend/server/SrvDaemon.py", line 26, in <module> File "usr/lib64/python2.5/site-packages/xen/xend/server/relocate.py", line 28, in <module> File "usr/lib64/python2.5/site-packages/xen/xend/XendDomain.py", line 35, in <module> File "usr/lib64/python2.5/site-packages/xen/xend/XendCheckpoint.py", line 23, in <module> File "usr/lib64/python2.5/site-packages/xen/xend/XendConfig.py", line 28, in <module> File "usr/lib64/python2.5/site-packages/xen/xend/XendPPCI.py", line 23, in <module> File "/usr/lib64/python2.5/site-packages/xen/util/pci.py", line 1006 PCI_EXT_CAP_ACS_ENABLED ^ SyntaxError: invalid syntax -----Original Message----- From: Cui, Dexuan Sent: Tuesday, August 18, 2009 7:27 PM To: Keir Fraser; xen-devel@lists.xensource.com Cc: Kay, Allen M Subject: [PATCH] xend: passthrough: check if a device is behind PCIe switch that lacks ACS Imagine a PCIe switch, which doesn''t support ACS (Access Control Services), has 2 downstream ports: A and B, according to PCIe spec, the PCIe switch should directly route the transaction that is from A and to a device under B -- the Root Complex and IOMMU engine are bypassed -- this doesn''t work at all in the case of hvm guest and can even incur potential security issue, so we should not allow such kind of device assignment. If all the intermediate PCIe swiches between a device and Root Complex support and enable ACS, we can safely asssign the device to guest. Allen Kay will enable ACS later. Thanks, -- Dexuan _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
Cui, Dexuan
2009-Aug-20 01:31 UTC
[Xen-devel] RE: [PATCH] xend: passthrough: check if a device is behind PCIe switch that lacks ACS
Oh, sorry, I missed a colon... Please check in Allen''s fix for that. Thanks, -- Dexuan -----Original Message----- From: Kay, Allen M Sent: 2009?8?20? 3:01 To: Cui, Dexuan; Keir Fraser; xen-devel@lists.xensource.com Subject: RE: [PATCH] xend: passthrough: check if a device is behind PCIe switch that lacks ACS Attached patch fixes following xend error caused by the ACS patch. Signed-off-by: Allen Kay <allen.m.kay@intel.com> ========== xend start Traceback (most recent call last): File "/usr/sbin/xend", line 36, in <module> from xen.xend.server import SrvDaemon File "usr/lib64/python2.5/site-packages/xen/xend/server/SrvDaemon.py", line 26, in <module> File "usr/lib64/python2.5/site-packages/xen/xend/server/relocate.py", line 28, in <module> File "usr/lib64/python2.5/site-packages/xen/xend/XendDomain.py", line 35, in <module> File "usr/lib64/python2.5/site-packages/xen/xend/XendCheckpoint.py", line 23, in <module> File "usr/lib64/python2.5/site-packages/xen/xend/XendConfig.py", line 28, in <module> File "usr/lib64/python2.5/site-packages/xen/xend/XendPPCI.py", line 23, in <module> File "/usr/lib64/python2.5/site-packages/xen/util/pci.py", line 1006 PCI_EXT_CAP_ACS_ENABLED ^ SyntaxError: invalid syntax -----Original Message----- From: Cui, Dexuan Sent: Tuesday, August 18, 2009 7:27 PM To: Keir Fraser; xen-devel@lists.xensource.com Cc: Kay, Allen M Subject: [PATCH] xend: passthrough: check if a device is behind PCIe switch that lacks ACS Imagine a PCIe switch, which doesn''t support ACS (Access Control Services), has 2 downstream ports: A and B, according to PCIe spec, the PCIe switch should directly route the transaction that is from A and to a device under B -- the Root Complex and IOMMU engine are bypassed -- this doesn''t work at all in the case of hvm guest and can even incur potential security issue, so we should not allow such kind of device assignment. If all the intermediate PCIe swiches between a device and Root Complex support and enable ACS, we can safely asssign the device to guest. Allen Kay will enable ACS later. Thanks, -- Dexuan _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel