Mailinglist Archive: opensuse-virtual (14 mails)

< Previous Next >
Re: [opensuse-virtual] correct IOMMU setup for AMD processor & xen pci passthrough?
  • From: PGNet Dev <pgnet.dev+osvm@xxxxxxxxx>
  • Date: Thu, 13 Aug 2009 15:24:48 -0700
  • Message-id: <94f2e81e0908131524g24ce8b2enfa07b886b88290f0@xxxxxxxxxxxxxx>
hi jason,

On Thu, Aug 13, 2009 at 1:16 PM, Jason Douglas<jdouglas@xxxxxxxxxx> wrote:
I'm pretty sure (85%) that iommu is off by default in xen 3.4, but even it
for some reason it's not, it would be a xen hypervisor option rather than a
kernel option that controls it.  In order to enable it in xen 3.3, for
example, you need to pass iommu=1 on the hypervisor line, otherwise it is off.


your comment abt hypervisor-not-kernel-line caught me off guard, as reading @,

http://www.kernel.org/doc/Documentation/x86/x86_64/boot-options.txt

those are certainly _kernel_ options.

digging, i found this,

"The Xen Hypervisor and its IO Subsystem"
www.mulix.org/lectures/xen-iommu/xen-io.pdf

& now understand that there's a _slew_ of IOMMU approaches, varying by
arch and kernel flavor.

given that i've an AMD cpu, reading @,

"IOMMU"
http://forums.amd.com/devblog/blogpost.cfm?threadid=99513&catid=317

"IOMMU for XEN"
http://forums.amd.com/devblog/blogpost.cfm?threadid=104671&catid=317

"AMD I/O Virtualization Technology (IOMMU) Specification"

http://www.amd.com/us-en/assets/content_type/white_papers_and_tech_docs/34434.pdf

i note, finally,

"At the moment of writing, domain level device isolation is the case
most interesting for the XEN community. As explained above, this means
IOMMU support in hypervisor only while leaving the guest kernel
untouched."

aha. iiuc, them "correct" config, in xen use, is (?),

grub hypervisor --> ... iommu=1 ...
grub kernel --> ... iommu=off ...

with that config, @ Dom0

dmesg | egrep -i "back|mmu"
Command line: root=LABEL=DOM0_ROOT resume=LABEL=DOM0_SWAP
showopts
splash=silent vga=0x31a console=tty0 console=xvc0,57600 elevator=cfq
reassigndev=0000:04:07.0 iommu=off
Kernel command line: root=LABEL=DOM0_ROOT resume=LABEL=DOM0_SWAP
showopts splash=silent vga=0x31a console=tty0 console=xvc0,57600
elevator=cfq reassigndev=0000:04:07.0 iommu=off
pciback 0000:04:07.0: seizing device
pciback 0000:04:07.0: enabling device (019d -> 019f)
pciback 0000:04:07.0: PCI INT A -> GSI 21 (level, low) -> IRQ 21
pciback 0000:04:07.0: PCI INT A disabled

and,

xm dmesg | egrep -i "back|mmu"
(XEN) Command line: dom0_mem=768M loglvl=all loglvl_guest=all
vga=gfx-1280x1024x32 console=vga,com1 com1=57600,8n1
cpufreq=xen:performance cpuidle iommu=1

also, @ DomU,

lspci
00:00.0 RAID bus controller: Silicon Image, Inc. SiI 3124 PCI-X
Serial ATA Controller (rev 02)

and no apparent errors anywhere, which is good. still the results all
look similar to the output before. and, tbh, i haven't found a stmt of
what the _default_ states are of iommu @ kernel-xen & hypervisor.
varying options can, of course, tell me that ...

that said, the goal here, of course, is full per-domain DMA
protection/isolation.

any hints as to how one *verifies* functional DMA isolation between
DomUs, given apparently working (?) iommu-in-Xen?

richard
--
To unsubscribe, e-mail: opensuse-virtual+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-virtual+help@xxxxxxxxxxxx

< Previous Next >