| Message ID | 20220217140923.22485-1-roger.pau@citrix.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | [v3] tools/libxl: don't allow IOMMU usage with PoD | expand |
On 17.02.2022 15:09, Roger Pau Monne wrote: > Prevent libxl from creating guests that attempts to use PoD together > with an IOMMU, even if no devices are actually assigned. > > While the hypervisor could support using PoD together with an IOMMU as > long as no devices are assigned, such usage seems doubtful. There's no > guarantee the guest has PoD no longer be active, and thus a later > assignment of a PCI device to such domain could fail. > > Preventing the usage of PoD together with an IOMMU at guest creation > avoids having to add checks for active PoD entries in the device > assignment paths. > > Signed-off-by: Roger Pau Monné <roger.pau@citrix.com> > Reviewed-by: Anthony PERARD <anthony.perard@citrix.com> I'm inclined to queue this for the stable trees. Thoughts? Jan
On Fri, Feb 18, 2022 at 09:06:35AM +0100, Jan Beulich wrote: > On 17.02.2022 15:09, Roger Pau Monne wrote: > > Prevent libxl from creating guests that attempts to use PoD together > > with an IOMMU, even if no devices are actually assigned. > > > > While the hypervisor could support using PoD together with an IOMMU as > > long as no devices are assigned, such usage seems doubtful. There's no > > guarantee the guest has PoD no longer be active, and thus a later > > assignment of a PCI device to such domain could fail. > > > > Preventing the usage of PoD together with an IOMMU at guest creation > > avoids having to add checks for active PoD entries in the device > > assignment paths. > > > > Signed-off-by: Roger Pau Monné <roger.pau@citrix.com> > > Reviewed-by: Anthony PERARD <anthony.perard@citrix.com> > > I'm inclined to queue this for the stable trees. Thoughts? Yes, I think that sound good. Thanks,
diff --git a/tools/libs/light/libxl_create.c b/tools/libs/light/libxl_create.c index d7a40d7550..15ed021f41 100644 --- a/tools/libs/light/libxl_create.c +++ b/tools/libs/light/libxl_create.c @@ -1160,17 +1160,17 @@ int libxl__domain_config_setdefault(libxl__gc *gc, pod_enabled = (d_config->c_info.type != LIBXL_DOMAIN_TYPE_PV) && (d_config->b_info.target_memkb < d_config->b_info.max_memkb); - /* We cannot have PoD and PCI device assignment at the same time - * for HVM guest. It was reported that IOMMU cannot work with PoD - * enabled because it needs to populated entire page table for - * guest. To stay on the safe side, we disable PCI device - * assignment when PoD is enabled. + /* We don't support having PoD and an IOMMU at the same time for HVM + * guests. An active IOMMU cannot work with PoD because it needs a fully + * populated page-table. Prevent PoD usage if the domain has an IOMMU + * assigned, even if not active. */ if (d_config->c_info.type != LIBXL_DOMAIN_TYPE_PV && - d_config->num_pcidevs && pod_enabled) { + d_config->c_info.passthrough != LIBXL_PASSTHROUGH_DISABLED && + pod_enabled) { ret = ERROR_INVAL; LOGD(ERROR, domid, - "PCI device assignment for HVM guest failed due to PoD enabled"); + "IOMMU required for device passthrough but not supported together with PoD"); goto error_out; }