I will put together something like this then and resubmit. I would like Joe
Cihula at Intel to comment and make sure I am not missing something that will
impact tboot security.
From: Keir Fraser
Sent: Thursday, February 26, 2009 11:12 AM
To: Ross Philipson; Cui, Dexuan; xen-devel@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Xen-devel] [PATCH] Included reserved memory regions in dom0 iommu
Yes, blacklist rather than whitelist, below 4G. Sounds good.
On 26/02/2009 15:38, "Ross Philipson" <Ross.Philipson@xxxxxxxxxx> wrote:
> There are some regions that I think would really need to be excluded that are
> related to TXT and tboot too though. The current tboot code puts these in the
> e820 as unusable as apposed to reserved. What if we mapped in all 4GB with the
> exception of unusable ranges and where xen is?
> -----Original Message-----
> From: Keir Fraser
> Sent: Thursday, February 26, 2009 10:30 AM
> To: Cui, Dexuan; Ross Philipson; xen-devel@xxxxxxxxxxxxxxxxxxx
> Subject: Re: [Xen-devel] [PATCH] Included reserved memory regions in dom0
> iommu mappings
> I'm not keen on Ross's patch anyway. I think if you have such a broken
> system, the cmdline option should simply identity-map everything below 4GB,
> unconditionally. Easy.
> -- Keir
> On 26/02/2009 09:20, "Cui, Dexuan" <dexuan.cui@xxxxxxxxx> wrote:
>> The patch is useful when BIOS doesn’t report RMRR correctly; however the
>> may not help in some situations.
>> E.g., to work around a buggy BIOS, we may have to map such an E820 entry
>> (XEN) 00000000cff0b000 - 00000000d0000000 (reserved).
>> But if we use a xen parameter "mem=512m", or, if the host only has 512m
>> memory, the variable 'max_page" is 512m/PAGE_SIZE, so even with the patch,
>> E820 entry would not be mapped, and Xen would still hang.
>> -- Dexuan
>> From: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
>> [mailto:xen-devel-bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of Ross Philipson
>> Sent: 2009年2月24日 4:01
>> To: xen-devel@xxxxxxxxxxxxxxxxxxx
>> Subject: [Xen-devel] [PATCH] Included reserved memory regions in dom0 iommu
>> This adds a boolean boot parameter to xen to allow reserved memory
>> regions to be added to the iommu mappings for dom0. The parameter
>> is "iommu_include_reserved" and is off by default. A warning is
>> also traced when incorrect RMRR to system memory map values are
>> detected. This is being added to address some incorrect BIOS's that
>> do not report correctly the requied reserved memory ranges in
>> the RMRRs. When this occurs it currently can cause early boot hangs
>> and crashes.
>> Signed-off-by: Ross Philipson <ross.philipson@xxxxxxxxxx>
>> Based on changeset 19238
>> Ross Philipson
>> Senior Software Engineer
>> Citrix Systems, Inc
>> 14 Crosby Drive
>> Bedford, MA 01730
Xen-devel mailing list