On Thu, 2014-04-24 at 18:36 -0600, Bill Sumner wrote: > > This patch set modifies the behavior of the Intel iommu in the crashdump kernel: > 1. to accept the iommu hardware in an active state, > 2. to leave the current translations in-place so that legacy DMA will continue > using its current buffers until the device drivers in the crashdump kernel > initialize and initialize their devices, > 3. to use different portions of the iova address ranges for the device drivers > in the crashdump kernel than the iova ranges that were in-use at the time > of the panic. There could be all kinds of existing mappings in the DMA page tables, and I'm not sure it's safe to preserve them. What prevents the crashdump kernel from trying to use any of the physical pages which are accessible, and which could thus be corrupted by stray DMA? In fact, the old kernel could even have set up 1:1 passthrough mappings for some devices, which would then be able to DMA *anywhere*. Surely we need to prevent that? After the last round of this patchset, we discussed a potential improvement where you point every virtual bus address at the *same* physical scratch page. That way, we allow the "rogue" DMA to continue to the same virtual bus addresses, but it can only ever affect one piece of physical memory and can't have detrimental effects elsewhere. Was that option considered and discounted for some reason? It seems like it would make sense... -- David Woodhouse Open Source Technology Centre David.Woodhouse@xxxxxxxxx Intel Corporation
Attachment:
smime.p7s
Description: S/MIME cryptographic signature