From 67ed6e17181ae84c9ca957f3c4131962e67329e3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= Date: Sat, 16 Jan 2021 05:40:04 +0100 Subject: [PATCH] Add a patch for conditional IOMMU-less passthrough on PV domain Look for qubes.enable_insecure_pv_passthrough on dom0 kernel cmdline. If it's present, allow creating PV domain with PCI devices even if IOMMU is not present/enabled. QubesOS/qubes-issues#5529 --- ...lly-allow-PCI-passthrough-on-PV-with.patch | 75 +++++++++++++++++++ xen.spec.in | 1 + 2 files changed, 76 insertions(+) create mode 100644 patch-0001-libxl-conditionally-allow-PCI-passthrough-on-PV-with.patch diff --git a/patch-0001-libxl-conditionally-allow-PCI-passthrough-on-PV-with.patch b/patch-0001-libxl-conditionally-allow-PCI-passthrough-on-PV-with.patch new file mode 100644 index 00000000..5fecfc3c --- /dev/null +++ b/patch-0001-libxl-conditionally-allow-PCI-passthrough-on-PV-with.patch @@ -0,0 +1,75 @@ +From 79f74162a10e3a82c54941315440c1d51f3c30c2 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= + +Date: Sat, 16 Jan 2021 05:06:18 +0100 +Subject: [PATCH] libxl: conditionally allow PCI passthrough on PV without + IOMMU +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit +Organization: Invisible Things Lab +Cc: Marek Marczykowski-Górecki + +Without IOMMU, PCI passthrough cannot be used securely. But there are +still various Qubes OS features that would be useful and improve overall +system trustworthiness compared to monolithic system. +This is also handy for development, to allow running Qubes OS nested +withing KVM (on AMD, vIOMMU is unstable). + +Signed-off-by: Marek Marczykowski-Górecki +--- + tools/libxl/libxl_create.c | 31 ++++++++++++++++++++++++++++++- + 1 file changed, 30 insertions(+), 1 deletion(-) + +diff --git a/tools/libxl/libxl_create.c b/tools/libxl/libxl_create.c +index 86f4a8369d35..340bb680fbe9 100644 +--- a/tools/libxl/libxl_create.c ++++ b/tools/libxl/libxl_create.c +@@ -1006,6 +1006,34 @@ static bool ok_to_default_memkb_in_create(libxl__gc *gc) + */ + } + ++static bool is_insecure_pv_passthrough_enabled() ++{ ++ FILE *f = fopen("/proc/cmdline", "r"); ++ char cmdline[4096], *tok; ++ size_t read_s; ++ bool ret = false; ++ ++ if (!f) { ++ LOG(WARN, "Failed to open /proc/cmdline: %d", errno); ++ return false; ++ } ++ ret = fread(cmdline, 1, sizeof(cmdline) - 1, f); ++ if (!feof(f) || ferror(f)) { ++ LOG(WARN, "Failed to read /proc/cmdline: %d", errno); ++ fclose(f); ++ return false; ++ } ++ cmdline[ret] = 0; ++ fclose(f); ++ ++ tok = strtok(cmdline, " "); ++ while (tok) { ++ if (strcmp(tok, "qubes.enable_insecure_pv_passthrough") == 0) ++ retrun true; ++ tok = strtok(NULL, " "); ++ } ++} ++ + static unsigned long libxl__get_required_iommu_memory(unsigned long maxmem_kb) + { + unsigned long iommu_pages = 0, mem_pages = maxmem_kb / 4; +@@ -1107,7 +1135,8 @@ int libxl__domain_config_setdefault(libxl__gc *gc, + } + + bool iommu_enabled = physinfo.cap_hvm_directio; +- if (c_info->passthrough != LIBXL_PASSTHROUGH_DISABLED && !iommu_enabled) { ++ if (c_info->passthrough != LIBXL_PASSTHROUGH_DISABLED && !iommu_enabled && ++ (c_info.type != LIBXL_DOMAIN_TYPE_PV || !is_insecure_pv_passthrough_enabled())) { + LOGD(ERROR, domid, + "passthrough not supported on this platform\n"); + ret = ERROR_INVAL; +-- +2.25.4 + diff --git a/xen.spec.in b/xen.spec.in index e7fd9bd2..50d83a92 100644 --- a/xen.spec.in +++ b/xen.spec.in @@ -158,6 +158,7 @@ Patch1017: patch-libxl-disable-vkb-by-default.patch Patch1020: patch-stubdom-linux-config-qubes-gui.patch Patch1021: patch-stubdom-linux-libxl-do-not-force-qdisk-backend-for-cdrom.patch Patch1022: patch-xen-acpi-slic-support.patch +Patch1023: patch-0001-libxl-conditionally-allow-PCI-passthrough-on-PV-with.patch Patch1030: patch-fix-igd-passthrough-with-linux-stubdomain.patch