[Pkg-xen-devel] Bug#988333: Bug#988333: libxenmisc4.16: libxl fails to grant necessary I/O memory access for gfx_passthru of Intel IGD

Chuck Zmudzinski brchuckz at netscape.net
Mon Mar 7 16:14:30 GMT 2022 

On 3/7/22 10:39 AM, Marek Marczykowski-Górecki wrote:
> On Mon, Mar 07, 2022 at 10:11:29AM -0500, Chuck Zmudzinski wrote:
>> Detailed description of how I discovered the patch that fixes the bug and
>> enables Intel IGD passthrough to Bullseye when using the traditional Qemu
>> device model:
>>
>> A long time ago, during the development of Xen 4.5 in 2014, two patches
>> implemented a change to the way permission is granted for an unprivileged
>> domain to access PCI/VGA-related I/O memory. Prior to this, AFAICT,
>> permission was implicitly granted to access the memory the domain requested
>> when a PCI device being passed to the domain was being configured. After the
>> change, permission to access such memory is not granted without prior
>> explicit permission being configured, and this is still the current
>> behavior.
>>
>> The relevant patches are:
>>
>> 1. https://xenbits.xen.org/gitweb/?p=xen.git;a=commitdiff;h=abfb006f1ff4af1424e5b0d0589f0226377fda36
>>
>> and
>>
>> 2. https://xenbits.xen.org/gitweb/?p=xen.git;a=commitdiff;h=0561e1f01e87b777bcc47971e4ae1f420314f4a0
>>
>> The first of these patches intended to implement explicit granting of
>> permission to access the I/O memory that is needed to support the
>> gfx_passthru feature in libxl_pci.c, in the
>> libxl__grant_vga_iomem_permission function. The second patch implements the
>> removal of implicit permission to access the PCI/VGA-related I/O memory and
>> causes requests to access such memory by a domain to be denied unless prior
>> explicit permission has been configured.
>>
>> Specifically, the first patch adds 32 (0x20) units (I presume bytes) of data
> That's in pages.
>
>> starting at memory address 0xa0000 >> XC_PAGE_SHIFT to the memory the domain
>> is permitted to access. XC_PAGE_SHIFT is 12, so this memory range shows up
>> in the logs when running Xen 4.5 as:
>>
>> memory_map:add: dom1 gfn=a0 mfn=a0 nr=20
>>
>> But my testing of these old patches with added custom logging shows that
>> another two units (bytes?) are needed:
>>
>> memory_map:access not permitted: dom1 gfn=fdffc mfn=cc490 nr=2
> You may be interested in this patch:
> https://github.com/QubesOS/qubes-vmm-xen/blob/xen-4.14/patch-fix-igd-passthrough-with-linux-stubdomain.patch
>
> Qubes OS uses qemu-upstream in a Linux-based stubdomain, and with the
> above patch applied, IGD passthrough works, at least to a Linux HVM.
>

Thanks, Marek, I think that means the Qubes OS patch should be able to 
be adapted to work with Debian's Qemu upstream package as the device 
model running as the privileged user in dom0. I will try it next weekend 
when I have some time. Thanks for the tip.

Regards,

Chuck

More information about the Pkg-xen-devel mailing list