Responses inline...
On Apr 2, 2013, at 5:09 AM, Joanna Rutkowska
<
joa...@invisiblethingslab.com> wrote:
> On 04/02/13 04:01, Eric Shelton wrote:
>> An update on where things stand with my present configuration on the
>> MacBook Air 2012.
>>
>> Based on the information here:
>>
http://people.canonical.com/~sforshee/enablement/quantal/macbookair5.1/apic-notes.txt
>> and ACPI tables for other Ivybridge systems, it is clear that there is
>> a minor bug in the MacBook Air 2012 ACPI tables. Specifically, the
>> single DRHD for an IOAPIC in the DMAR table incorrectly identifies an
>> IOAPIC with an ID of 0, when it should be 0x02 (to correspond to the
>> IOAPIC identified in the APIC table). In other words, offset of 0x5C
>> in the DMAR table should be 0x02, not 0x00.
>>
>> The attached xen-dmar.patch is a complete hack that forces the ID to
>> 0x02, which depends on there being only one IOAPIC. However, I think
>> it is much better to get interrupt remapping and proper use of the
>> IOAPIC, rather than just disabling it as was done in August 2012. A
>> copy of the output from 'xl dmesg' is attached.
>>
>
> Have you tried to send this patch to xen-devel. I think it might be
> useful for Xen to have a collection of DMAR workarounds for various
> machines, as I expect there are lots of hardware with broken ACPI
> tables, specifically with regard to VT-d, out there?
>
I can imagine several mechanisms for working with broken ACPI tables
where a fix can be identified:
1) Recent Linux kernels have added a mechanism for loading replacement
ACPI tables via initramfs. Perhaps something like this might be done.
2) A boot command line parameter might be added such as "acpi-patch 8388205c 02"
3) In terms of user friendliness, ACPI quirks code is probably best,
to save people from having to scour the Internet to identify and
remedy system issues.
>> In my quest to get WIFI working, I build the 3.8.4 kernel for this
>> system. A copy of my .config file is attached. Note that in the 3.8
>> kernel series, ehci-hcd has split out some of the code into a new
>> ehci-pci module. If initramfs does not include this module, you will
>> not have access to the built-in keyboard and not be able to type in
>> your encryption password (although you can get around the issue by
>> plugging in an external USB keyboard). You can make sure the module
>> is included by adding the attached file ehci-missing-driver.conf to
>> /etc/dracut.conf.d/ Some other patches have to be made to the
>> Qubes-provided patches to get 3.8.4 to build, but I have not fished
>> those out.
>>
>> WIFI requires use of the brcmsmac module. Additionally, if you do not
>> use permissive mode for PCI passthrough, the system will hang when
>> netvm loads the WIFI driver (is a domU supposed to be able to cause a
>> hang, assumedly because of an improper IO access)?
>
> Well, no, it shouldn't! :) I would encourage you to report it and
> discuss at xen-devel list.
>
> Also, one should not really use the permissive mode, but ideally find
> out which specific PCIe config register the device wanted to access (and
> why?) and enable this access in the pcback quirks config file...
>
That's what I thought. I suspect there will not be any Xen developers
with this particular wifi card. If so, I'll have to identify the
quirked registers. Any idea how this is done? One possible solution
would be to run netvm in an HVM, and have qemu log out-of-bounds IO
accesses. Unfortunately, I suppose the hang suggests there is a bug
tied to this.
It would be helpful to test this out on a version of Xen more recent
than 4.1.2 (although I recognize MANY patches are applied for the
Qubes Xen) before turning to xen-devel. Is there any reason I cannot
run Qubes R2B2 with Xen 4.1.5 pre? Even better, is there a Qubes dev
code base that would allow me to use 4.2.1 or 4.3 unstable?
>> The attachment
>> qubes-permissive-netvm.service, which is to be put in
>> /etc/systemd/system (or where the links in there point to), enables
>> permissive mode for the WIFI PCI device. The attached
>> qubes_netvm.service was modified to make sure netvm is started after
>> permissive mode is set.
>>
>> Only one thing remains at this time - suspend to RAM will not wake up
>> successfully with the WIFI module loaded (suspend works fine
>> otherwise). My initial attempt with /lib/qubes/prepare-suspend has
>> not yet worked, and I have not yet dug into it. If anyone has
>> something like this working, I would love to see it.
>>
>
> So if you manually rmmod your wifi module in the netvm, then S3 works
> fine, and if you let the script do it, it wont? Sounds fishy...
>
I spent way too much time messing around with kernel & module builds
before arriving at the solution of using permissive mode, so I haven't
gotten around to this. So far I only know:
1) S3 works if the module has never been loaded
2) My initial attempt at using prepare-suspend resulted in it entering
and exiting S3, but in short order hanging in pretty much the same way
I saw before enabling permissive mode. pciback reports via sysfs it
is still in permissive mode after S3.
I suspect a well-placed sleep might resolve this, assuming the bug
discussed above is not a factor.
>> Anyways, this system is pretty awesome now. The only thing I want to
>> change, as noted before, is to have 8GB of RAM, instead of 4GB.
>>
>> Hopefully this provides ample information for anyone else giving this a go.
>>
>
> Seems like you put lots of efforts into getting Qubes working on your
> MacBook, thanks! And hope you will find the effort worthwhile.
>
> joanna.
>
I think I will. It gives me an entirely different way to look at at
handle data security. Unfortunately, 4GB is a bit tight for running
OS X in an HVM. I'd also be interested in getting a ZFS-based storage
domain up and running, as snapshotting, etc. seems superior to LVM.
However, ZFS is somewhat notorious for its memory consumption
(although it looks like it might be done with 800-1000 MB of RAM). I
also gather that the utility of a separate storage domain is reduced
on a system lacking TXT (although it still might be useful to isolate
bug-prone fs code from a domain managing encryption keys).
On the issue of memory consumption, might any substantial reduction be
made by running HVM-based domUs, and enabling memory page
deduplication? I have heard that on 64-bit systems, there is no
meaningful performance difference from PV. On the other hand, qemu
may significantly increase the attack surface.