|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-devel] [PATCH 4.0-testing 10/10] AMD, IOMMU: Make per-device interrupt remapping table default
From: Boris Ostrovsky <boris.ostrovsky@xxxxxxx>
Using global interrupt remapping table may be insecure, as
described by XSA-36. This patch makes per-device mode default.
This is XSA-36 / CVE-2013-0153.
Signed-off-by: Boris Ostrovsky <boris.ostrovsky@xxxxxxx>
Moved warning in amd_iov_detect() to location covering all cases.
Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
xen-unstable changeset: 26519:1af531e7bc2f
xen-unstable date: Tue Feb 5 14:22:11 UTC 2013
---
xen/drivers/passthrough/amd/iommu_acpi.c | 5 +++--
xen/drivers/passthrough/amd/pci_amd_iommu.c | 2 ++
xen/drivers/passthrough/iommu.c | 4 +++-
3 files changed, 8 insertions(+), 3 deletions(-)
diff --git a/xen/drivers/passthrough/amd/iommu_acpi.c
b/xen/drivers/passthrough/amd/iommu_acpi.c
index 0d6d2a6..bf4a691 100644
--- a/xen/drivers/passthrough/amd/iommu_acpi.c
+++ b/xen/drivers/passthrough/amd/iommu_acpi.c
@@ -20,7 +20,6 @@
#include <xen/config.h>
#include <xen/errno.h>
-#include <asm/apicdef.h>
#include <asm/io_apic.h>
#include <asm/amd-iommu.h>
#include <asm/hvm/svm/amd-iommu-proto.h>
@@ -690,7 +689,7 @@ static u16 __init parse_ivhd_device_special(
/* set device id of ioapic */
ioapic_bdf[ivhd_device->special.handle].bdf = bdf;
- ioapic_bdf[ivhd_device->special.handle].pin_setup = xzalloc_array(
+ ioapic_bdf[ivhd_device->special.handle].pin_setup = xmalloc_array(
unsigned long, BITS_TO_LONGS(nr_ioapic_registers[apic]));
if ( nr_ioapic_registers[apic] &&
!ioapic_bdf[IO_APIC_ID(apic)].pin_setup )
@@ -698,6 +697,8 @@ static u16 __init parse_ivhd_device_special(
printk(XENLOG_ERR "IVHD Error: Out of memory\n");
return 0;
}
+ memset(ioapic_bdf[ivhd_device->special.handle].pin_setup, 0,
+ sizeof(unsigned long) *
BITS_TO_LONGS(nr_ioapic_registers[apic]));
}
return dev_length;
}
diff --git a/xen/drivers/passthrough/amd/pci_amd_iommu.c
b/xen/drivers/passthrough/amd/pci_amd_iommu.c
index fb29e20..597a06a 100644
--- a/xen/drivers/passthrough/amd/pci_amd_iommu.c
+++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c
@@ -173,6 +173,8 @@ int amd_iov_detect(void)
printk("Error initialization\n");
return -ENODEV;
}
+ if ( !amd_iommu_perdev_intremap )
+ printk(XENLOG_WARNING "AMD-Vi: Using global interrupt remap table is
not recommended (see XSA-36)!\n");
return 0;
}
diff --git a/xen/drivers/passthrough/iommu.c b/xen/drivers/passthrough/iommu.c
index 0dad6ef..5b3c66b 100644
--- a/xen/drivers/passthrough/iommu.c
+++ b/xen/drivers/passthrough/iommu.c
@@ -48,7 +48,7 @@ bool_t __read_mostly iommu_snoop = 1;
bool_t __read_mostly iommu_qinval = 1;
bool_t __read_mostly iommu_intremap = 1;
bool_t __read_mostly amd_iommu_debug;
-bool_t __read_mostly amd_iommu_perdev_intremap;
+bool_t __read_mostly amd_iommu_perdev_intremap = 1;
static void __init parse_iommu_param(char *s)
{
@@ -78,6 +78,8 @@ static void __init parse_iommu_param(char *s)
amd_iommu_debug = 1;
else if ( !strcmp(s, "amd-iommu-perdev-intremap") )
amd_iommu_perdev_intremap = 1;
+ else if ( !strcmp(s, "amd-iommu-global-intremap") )
+ amd_iommu_perdev_intremap = 0;
else if ( !strcmp(s, "dom0-passthrough") )
iommu_passthrough = 1;
else if ( !strcmp(s, "dom0-strict") )
--
1.7.2.5
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |