Re: [PATCH 2/3] VT-d: suppress UR signaling for desktop chipsets

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Andrew Cooper <andrew.cooper3@citrix.com>
To: Jan Beulich <JBeulich@suse.com>
Cc: Keir Fraser <keir@xen.org>,
	Asit K Mallick <asit.k.mallick@intel.com>,
	Donald D Dugger <donald.d.dugger@intel.com>,
	Jun Nakajima <jun.nakajima@intel.com>,
	xen-devel <xen-devel@lists.xenproject.org>,
	xiantao.zhang@intel.com
Subject: Re: [PATCH 2/3] VT-d: suppress UR signaling for desktop chipsets
Date: Mon, 7 Apr 2014 13:21:16 +0100	[thread overview]
Message-ID: <5342983C.6050102@citrix.com> (raw)
In-Reply-To: <533D48AA0200007800005124@nat28.tlf.novell.com>


[-- Attachment #1.1: Type: text/plain, Size: 2356 bytes --]

On 03/04/14 10:40, Jan Beulich wrote:
> Unsupported Requests can be signaled for malformed writes to the MSI
> address region, e.g. due to buggy or malicious DMA set up to that
> region. These should normally result in IOMMU faults, but don't on
> the desktop chipsets dealt with here.
>
> This is CVE-2013-3495 / XSA-59.
>
> Signed-off-by: Jan Beulich <jbeulich@suse.com>

Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>

>
> --- a/xen/drivers/passthrough/vtd/quirks.c
> +++ b/xen/drivers/passthrough/vtd/quirks.c
> @@ -392,6 +392,8 @@ void __init pci_vtd_quirk(struct pci_dev
>      int func = PCI_FUNC(pdev->devfn);
>      int pos;
>      u32 val;
> +    u64 bar;
> +    paddr_t pa;
>  
>      if ( pci_conf_read16(seg, bus, dev, func, PCI_VENDOR_ID) != 0x8086 )
>          return;
> @@ -452,5 +454,33 @@ void __init pci_vtd_quirk(struct pci_dev
>          printk(XENLOG_INFO "Masked UR signaling on %04x:%02x:%02x.%u\n",
>                 seg, bus, dev, func);
>          break;
> +
> +    case 0x100: case 0x104: case 0x108: /* Sandybridge */
> +    case 0x150: case 0x154: case 0x158: /* Ivybridge */
> +    case 0xa04: /* Haswell ULT */
> +    case 0xc00: case 0xc04: case 0xc08: /* Haswell */
> +        bar = pci_conf_read32(seg, bus, dev, func, 0x6c);
> +        bar = (bar << 32) | pci_conf_read32(seg, bus, dev, func, 0x68);
> +        pa = bar & 0x7fffff000; /* bits 12...38 */
> +        if ( (bar & 1) && pa &&
> +             page_is_ram_type(paddr_to_pfn(pa), RAM_TYPE_RESERVED) )
> +        {
> +            u32 __iomem *va = ioremap(pa, PAGE_SIZE);
> +
> +            if ( va )
> +            {
> +                __set_bit(0x1c8 * 8 + 20, va);
> +                iounmap(va);
> +                printk(XENLOG_INFO "Masked UR signaling on %04x:%02x:%02x.%u\n",
> +                       seg, bus, dev, func);
> +            }
> +            else
> +                printk(XENLOG_ERR "Could not map %"PRIpaddr" for %04x:%02x:%02x.%u\n",
> +                       pa, seg, bus, dev, func);
> +        }
> +        else
> +            printk(XENLOG_WARNING "Bogus DMIBAR %#"PRIx64" on %04x:%02x:%02x.%u\n",
> +                   bar, seg, bus, dev, func);
> +        break;
>      }
>  }
>
>
>
>
>
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@lists.xen.org
> http://lists.xen.org/xen-devel


[-- Attachment #1.2: Type: text/html, Size: 3206 bytes --]

[-- Attachment #2: Type: text/plain, Size: 126 bytes --]

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel

next prev parent reply	other threads:[~2014-04-07 12:21 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-04-03  9:33 [PATCH 0/3] fixes (read: workarounds) for XSA-59 Jan Beulich
2014-04-03  9:39 ` [PATCH 1/3] VT-d: suppress UR signaling for server chipsets Jan Beulich
2014-04-07 12:12   ` Andrew Cooper
2014-04-07 13:11     ` Jan Beulich
2014-04-03  9:40 ` [PATCH 2/3] VT-d: suppress UR signaling for desktop chipsets Jan Beulich
2014-04-07 12:21   ` Andrew Cooper [this message]
2014-04-03  9:41 ` [PATCH 3/3] passthrough: allow to suppress SERR and PERR signaling altogether Jan Beulich
2014-04-07 10:05   ` Andrew Cooper
2014-04-07 10:21     ` Jan Beulich
2014-04-07 12:47   ` Andrew Cooper
2014-04-07 13:05     ` Jan Beulich
2014-04-07 13:17       ` Andrew Cooper
2014-04-07 13:43         ` Jan Beulich

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=5342983C.6050102@citrix.com \
    --to=andrew.cooper3@citrix.com \
    --cc=JBeulich@suse.com \
    --cc=asit.k.mallick@intel.com \
    --cc=donald.d.dugger@intel.com \
    --cc=jun.nakajima@intel.com \
    --cc=keir@xen.org \
    --cc=xen-devel@lists.xenproject.org \
    --cc=xiantao.zhang@intel.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.