From: Ian Campbell <ian.campbell@citrix.com>
To: xen-devel@lists.xen.org
Cc: Boris Ostrovsky <boris.ostrovsky@amd.com>,
Jan Beulich <jbeulich@suse.com>
Subject: [PATCH 4.0-testing 10/10] AMD, IOMMU: Make per-device interrupt remapping table default
Date: Mon, 11 Feb 2013 13:12:53 +0000 [thread overview]
Message-ID: <1360588373-779-10-git-send-email-ian.campbell@citrix.com> (raw)
In-Reply-To: <1360588355.20449.34.camel@zakaz.uk.xensource.com>
From: Boris Ostrovsky <boris.ostrovsky@amd.com>
Using global interrupt remapping table may be insecure, as
described by XSA-36. This patch makes per-device mode default.
This is XSA-36 / CVE-2013-0153.
Signed-off-by: Boris Ostrovsky <boris.ostrovsky@amd.com>
Moved warning in amd_iov_detect() to location covering all cases.
Signed-off-by: Jan Beulich <jbeulich@suse.com>
xen-unstable changeset: 26519:1af531e7bc2f
xen-unstable date: Tue Feb 5 14:22:11 UTC 2013
---
xen/drivers/passthrough/amd/iommu_acpi.c | 5 +++--
xen/drivers/passthrough/amd/pci_amd_iommu.c | 2 ++
xen/drivers/passthrough/iommu.c | 4 +++-
3 files changed, 8 insertions(+), 3 deletions(-)
diff --git a/xen/drivers/passthrough/amd/iommu_acpi.c b/xen/drivers/passthrough/amd/iommu_acpi.c
index 0d6d2a6..bf4a691 100644
--- a/xen/drivers/passthrough/amd/iommu_acpi.c
+++ b/xen/drivers/passthrough/amd/iommu_acpi.c
@@ -20,7 +20,6 @@
#include <xen/config.h>
#include <xen/errno.h>
-#include <asm/apicdef.h>
#include <asm/io_apic.h>
#include <asm/amd-iommu.h>
#include <asm/hvm/svm/amd-iommu-proto.h>
@@ -690,7 +689,7 @@ static u16 __init parse_ivhd_device_special(
/* set device id of ioapic */
ioapic_bdf[ivhd_device->special.handle].bdf = bdf;
- ioapic_bdf[ivhd_device->special.handle].pin_setup = xzalloc_array(
+ ioapic_bdf[ivhd_device->special.handle].pin_setup = xmalloc_array(
unsigned long, BITS_TO_LONGS(nr_ioapic_registers[apic]));
if ( nr_ioapic_registers[apic] &&
!ioapic_bdf[IO_APIC_ID(apic)].pin_setup )
@@ -698,6 +697,8 @@ static u16 __init parse_ivhd_device_special(
printk(XENLOG_ERR "IVHD Error: Out of memory\n");
return 0;
}
+ memset(ioapic_bdf[ivhd_device->special.handle].pin_setup, 0,
+ sizeof(unsigned long) * BITS_TO_LONGS(nr_ioapic_registers[apic]));
}
return dev_length;
}
diff --git a/xen/drivers/passthrough/amd/pci_amd_iommu.c b/xen/drivers/passthrough/amd/pci_amd_iommu.c
index fb29e20..597a06a 100644
--- a/xen/drivers/passthrough/amd/pci_amd_iommu.c
+++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c
@@ -173,6 +173,8 @@ int amd_iov_detect(void)
printk("Error initialization\n");
return -ENODEV;
}
+ if ( !amd_iommu_perdev_intremap )
+ printk(XENLOG_WARNING "AMD-Vi: Using global interrupt remap table is not recommended (see XSA-36)!\n");
return 0;
}
diff --git a/xen/drivers/passthrough/iommu.c b/xen/drivers/passthrough/iommu.c
index 0dad6ef..5b3c66b 100644
--- a/xen/drivers/passthrough/iommu.c
+++ b/xen/drivers/passthrough/iommu.c
@@ -48,7 +48,7 @@ bool_t __read_mostly iommu_snoop = 1;
bool_t __read_mostly iommu_qinval = 1;
bool_t __read_mostly iommu_intremap = 1;
bool_t __read_mostly amd_iommu_debug;
-bool_t __read_mostly amd_iommu_perdev_intremap;
+bool_t __read_mostly amd_iommu_perdev_intremap = 1;
static void __init parse_iommu_param(char *s)
{
@@ -78,6 +78,8 @@ static void __init parse_iommu_param(char *s)
amd_iommu_debug = 1;
else if ( !strcmp(s, "amd-iommu-perdev-intremap") )
amd_iommu_perdev_intremap = 1;
+ else if ( !strcmp(s, "amd-iommu-global-intremap") )
+ amd_iommu_perdev_intremap = 0;
else if ( !strcmp(s, "dom0-passthrough") )
iommu_passthrough = 1;
else if ( !strcmp(s, "dom0-strict") )
--
1.7.2.5
next prev parent reply other threads:[~2013-02-11 13:12 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-02-11 13:12 [PATCH 4.0-testing 00/10] XSA-{25, 27, 33, 36}: Backports for 4.0 (for Debian update) Ian Campbell
2013-02-11 13:12 ` [PATCH 4.0-testing 01/10] libxc: Do not use dom0 physmem as parameter to lzma decoder Ian Campbell
2013-02-11 13:12 ` [PATCH 4.0-testing 02/10] libxc: builder: limit maximum size of kernel/ramdisk Ian Campbell
2013-02-11 13:12 ` [PATCH 4.0-testing 03/10] hvm: Limit the size of large HVM op batches Ian Campbell
2013-02-11 13:12 ` [PATCH 4.0-testing 04/10] x86/mm: Fix loop increment in paging_log_dirty_range() Ian Campbell
2013-02-11 13:12 ` [PATCH 4.0-testing 05/10] VT-d: fix interrupt remapping source validation for devices behind legacy bridges Ian Campbell
2013-02-11 13:12 ` [PATCH 4.0-testing 06/10] AMD IOMMU: Fix an interrupt remapping issue Ian Campbell
2013-02-11 13:12 ` [PATCH 4.0-testing 07/10] ACPI: acpi_table_parse() should return handler's error code Ian Campbell
2013-02-11 13:12 ` [PATCH 4.0-testing 08/10] AMD, IOMMU: Clean up old entries in remapping tables when creating new one Ian Campbell
2013-02-11 13:12 ` [PATCH 4.0-testing 09/10] AMD, IOMMU: Disable IOMMU if SATA Combined mode is on Ian Campbell
2013-02-11 13:12 ` Ian Campbell [this message]
2013-02-12 9:44 ` [PATCH 4.0-testing 00/10] XSA-{25, 27, 33, 36}: Backports for 4.0 (for Debian update) Jan Beulich
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1360588373-779-10-git-send-email-ian.campbell@citrix.com \
--to=ian.campbell@citrix.com \
--cc=boris.ostrovsky@amd.com \
--cc=jbeulich@suse.com \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).