From mboxrd@z Thu Jan 1 00:00:00 1970 From: Andrew Cooper Subject: Re: [PATCH 2/2] VT-d: extend error report masking workaround to newer chipsets Date: Mon, 28 Apr 2014 10:34:05 +0100 Message-ID: <535E208D.2080805@citrix.com> References: <535E254A020000780000CA9A@nat28.tlf.novell.com> <535E2702020000780000CACC@nat28.tlf.novell.com> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="===============4226489619263476673==" Return-path: Received: from mail6.bemta14.messagelabs.com ([193.109.254.103]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1Wehww-0000XM-Nd for xen-devel@lists.xenproject.org; Mon, 28 Apr 2014 09:34:11 +0000 In-Reply-To: <535E2702020000780000CACC@nat28.tlf.novell.com> List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xen.org Errors-To: xen-devel-bounces@lists.xen.org To: Jan Beulich Cc: xen-devel , Donald D Dugger , xiantao.zhang@intel.com List-Id: xen-devel@lists.xenproject.org --===============4226489619263476673== Content-Type: multipart/alternative; boundary="------------010200020307030204080906" --------------010200020307030204080906 Content-Type: text/plain; charset="ISO-8859-1" Content-Transfer-Encoding: 7bit On 28/04/14 09:01, Jan Beulich wrote: > Add two more PCI IDs to the set that has been taken care of with a > different workaround long before XSA-59, and (for constency with the > newer workarounds) log a message here too. > > Also move the function wide comment to the cases it applies to; this > should really have been done by d061d200 ("VT-d: suppress UR signaling > for server chipsets"). > > This is CVE-2013-3495 / XSA-59. > > Signed-off-by: Jan Beulich As before, this would probably be better being a conditional message. ~Andrew > > --- a/xen/drivers/passthrough/vtd/quirks.c > +++ b/xen/drivers/passthrough/vtd/quirks.c > @@ -379,12 +379,6 @@ void me_wifi_quirk(struct domain *domain > } > } > > -/* > - * Mask reporting Intel VT-d faults to IOH core logic: > - * - Some platform escalates VT-d faults to platform errors > - * - This can cause system failure upon non-fatal VT-d faults > - * - Potential security issue if malicious guest trigger VT-d faults > - */ > void pci_vtd_quirk(const struct pci_dev *pdev) > { > int seg = pdev->seg; > @@ -402,10 +396,20 @@ void pci_vtd_quirk(const struct pci_dev > > switch ( pci_conf_read16(seg, bus, dev, func, PCI_DEVICE_ID) ) > { > + /* > + * Mask reporting Intel VT-d faults to IOH core logic: > + * - Some platform escalates VT-d faults to platform errors. > + * - This can cause system failure upon non-fatal VT-d faults. > + * - Potential security issue if malicious guest trigger VT-d faults. > + */ > + case 0x0e28: /* Xeon-E5v2 (IvyBridge) */ > case 0x342e: /* Tylersburg chipset (Nehalem / Westmere systems) */ > + case 0x3728: /* Xeon C5500/C3500 (JasperForest) */ > case 0x3c28: /* Sandybridge */ > val = pci_conf_read32(seg, bus, dev, func, 0x1AC); > pci_conf_write32(seg, bus, dev, func, 0x1AC, val | (1 << 31)); > + printk(XENLOG_INFO "Masked VT-d error signaling on %04x:%02x:%02x.%u\n", > + seg, bus, dev, func); > break; > > /* Tylersburg (EP)/Boxboro (MP) chipsets (NHM-EP/EX, WSM-EP/EX) */ > > > > > > _______________________________________________ > Xen-devel mailing list > Xen-devel@lists.xen.org > http://lists.xen.org/xen-devel --------------010200020307030204080906 Content-Type: text/html; charset="ISO-8859-1" Content-Transfer-Encoding: 7bit
On 28/04/14 09:01, Jan Beulich wrote:
Add two more PCI IDs to the set that has been taken care of with a
different workaround long before XSA-59, and (for constency with the
newer workarounds) log a message here too.

Also move the function wide comment to the cases it applies to; this
should really have been done by d061d200 ("VT-d: suppress UR signaling
for server chipsets").

This is CVE-2013-3495 / XSA-59.

Signed-off-by: Jan Beulich <jbeulich@suse.com>

As before, this would probably be better being a conditional message.

~Andrew


--- a/xen/drivers/passthrough/vtd/quirks.c
+++ b/xen/drivers/passthrough/vtd/quirks.c
@@ -379,12 +379,6 @@ void me_wifi_quirk(struct domain *domain
     }
 }
 
-/*
- * Mask reporting Intel VT-d faults to IOH core logic:
- *   - Some platform escalates VT-d faults to platform errors 
- *   - This can cause system failure upon non-fatal VT-d faults
- *   - Potential security issue if malicious guest trigger VT-d faults
- */
 void pci_vtd_quirk(const struct pci_dev *pdev)
 {
     int seg = pdev->seg;
@@ -402,10 +396,20 @@ void pci_vtd_quirk(const struct pci_dev 
 
     switch ( pci_conf_read16(seg, bus, dev, func, PCI_DEVICE_ID) )
     {
+    /*
+     * Mask reporting Intel VT-d faults to IOH core logic:
+     *   - Some platform escalates VT-d faults to platform errors.
+     *   - This can cause system failure upon non-fatal VT-d faults.
+     *   - Potential security issue if malicious guest trigger VT-d faults.
+     */
+    case 0x0e28: /* Xeon-E5v2 (IvyBridge) */
     case 0x342e: /* Tylersburg chipset (Nehalem / Westmere systems) */
+    case 0x3728: /* Xeon C5500/C3500 (JasperForest) */
     case 0x3c28: /* Sandybridge */
         val = pci_conf_read32(seg, bus, dev, func, 0x1AC);
         pci_conf_write32(seg, bus, dev, func, 0x1AC, val | (1 << 31));
+        printk(XENLOG_INFO "Masked VT-d error signaling on %04x:%02x:%02x.%u\n",
+               seg, bus, dev, func);
         break;
 
     /* Tylersburg (EP)/Boxboro (MP) chipsets (NHM-EP/EX, WSM-EP/EX) */






_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel

--------------010200020307030204080906-- --===============4226489619263476673== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel --===============4226489619263476673==--