# HG changeset patch
# User Keir Fraser <keir.fraser@xxxxxxxxxx>
# Date 1218011873 -3600
# Node ID dafe50692c77bec7362ee0f9ebee1d6ee417e4b4
# Parent 172fa773c5ef7bad5c46821a4859e763c1d12de9
vtd: Add 'force_iommu' option
For security reasons, add 'force_iommu' option to ensure that it
should not be possible under any conditions to boot Xen w/o VT-d being
enabled. This would only be specified by users that really want the
added security.
Signed-off-by: Weidong Han <weidong.han@xxxxxxxxx>
---
xen/drivers/passthrough/iommu.c | 6 ++++++
xen/drivers/passthrough/vtd/dmar.c | 25 ++++++++++++++++++++++---
xen/include/xen/iommu.h | 1 +
3 files changed, 29 insertions(+), 3 deletions(-)
diff -r 172fa773c5ef -r dafe50692c77 xen/drivers/passthrough/iommu.c
--- a/xen/drivers/passthrough/iommu.c Wed Aug 06 09:37:01 2008 +0100
+++ b/xen/drivers/passthrough/iommu.c Wed Aug 06 09:37:53 2008 +0100
@@ -30,6 +30,9 @@ int iommu_pv_enabled = 0;
int iommu_pv_enabled = 0;
boolean_param("iommu_pv", iommu_pv_enabled);
+int force_iommu = 0;
+boolean_param("force_iommu", force_iommu);
+
int iommu_domain_init(struct domain *domain)
{
struct hvm_iommu *hd = domain_hvm_iommu(domain);
@@ -215,6 +218,9 @@ static int iommu_setup(void)
iommu_enabled = (rc == 0);
out:
+ if ( force_iommu && !iommu_enabled )
+ panic("IOMMU setup failed, crash Xen for security purpose!\n");
+
if ( !iommu_enabled )
iommu_pv_enabled = 0;
printk("I/O virtualisation %sabled\n", iommu_enabled ? "en" : "dis");
diff -r 172fa773c5ef -r dafe50692c77 xen/drivers/passthrough/vtd/dmar.c
--- a/xen/drivers/passthrough/vtd/dmar.c Wed Aug 06 09:37:01 2008 +0100
+++ b/xen/drivers/passthrough/vtd/dmar.c Wed Aug 06 09:37:53 2008 +0100
@@ -427,6 +427,9 @@ static int __init acpi_parse_dmar(struct
if ( !dmar->width )
{
dprintk(XENLOG_WARNING VTDPREFIX, "Zero: Invalid DMAR width\n");
+ if ( force_iommu )
+ panic("acpi_parse_dmar: Invalid DMAR width,"
+ " crash Xen for security purpose!\n");
return -EINVAL;
}
@@ -468,8 +471,15 @@ static int __init acpi_parse_dmar(struct
if ( ret )
{
- printk(XENLOG_WARNING "Failed to parse ACPI DMAR. Disabling VT-d.\n");
- disable_all_dmar_units();
+ if ( force_iommu )
+ panic("acpi_parse_dmar: Failed to parse ACPI DMAR,"
+ " crash Xen for security purpose!\n");
+ else
+ {
+ printk(XENLOG_WARNING
+ "Failed to parse ACPI DMAR. Disabling VT-d.\n");
+ disable_all_dmar_units();
+ }
}
return ret;
@@ -480,10 +490,15 @@ int acpi_dmar_init(void)
int rc;
rc = -ENODEV;
+ if ( force_iommu )
+ iommu_enabled = 1;
+
if ( !iommu_enabled )
goto fail;
- acpi_table_parse(ACPI_SIG_DMAR, acpi_parse_dmar);
+ rc = acpi_table_parse(ACPI_SIG_DMAR, acpi_parse_dmar);
+ if ( rc )
+ goto fail;
rc = -ENODEV;
if ( list_empty(&acpi_drhd_units) )
@@ -494,6 +509,10 @@ int acpi_dmar_init(void)
return 0;
fail:
+ if ( force_iommu )
+ panic("acpi_dmar_init: acpi_dmar_init failed,"
+ " crash Xen for security purpose!\n");
+
vtd_enabled = 0;
return -ENODEV;
}
diff -r 172fa773c5ef -r dafe50692c77 xen/include/xen/iommu.h
--- a/xen/include/xen/iommu.h Wed Aug 06 09:37:01 2008 +0100
+++ b/xen/include/xen/iommu.h Wed Aug 06 09:37:53 2008 +0100
@@ -30,6 +30,7 @@ extern int vtd_enabled;
extern int vtd_enabled;
extern int iommu_enabled;
extern int iommu_pv_enabled;
+extern int force_iommu;
#define domain_hvm_iommu(d) (&d->arch.hvm_domain.hvm_iommu)
#define domain_vmx_iommu(d) (&d->arch.hvm_domain.hvm_iommu.vmx_iommu)
_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog
|
Home