xen-changelog

[Top] [All Lists]

[Xen-changelog] [xen-unstable] vt-d: [CVE-2011-1898] Ensure that "iommu=

from [Xen patchbot-unstable]

[Permanent Link][Original]

To:	xen-changelog@xxxxxxxxxxxxxxxxxxx
Subject:	[Xen-changelog] [xen-unstable] vt-d: [CVE-2011-1898] Ensure that "iommu=required" enables interrupt remapping.
From:	Xen patchbot-unstable <patchbot@xxxxxxx>
Date:	Sat, 14 May 2011 07:15:58 +0100
Delivery-date:	Fri, 13 May 2011 23:18:17 -0700
Envelope-to:	www-data@xxxxxxxxxxxxxxxxxxx
List-help:	<mailto:xen-changelog-request@lists.xensource.com?subject=help>
List-id:	BK change log <xen-changelog.lists.xensource.com>
List-post:	<mailto:xen-changelog@lists.xensource.com>
List-subscribe:	<http://lists.xensource.com/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=subscribe>
List-unsubscribe:	<http://lists.xensource.com/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=unsubscribe>
Reply-to:	xen-devel@xxxxxxxxxxxxxxxxxxx
Sender:	xen-changelog-bounces@xxxxxxxxxxxxxxxxxxx

# HG changeset patch
# User Keir Fraser <keir@xxxxxxx>
# Date 1305214920 -3600
# Node ID 9751bc49639ec4e34837545cdc982d0768e46d94
# Parent  cc91832a02c7cb6b09729ca8e9fc497e5cb2ba4d
vt-d: [CVE-2011-1898] Ensure that "iommu=required" enables interrupt remapping.

Ensure that when Xen boots with "iommu=required" it will also insist
that interrupt remapping is supported and enabled.  It arranges that
booting with that option on vulnerable hardware will fail, rather than
appearing to succeed but actually being vulnerable to guests.

From: Allen Kay <allen.m.kay@xxxxxxxxx>
Signed-off-by: Keir Fraser <keir@xxxxxxx>
---


diff -r cc91832a02c7 -r 9751bc49639e xen/drivers/passthrough/vtd/iommu.c
--- a/xen/drivers/passthrough/vtd/iommu.c       Thu May 12 16:39:31 2011 +0100
+++ b/xen/drivers/passthrough/vtd/iommu.c       Thu May 12 16:42:00 2011 +0100
@@ -1971,6 +1971,8 @@
                     "ioapic_to_iommu: ioapic 0x%x (id: 0x%x) is NULL! "
                     "Will not try to enable Interrupt Remapping.\n",
                     apic, IO_APIC_ID(apic));
+                if ( force_iommu )
+                    panic("intremap remapping failed to enable with 
iommu=required/force in grub\n");
                 break;
             }
         }
@@ -1984,6 +1986,9 @@
             {
                 dprintk(XENLOG_WARNING VTDPREFIX,
                         "Interrupt Remapping not enabled\n");
+
+                if ( force_iommu && platform_supports_intremap() )
+                    panic("intremap remapping failed to enable with 
iommu=required/force in grub\n");
                 break;
             }
         }

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
[Xen-changelog] [xen-unstable] vt-d: [CVE-2011-1898] Ensure that "iommu=required" enables interrupt remapping., Xen patchbot-unstable <=

Previous by Date:	[Xen-changelog] [xen-unstable] x86, vtd: [CVE-2011-1898] Protect against malicious MSIs from untrusted devices., Xen patchbot-unstable
Next by Date:	[Xen-changelog] [xen-unstable] x86: Check for valid pirq values in hvm_domain_use_pirq, Xen patchbot-unstable
Previous by Thread:	[Xen-changelog] [xen-unstable] x86, vtd: [CVE-2011-1898] Protect against malicious MSIs from untrusted devices., Xen patchbot-unstable
Next by Thread:	[Xen-changelog] [xen-unstable] x86: Check for valid pirq values in hvm_domain_use_pirq, Xen patchbot-unstable
Indexes:	[Date] [Thread] [Top] [All Lists]