[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH 2/2] VT-d: extend error report masking workaround to newer chipsets


  • To: Jan Beulich <JBeulich@xxxxxxxx>, xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • From: "Zhang, Xiantao" <xiantao.zhang@xxxxxxxxx>
  • Date: Tue, 20 May 2014 00:47:05 +0000
  • Accept-language: en-US
  • Cc: "Dugger, Donald D" <donald.d.dugger@xxxxxxxxx>
  • Delivery-date: Tue, 20 May 2014 00:47:16 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xen.org>
  • Thread-index: AQHPYrg2crsM6tm5M0qXQq/8XujT4JtIxI7w
  • Thread-topic: [PATCH 2/2] VT-d: extend error report masking workaround to newer chipsets

Thanks, Acked-by: Xiantao Zhang <xiantao.zhang@xxxxxxxxx>
Xiantao.

> -----Original Message-----
> From: Jan Beulich [mailto:JBeulich@xxxxxxxx]
> Sent: Monday, April 28, 2014 4:02 PM
> To: xen-devel
> Cc: Dugger, Donald D; Zhang, Xiantao
> Subject: [PATCH 2/2] VT-d: extend error report masking workaround to newer
> chipsets
> 
> Add two more PCI IDs to the set that has been taken care of with a different
> workaround long before XSA-59, and (for constency with the newer
> workarounds) log a message here too.
> 
> Also move the function wide comment to the cases it applies to; this should
> really have been done by d061d200 ("VT-d: suppress UR signaling for server
> chipsets").
> 
> This is CVE-2013-3495 / XSA-59.
> 
> Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
> 
> --- a/xen/drivers/passthrough/vtd/quirks.c
> +++ b/xen/drivers/passthrough/vtd/quirks.c
> @@ -379,12 +379,6 @@ void me_wifi_quirk(struct domain *domain
>      }
>  }
> 
> -/*
> - * Mask reporting Intel VT-d faults to IOH core logic:
> - *   - Some platform escalates VT-d faults to platform errors
> - *   - This can cause system failure upon non-fatal VT-d faults
> - *   - Potential security issue if malicious guest trigger VT-d faults
> - */
>  void pci_vtd_quirk(const struct pci_dev *pdev)  {
>      int seg = pdev->seg;
> @@ -402,10 +396,20 @@ void pci_vtd_quirk(const struct pci_dev
> 
>      switch ( pci_conf_read16(seg, bus, dev, func, PCI_DEVICE_ID) )
>      {
> +    /*
> +     * Mask reporting Intel VT-d faults to IOH core logic:
> +     *   - Some platform escalates VT-d faults to platform errors.
> +     *   - This can cause system failure upon non-fatal VT-d faults.
> +     *   - Potential security issue if malicious guest trigger VT-d faults.
> +     */
> +    case 0x0e28: /* Xeon-E5v2 (IvyBridge) */
>      case 0x342e: /* Tylersburg chipset (Nehalem / Westmere systems) */
> +    case 0x3728: /* Xeon C5500/C3500 (JasperForest) */
>      case 0x3c28: /* Sandybridge */
>          val = pci_conf_read32(seg, bus, dev, func, 0x1AC);
>          pci_conf_write32(seg, bus, dev, func, 0x1AC, val | (1 << 31));
> +        printk(XENLOG_INFO "Masked VT-d error signaling
> on %04x:%02x:%02x.%u\n",
> +               seg, bus, dev, func);
>          break;
> 
>      /* Tylersburg (EP)/Boxboro (MP) chipsets (NHM-EP/EX, WSM-EP/EX) */
> 
> 


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.