diff options
author | Keir Fraser <keir.fraser@citrix.com> | 2008-08-06 09:37:53 +0100 |
---|---|---|
committer | Keir Fraser <keir.fraser@citrix.com> | 2008-08-06 09:37:53 +0100 |
commit | 3bd9f6c0a69caf3db838c37072fc4fd6b841ad4b (patch) | |
tree | 9d341eacfeb7ae862ea95b63130be84d7058034a | |
parent | 1aa11cfc4ffabcfca137ed0a0fb6f72d1614660f (diff) | |
download | xen-3bd9f6c0a69caf3db838c37072fc4fd6b841ad4b.tar.gz xen-3bd9f6c0a69caf3db838c37072fc4fd6b841ad4b.tar.bz2 xen-3bd9f6c0a69caf3db838c37072fc4fd6b841ad4b.zip |
vtd: Add 'force_iommu' option
For security reasons, add 'force_iommu' option to ensure that it
should not be possible under any conditions to boot Xen w/o VT-d being
enabled. This would only be specified by users that really want the
added security.
Signed-off-by: Weidong Han <weidong.han@intel.com>
-rw-r--r-- | xen/drivers/passthrough/iommu.c | 6 | ||||
-rw-r--r-- | xen/drivers/passthrough/vtd/dmar.c | 25 | ||||
-rw-r--r-- | xen/include/xen/iommu.h | 1 |
3 files changed, 29 insertions, 3 deletions
diff --git a/xen/drivers/passthrough/iommu.c b/xen/drivers/passthrough/iommu.c index 0a3fc48da9..a522b80221 100644 --- a/xen/drivers/passthrough/iommu.c +++ b/xen/drivers/passthrough/iommu.c @@ -30,6 +30,9 @@ boolean_param("iommu", iommu_enabled); int iommu_pv_enabled = 0; boolean_param("iommu_pv", iommu_pv_enabled); +int force_iommu = 0; +boolean_param("force_iommu", force_iommu); + int iommu_domain_init(struct domain *domain) { struct hvm_iommu *hd = domain_hvm_iommu(domain); @@ -215,6 +218,9 @@ static int iommu_setup(void) iommu_enabled = (rc == 0); out: + if ( force_iommu && !iommu_enabled ) + panic("IOMMU setup failed, crash Xen for security purpose!\n"); + if ( !iommu_enabled ) iommu_pv_enabled = 0; printk("I/O virtualisation %sabled\n", iommu_enabled ? "en" : "dis"); diff --git a/xen/drivers/passthrough/vtd/dmar.c b/xen/drivers/passthrough/vtd/dmar.c index 5be3246e71..43107b3ae3 100644 --- a/xen/drivers/passthrough/vtd/dmar.c +++ b/xen/drivers/passthrough/vtd/dmar.c @@ -427,6 +427,9 @@ static int __init acpi_parse_dmar(struct acpi_table_header *table) if ( !dmar->width ) { dprintk(XENLOG_WARNING VTDPREFIX, "Zero: Invalid DMAR width\n"); + if ( force_iommu ) + panic("acpi_parse_dmar: Invalid DMAR width," + " crash Xen for security purpose!\n"); return -EINVAL; } @@ -468,8 +471,15 @@ static int __init acpi_parse_dmar(struct acpi_table_header *table) if ( ret ) { - printk(XENLOG_WARNING "Failed to parse ACPI DMAR. Disabling VT-d.\n"); - disable_all_dmar_units(); + if ( force_iommu ) + panic("acpi_parse_dmar: Failed to parse ACPI DMAR," + " crash Xen for security purpose!\n"); + else + { + printk(XENLOG_WARNING + "Failed to parse ACPI DMAR. Disabling VT-d.\n"); + disable_all_dmar_units(); + } } return ret; @@ -480,10 +490,15 @@ int acpi_dmar_init(void) int rc; rc = -ENODEV; + if ( force_iommu ) + iommu_enabled = 1; + if ( !iommu_enabled ) goto fail; - acpi_table_parse(ACPI_SIG_DMAR, acpi_parse_dmar); + rc = acpi_table_parse(ACPI_SIG_DMAR, acpi_parse_dmar); + if ( rc ) + goto fail; rc = -ENODEV; if ( list_empty(&acpi_drhd_units) ) @@ -494,6 +509,10 @@ int acpi_dmar_init(void) return 0; fail: + if ( force_iommu ) + panic("acpi_dmar_init: acpi_dmar_init failed," + " crash Xen for security purpose!\n"); + vtd_enabled = 0; return -ENODEV; } diff --git a/xen/include/xen/iommu.h b/xen/include/xen/iommu.h index 20ba06062c..71204d56de 100644 --- a/xen/include/xen/iommu.h +++ b/xen/include/xen/iommu.h @@ -30,6 +30,7 @@ extern int vtd_enabled; extern int iommu_enabled; extern int iommu_pv_enabled; +extern int force_iommu; #define domain_hvm_iommu(d) (&d->arch.hvm_domain.hvm_iommu) #define domain_vmx_iommu(d) (&d->arch.hvm_domain.hvm_iommu.vmx_iommu) |