diff options
| author | Boris Ostrovsky <boris.ostrovsky@amd.com> | 2013-02-05 15:36:34 +0100 |
|---|---|---|
| committer | Boris Ostrovsky <boris.ostrovsky@amd.com> | 2013-02-05 15:36:34 +0100 |
| commit | 7cf945cff33f605578ebcfcc6da2712c87d7fdba (patch) | |
| tree | 206a8122c40ba815c97427eba5ef54fd8742891f | |
| parent | e73a029ad25ebc27e5b15492bbceaf7f65861618 (diff) | |
| download | xen-7cf945cff33f605578ebcfcc6da2712c87d7fdba.tar.gz xen-7cf945cff33f605578ebcfcc6da2712c87d7fdba.tar.bz2 xen-7cf945cff33f605578ebcfcc6da2712c87d7fdba.zip | |
AMD,IOMMU: Make per-device interrupt remapping table default
Using global interrupt remapping table may be insecure, as
described by XSA-36. This patch makes per-device mode default.
This is XSA-36 / CVE-2013-0153.
Signed-off-by: Boris Ostrovsky <boris.ostrovsky@amd.com>
Moved warning in amd_iov_detect() to location covering all cases.
Signed-off-by: Jan Beulich <jbeulich@suse.com>
xen-unstable changeset: 26519:1af531e7bc2f
xen-unstable date: Tue Feb 5 14:22:11 UTC 2013
| -rw-r--r-- | xen/arch/x86/irq.c | 3 | ||||
| -rw-r--r-- | xen/drivers/passthrough/amd/pci_amd_iommu.c | 2 | ||||
| -rw-r--r-- | xen/drivers/passthrough/iommu.c | 4 |
3 files changed, 5 insertions, 4 deletions
diff --git a/xen/arch/x86/irq.c b/xen/arch/x86/irq.c index 5afa90b02e..3f6b6a72d5 100644 --- a/xen/arch/x86/irq.c +++ b/xen/arch/x86/irq.c @@ -1677,9 +1677,6 @@ int map_domain_pirq( d->arch.pirq_irq[pirq] = irq; d->arch.irq_pirq[irq] = pirq; spin_unlock_irqrestore(&desc->lock, flags); - - if ( opt_irq_vector_map == OPT_IRQ_VECTOR_MAP_PERDEV ) - printk(XENLOG_INFO "Per-device vector maps for GSIs not implemented yet.\n"); } done: diff --git a/xen/drivers/passthrough/amd/pci_amd_iommu.c b/xen/drivers/passthrough/amd/pci_amd_iommu.c index 676b8333d5..ccb39eae3b 100644 --- a/xen/drivers/passthrough/amd/pci_amd_iommu.c +++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c @@ -195,6 +195,8 @@ int __init amd_iov_detect(void) { printk("AMD-Vi: Not overriding irq_vector_map setting\n"); } + if ( !amd_iommu_perdev_intremap ) + printk(XENLOG_WARNING "AMD-Vi: Using global interrupt remap table is not recommended (see XSA-36)!\n"); return scan_pci_devices(); } diff --git a/xen/drivers/passthrough/iommu.c b/xen/drivers/passthrough/iommu.c index 9ac0d4e081..456014af95 100644 --- a/xen/drivers/passthrough/iommu.c +++ b/xen/drivers/passthrough/iommu.c @@ -49,7 +49,7 @@ bool_t __read_mostly iommu_qinval = 1; bool_t __read_mostly iommu_intremap = 1; bool_t __read_mostly iommu_hap_pt_share; bool_t __read_mostly amd_iommu_debug; -bool_t __read_mostly amd_iommu_perdev_intremap; +bool_t __read_mostly amd_iommu_perdev_intremap = 1; static void __init parse_iommu_param(char *s) { @@ -78,6 +78,8 @@ static void __init parse_iommu_param(char *s) amd_iommu_debug = 1; else if ( !strcmp(s, "amd-iommu-perdev-intremap") ) amd_iommu_perdev_intremap = 1; + else if ( !strcmp(s, "amd-iommu-global-intremap") ) + amd_iommu_perdev_intremap = 0; else if ( !strcmp(s, "dom0-passthrough") ) iommu_passthrough = 1; else if ( !strcmp(s, "dom0-strict") ) |