diff options
| author | Boris Ostrovsky <boris.ostrovsky@amd.com> | 2013-02-05 15:22:11 +0100 |
|---|---|---|
| committer | Boris Ostrovsky <boris.ostrovsky@amd.com> | 2013-02-05 15:22:11 +0100 |
| commit | 668635a35e65e9d98618ea0225f56893dde9b6e1 (patch) | |
| tree | 52dad9e46933e27862cab9143418309661922795 | |
| parent | 2175710e8eee2db19c2653f4f748af15cbfcdcd7 (diff) | |
| download | xen-668635a35e65e9d98618ea0225f56893dde9b6e1.tar.gz xen-668635a35e65e9d98618ea0225f56893dde9b6e1.tar.bz2 xen-668635a35e65e9d98618ea0225f56893dde9b6e1.zip | |
AMD,IOMMU: Make per-device interrupt remapping table default
Using global interrupt remapping table may be insecure, as
described by XSA-36. This patch makes per-device mode default.
This is XSA-36 / CVE-2013-0153.
Signed-off-by: Boris Ostrovsky <boris.ostrovsky@amd.com>
Moved warning in amd_iov_detect() to location covering all cases.
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Committed-by: Jan Beulich <jbeulich@suse.com>
| -rw-r--r-- | xen/arch/x86/irq.c | 3 | ||||
| -rw-r--r-- | xen/drivers/passthrough/amd/pci_amd_iommu.c | 2 | ||||
| -rw-r--r-- | xen/drivers/passthrough/iommu.c | 2 |
3 files changed, 3 insertions, 4 deletions
diff --git a/xen/arch/x86/irq.c b/xen/arch/x86/irq.c index 068c5a0228..b98deb58f6 100644 --- a/xen/arch/x86/irq.c +++ b/xen/arch/x86/irq.c @@ -1942,9 +1942,6 @@ int map_domain_pirq( spin_lock_irqsave(&desc->lock, flags); set_domain_irq_pirq(d, irq, info); spin_unlock_irqrestore(&desc->lock, flags); - - if ( opt_irq_vector_map == OPT_IRQ_VECTOR_MAP_PERDEV ) - printk(XENLOG_INFO "Per-device vector maps for GSIs not implemented yet.\n"); } done: diff --git a/xen/drivers/passthrough/amd/pci_amd_iommu.c b/xen/drivers/passthrough/amd/pci_amd_iommu.c index 79699d3582..edf1b9f1f3 100644 --- a/xen/drivers/passthrough/amd/pci_amd_iommu.c +++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c @@ -208,6 +208,8 @@ int __init amd_iov_detect(void) { printk("AMD-Vi: Not overriding irq_vector_map setting\n"); } + if ( !amd_iommu_perdev_intremap ) + printk(XENLOG_WARNING "AMD-Vi: Using global interrupt remap table is not recommended (see XSA-36)!\n"); return scan_pci_devices(); } diff --git a/xen/drivers/passthrough/iommu.c b/xen/drivers/passthrough/iommu.c index 527e6e9751..69c3552309 100644 --- a/xen/drivers/passthrough/iommu.c +++ b/xen/drivers/passthrough/iommu.c @@ -53,7 +53,7 @@ bool_t __read_mostly iommu_qinval = 1; bool_t __read_mostly iommu_intremap = 1; bool_t __read_mostly iommu_hap_pt_share = 1; bool_t __read_mostly iommu_debug; -bool_t __read_mostly amd_iommu_perdev_intremap; +bool_t __read_mostly amd_iommu_perdev_intremap = 1; DEFINE_PER_CPU(bool_t, iommu_dont_flush_iotlb); |