diff options
author | Jan Beulich <jbeulich@suse.com> | 2012-08-20 08:46:47 +0200 |
---|---|---|
committer | Jan Beulich <jbeulich@suse.com> | 2012-08-20 08:46:47 +0200 |
commit | 0c7a69665110b2b35719f7c739aadab56eee84cb (patch) | |
tree | c4e4c825dad54ac4e0bb2320d5c38a11e8052b8c /xen/arch/x86/domain.c | |
parent | 798f90e005767407a97f68cf5b95168fb44a46b4 (diff) | |
download | xen-0c7a69665110b2b35719f7c739aadab56eee84cb.tar.gz xen-0c7a69665110b2b35719f7c739aadab56eee84cb.tar.bz2 xen-0c7a69665110b2b35719f7c739aadab56eee84cb.zip |
x86-64: refine the XSA-9 fix
Our product management wasn't happy with the "solution" for XSA-9, and
demanded that customer systems must continue to boot. Rather than
having our and perhaps other distros carry non-trivial patches, allow
for more fine grained control (panic on boot, deny guest creation, or
merely warn) by means of a single line change.
Also, as this was found to be a problem with remotely managed systems,
don't default to boot denial (just deny guest creation).
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Keir Fraser <keir@xen.org>
Diffstat (limited to 'xen/arch/x86/domain.c')
-rw-r--r-- | xen/arch/x86/domain.c | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c index 5bba4b9f5c..831cfa8ca1 100644 --- a/xen/arch/x86/domain.c +++ b/xen/arch/x86/domain.c @@ -55,6 +55,7 @@ #include <asm/traps.h> #include <asm/nmi.h> #include <asm/mce.h> +#include <asm/amd.h> #include <xen/numa.h> #include <xen/iommu.h> #ifdef CONFIG_COMPAT @@ -531,6 +532,20 @@ int arch_domain_create(struct domain *d, unsigned int domcr_flags) #else /* __x86_64__ */ + if ( d->domain_id && !is_idle_domain(d) && + cpu_has_amd_erratum(&boot_cpu_data, AMD_ERRATUM_121) ) + { + if ( !opt_allow_unsafe ) + { + printk(XENLOG_G_ERR "Xen does not allow DomU creation on this CPU" + " for security reasons.\n"); + return -EPERM; + } + printk(XENLOG_G_WARNING + "Dom%d may compromise security on this CPU.\n", + d->domain_id); + } + BUILD_BUG_ON(PDPT_L2_ENTRIES * sizeof(*d->arch.mm_perdomain_pt_pages) != PAGE_SIZE); pg = alloc_domheap_page(NULL, MEMF_node(domain_to_node(d))); |