[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-changelog] [xen-unstable] vt-d: [CVE-2011-1898] Ensure that "iommu=required" enables interrupt remapping.
# HG changeset patch # User Keir Fraser <keir@xxxxxxx> # Date 1305214920 -3600 # Node ID 9751bc49639ec4e34837545cdc982d0768e46d94 # Parent cc91832a02c7cb6b09729ca8e9fc497e5cb2ba4d vt-d: [CVE-2011-1898] Ensure that "iommu=required" enables interrupt remapping. Ensure that when Xen boots with "iommu=required" it will also insist that interrupt remapping is supported and enabled. It arranges that booting with that option on vulnerable hardware will fail, rather than appearing to succeed but actually being vulnerable to guests. From: Allen Kay <allen.m.kay@xxxxxxxxx> Signed-off-by: Keir Fraser <keir@xxxxxxx> --- diff -r cc91832a02c7 -r 9751bc49639e xen/drivers/passthrough/vtd/iommu.c --- a/xen/drivers/passthrough/vtd/iommu.c Thu May 12 16:39:31 2011 +0100 +++ b/xen/drivers/passthrough/vtd/iommu.c Thu May 12 16:42:00 2011 +0100 @@ -1971,6 +1971,8 @@ "ioapic_to_iommu: ioapic 0x%x (id: 0x%x) is NULL! " "Will not try to enable Interrupt Remapping.\n", apic, IO_APIC_ID(apic)); + if ( force_iommu ) + panic("intremap remapping failed to enable with iommu=required/force in grub\n"); break; } } @@ -1984,6 +1986,9 @@ { dprintk(XENLOG_WARNING VTDPREFIX, "Interrupt Remapping not enabled\n"); + + if ( force_iommu && platform_supports_intremap() ) + panic("intremap remapping failed to enable with iommu=required/force in grub\n"); break; } } _______________________________________________ Xen-changelog mailing list Xen-changelog@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-changelog
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |