|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-changelog] [xen-unstable] vt-d: [CVE-2011-1898] Ensure that "iommu=required" enables interrupt remapping.
# HG changeset patch
# User Keir Fraser <keir@xxxxxxx>
# Date 1305214920 -3600
# Node ID 9751bc49639ec4e34837545cdc982d0768e46d94
# Parent cc91832a02c7cb6b09729ca8e9fc497e5cb2ba4d
vt-d: [CVE-2011-1898] Ensure that "iommu=required" enables interrupt remapping.
Ensure that when Xen boots with "iommu=required" it will also insist
that interrupt remapping is supported and enabled. It arranges that
booting with that option on vulnerable hardware will fail, rather than
appearing to succeed but actually being vulnerable to guests.
From: Allen Kay <allen.m.kay@xxxxxxxxx>
Signed-off-by: Keir Fraser <keir@xxxxxxx>
---
diff -r cc91832a02c7 -r 9751bc49639e xen/drivers/passthrough/vtd/iommu.c
--- a/xen/drivers/passthrough/vtd/iommu.c Thu May 12 16:39:31 2011 +0100
+++ b/xen/drivers/passthrough/vtd/iommu.c Thu May 12 16:42:00 2011 +0100
@@ -1971,6 +1971,8 @@
"ioapic_to_iommu: ioapic 0x%x (id: 0x%x) is NULL! "
"Will not try to enable Interrupt Remapping.\n",
apic, IO_APIC_ID(apic));
+ if ( force_iommu )
+ panic("intremap remapping failed to enable with
iommu=required/force in grub\n");
break;
}
}
@@ -1984,6 +1986,9 @@
{
dprintk(XENLOG_WARNING VTDPREFIX,
"Interrupt Remapping not enabled\n");
+
+ if ( force_iommu && platform_supports_intremap() )
+ panic("intremap remapping failed to enable with
iommu=required/force in grub\n");
break;
}
}
_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |