[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-changelog] [xen stable-4.2] AMD/intremap: Prevent use of per-device vector maps until irq logic is fixed



commit 8109c123702e2387b0781f3feaa4b53744464009
Author:     Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
AuthorDate: Thu Jul 11 14:18:57 2013 +0200
Commit:     Jan Beulich <jbeulich@xxxxxxxx>
CommitDate: Thu Jul 11 14:18:57 2013 +0200

    AMD/intremap: Prevent use of per-device vector maps until irq logic is fixed
    
    XSA-36 changed the default vector map mode from global to per-device.  This 
is
    because a global vector map does not prevent one PCI device from 
impersonating
    another and launching a DoS on the system.
    
    However, the per-device vector map logic is broken for devices with multiple
    MSI-X vectors, which can either result in a failed ASSERT() or 
misprogramming
    of a guests interrupt remapping tables.  The core problem is not trivial to
    fix.
    
    In an effort to get AMD systems back to a non-regressed state, introduce a 
new
    type of vector map called per-device-global.  This uses per-device vector 
maps
    in the IOMMU, but uses a single used_vector map for the core IRQ logic.
    
    This patch is intended to be removed as soon as the per-device logic is 
fixed
    correctly.
    
    Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
    Acked-by: Suravee Suthikulpanit <suravee.suthikulpanit@xxxxxxx>
    master commit: f0fe8227624d5c02715ed086867d12cd24f6ff47
    master date: 2013-06-27 14:01:18 +0200
---
 xen/drivers/passthrough/amd/pci_amd_iommu.c |   19 +++++++++++++++++--
 1 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/xen/drivers/passthrough/amd/pci_amd_iommu.c 
b/xen/drivers/passthrough/amd/pci_amd_iommu.c
index 281a52b..c3cbf88 100644
--- a/xen/drivers/passthrough/amd/pci_amd_iommu.c
+++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c
@@ -192,8 +192,19 @@ int __init amd_iov_detect(void)
     {
         if ( amd_iommu_perdev_intremap )
         {
-            printk("AMD-Vi: Enabling per-device vector maps\n");
-            opt_irq_vector_map = OPT_IRQ_VECTOR_MAP_PERDEV;
+            /* Per-device vector map logic is broken for devices with multiple
+             * MSI-X interrupts (and would also be for multiple MSI, if Xen
+             * supported it).
+             *
+             * Until this is fixed, use global vector tables as far as the irq
+             * logic is concerned to avoid the buggy behaviour of per-device
+             * maps in map_domain_pirq(), and use per-device tables as far as
+             * intremap code is concerned to avoid the security issue.
+             */
+            printk(XENLOG_WARNING "AMD-Vi: per-device vector map logic is 
broken.  "
+                   "Using per-device-global maps instead until a fix is 
found.\n");
+
+            opt_irq_vector_map = OPT_IRQ_VECTOR_MAP_GLOBAL;
         }
         else
         {
@@ -204,6 +215,10 @@ int __init amd_iov_detect(void)
     else
     {
         printk("AMD-Vi: Not overriding irq_vector_map setting\n");
+
+        if ( opt_irq_vector_map != OPT_IRQ_VECTOR_MAP_GLOBAL )
+            printk(XENLOG_WARNING "AMD-Vi: per-device vector map logic is 
broken.  "
+                   "Use irq_vector_map=global to work around.\n");
     }
     if ( !amd_iommu_perdev_intremap )
         printk(XENLOG_WARNING "AMD-Vi: Using global interrupt remap table is 
not recommended (see XSA-36)!\n");
--
generated by git-patchbot for /home/xen/git/xen.git#stable-4.2

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.