[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-changelog] [xen stable-4.4] VT-d: apply quirks at device setup time rather than only at boot



commit fe4e35806799348284c92eb3599df3146bca07b5
Author:     Jan Beulich <jbeulich@xxxxxxxx>
AuthorDate: Fri May 23 15:18:44 2014 +0200
Commit:     Jan Beulich <jbeulich@xxxxxxxx>
CommitDate: Fri May 23 15:18:44 2014 +0200

    VT-d: apply quirks at device setup time rather than only at boot
    
    Accessing extended config space may not be possible at boot time, e.g.
    when the memory space used by MMCFG is reserved only via ACPI tables,
    but not in the E820/UEFI memory maps (which we need Dom0 to tell us
    about). Consequently the change here still leaves the issue unaddressed
    for systems where the extended config space remains inaccessible (due
    to firmware bugs, i.e. not properly reserving the address space of
    those regions).
    
    With the respective messages now potentially getting logged more than
    once, we ought to consider whether we should issue them only if we in
    fact were required to do any masking (i.e. if the relevant mask bits
    weren't already set).
    
    This is CVE-2013-3495 / XSA-59.
    
    Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
    Reviewed-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
    Acked-by: Xiantao Zhang <xiantao.zhang@xxxxxxxxx>
    Acked-by: Yang Zhang <yang.z.zhang@xxxxxxxxx>
    master commit: 5786718fbaafbe47d72cc1512cd93de79b8fc2fa
    master date: 2014-05-20 15:53:20 +0200
---
 xen/drivers/passthrough/vtd/extern.h |    2 +-
 xen/drivers/passthrough/vtd/iommu.c  |   12 ++++++------
 xen/drivers/passthrough/vtd/quirks.c |    2 +-
 3 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/xen/drivers/passthrough/vtd/extern.h 
b/xen/drivers/passthrough/vtd/extern.h
index 14cd90e..afe7faf 100644
--- a/xen/drivers/passthrough/vtd/extern.h
+++ b/xen/drivers/passthrough/vtd/extern.h
@@ -99,7 +99,7 @@ void platform_quirks_init(void);
 void vtd_ops_preamble_quirk(struct iommu* iommu);
 void vtd_ops_postamble_quirk(struct iommu* iommu);
 void me_wifi_quirk(struct domain *domain, u8 bus, u8 devfn, int map);
-void pci_vtd_quirk(struct pci_dev *pdev);
+void pci_vtd_quirk(const struct pci_dev *);
 int platform_supports_intremap(void);
 int platform_supports_x2apic(void);
 
diff --git a/xen/drivers/passthrough/vtd/iommu.c 
b/xen/drivers/passthrough/vtd/iommu.c
index 3cce78c..c9f779f 100644
--- a/xen/drivers/passthrough/vtd/iommu.c
+++ b/xen/drivers/passthrough/vtd/iommu.c
@@ -1483,6 +1483,9 @@ static int domain_context_mapping(
         break;
     }
 
+    if ( !ret && devfn == pdev->devfn )
+        pci_vtd_quirk(pdev);
+
     return ret;
 }
 
@@ -1922,6 +1925,8 @@ static int intel_iommu_enable_device(struct pci_dev *pdev)
     struct acpi_drhd_unit *drhd = acpi_find_matched_drhd_unit(pdev);
     int ret = drhd ? ats_device(pdev, drhd) : -ENODEV;
 
+    pci_vtd_quirk(pdev);
+
     if ( ret <= 0 )
         return ret;
 
@@ -1993,12 +1998,7 @@ static int intel_iommu_remove_device(u8 devfn, struct 
pci_dev *pdev)
 
 static int __init setup_dom0_device(u8 devfn, struct pci_dev *pdev)
 {
-    int err;
-
-    err = domain_context_mapping(pdev->domain, devfn, pdev);
-    if ( !err && devfn == pdev->devfn )
-        pci_vtd_quirk(pdev);
-    return err;
+    return domain_context_mapping(pdev->domain, devfn, pdev);
 }
 
 void clear_fault_bits(struct iommu *iommu)
diff --git a/xen/drivers/passthrough/vtd/quirks.c 
b/xen/drivers/passthrough/vtd/quirks.c
index 2bbcc21..7cbe0ad 100644
--- a/xen/drivers/passthrough/vtd/quirks.c
+++ b/xen/drivers/passthrough/vtd/quirks.c
@@ -385,7 +385,7 @@ void me_wifi_quirk(struct domain *domain, u8 bus, u8 devfn, 
int map)
  *   - This can cause system failure upon non-fatal VT-d faults
  *   - Potential security issue if malicious guest trigger VT-d faults
  */
-void __init pci_vtd_quirk(struct pci_dev *pdev)
+void pci_vtd_quirk(const struct pci_dev *pdev)
 {
     int seg = pdev->seg;
     int bus = pdev->bus;
--
generated by git-patchbot for /home/xen/git/xen.git#stable-4.4

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.