[Xen-changelog] [xen stable-4.1] AMD/intremap: Prevent use of per-device vector maps until irq logic is fixed

[patchbot@xxxxxxx]

commit 7f6ed24eb4b4b0ab29152bd7a315e5825c7ff791
Author:     Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
AuthorDate: Thu Jul 11 15:08:14 2013 +0200
Commit:     Jan Beulich <jbeulich@xxxxxxxx>
CommitDate: Thu Jul 11 15:08:14 2013 +0200

    AMD/intremap: Prevent use of per-device vector maps until irq logic is fixed
    
    XSA-36 changed the default vector map mode from global to per-device.  This 
is
    because a global vector map does not prevent one PCI device from 
impersonating
    another and launching a DoS on the system.
    
    However, the per-device vector map logic is broken for devices with multiple
    MSI-X vectors, which can either result in a failed ASSERT() or 
misprogramming
    of a guests interrupt remapping tables.  The core problem is not trivial to
    fix.
    
    In an effort to get AMD systems back to a non-regressed state, introduce a 
new
    type of vector map called per-device-global.  This uses per-device vector 
maps
    in the IOMMU, but uses a single used_vector map for the core IRQ logic.
    
    This patch is intended to be removed as soon as the per-device logic is 
fixed
    correctly.
    
    Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
    Acked-by: Suravee Suthikulpanit <suravee.suthikulpanit@xxxxxxx>
    master commit: f0fe8227624d5c02715ed086867d12cd24f6ff47
    master date: 2013-06-27 14:01:18 +0200
---
 xen/drivers/passthrough/amd/pci_amd_iommu.c |   19 +++++++++++++++++--
 1 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/xen/drivers/passthrough/amd/pci_amd_iommu.c 
b/xen/drivers/passthrough/amd/pci_amd_iommu.c
index 43175cd..7251796 100644
--- a/xen/drivers/passthrough/amd/pci_amd_iommu.c
+++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c
@@ -182,8 +182,19 @@ int __init amd_iov_detect(void)
     {
         if ( amd_iommu_perdev_intremap )
         {
-            printk("AMD-Vi: Enabling per-device vector maps\n");
-            opt_irq_vector_map = OPT_IRQ_VECTOR_MAP_PERDEV;
+            /* Per-device vector map logic is broken for devices with multiple
+             * MSI-X interrupts (and would also be for multiple MSI, if Xen
+             * supported it).
+             *
+             * Until this is fixed, use global vector tables as far as the irq
+             * logic is concerned to avoid the buggy behaviour of per-device
+             * maps in map_domain_pirq(), and use per-device tables as far as
+             * intremap code is concerned to avoid the security issue.
+             */
+            printk(XENLOG_WARNING "AMD-Vi: per-device vector map logic is 
broken.  "
+                   "Using per-device-global maps instead until a fix is 
found.\n");
+
+            opt_irq_vector_map = OPT_IRQ_VECTOR_MAP_GLOBAL;
         }
         else
         {
@@ -194,6 +205,10 @@ int __init amd_iov_detect(void)
     else
     {
         printk("AMD-Vi: Not overriding irq_vector_map setting\n");
+
+        if ( opt_irq_vector_map != OPT_IRQ_VECTOR_MAP_GLOBAL )
+            printk(XENLOG_WARNING "AMD-Vi: per-device vector map logic is 
broken.  "
+                   "Use irq_vector_map=global to work around.\n");
     }
     if ( !amd_iommu_perdev_intremap )
         printk(XENLOG_WARNING "AMD-Vi: Using global interrupt remap table is 
not recommended (see XSA-36)!\n");
--
generated by git-patchbot for /home/xen/git/xen.git#stable-4.1

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog