VT-d: warn about Compatibility Format Interrupts being enabled by firmware ... as being insecure. Signed-off-by: Jan Beulich --- a/xen/drivers/passthrough/vtd/intremap.c +++ b/xen/drivers/passthrough/vtd/intremap.c @@ -712,8 +712,8 @@ int enable_intremap(struct iommu *iommu, if ( !platform_supports_intremap() ) { - dprintk(XENLOG_ERR VTDPREFIX, - "Platform firmware does not support interrupt remapping\n"); + printk(XENLOG_ERR VTDPREFIX + " Platform firmware does not support interrupt remapping\n"); return -EINVAL; } @@ -724,15 +724,19 @@ int enable_intremap(struct iommu *iommu, if ( (sts & DMA_GSTS_IRES) && ir_ctrl->iremap_maddr ) return 0; - sts = dmar_readl(iommu->reg, DMAR_GSTS_REG); if ( !(sts & DMA_GSTS_QIES) ) { - dprintk(XENLOG_ERR VTDPREFIX, - "Queued invalidation is not enabled, should not enable " - "interrupt remapping\n"); + printk(XENLOG_ERR VTDPREFIX + " Queued invalidation is not enabled on IOMMU #%u:" + " Should not enable interrupt remapping\n", iommu->index); return -EINVAL; } + if ( !eim && (sts & DMA_GSTS_CFIS) ) + printk(XENLOG_WARNING VTDPREFIX + " Compatibility Format Interrupts permitted on IOMMU #%u:" + " Device pass-through will be insecure\n", iommu->index); + if ( ir_ctrl->iremap_maddr == 0 ) { drhd = iommu_to_drhd(iommu);