[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[RFC 5/7] x86/iommu: the code addressing CVE-2011-1898 is VT-d specific

To: xen-devel@xxxxxxxxxxxxxxxxxxxx
From: Xenia Ragiadakou <burzalodowa@xxxxxxxxx>
Date: Mon, 19 Dec 2022 08:34:54 +0200
Cc: Jan Beulich <jbeulich@xxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>
Delivery-date: Mon, 19 Dec 2022 06:35:33 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

The variable untrusted_msi indicates whether the system is vulnerable to
CVE-2011-1898. This vulnerablity is VT-d specific.
Place the code that addresses the issue under CONFIG_INTEL_VTD.

No functional change intended.

Signed-off-by: Xenia Ragiadakou <burzalodowa@xxxxxxxxx>
---
 xen/arch/x86/include/asm/iommu.h | 2 ++
 xen/arch/x86/pv/hypercall.c      | 2 ++
 xen/arch/x86/x86_64/entry.S      | 2 ++
 3 files changed, 6 insertions(+)

diff --git a/xen/arch/x86/include/asm/iommu.h b/xen/arch/x86/include/asm/iommu.h
index fc0afe35bf..41bd1b9e05 100644
--- a/xen/arch/x86/include/asm/iommu.h
+++ b/xen/arch/x86/include/asm/iommu.h
@@ -127,7 +127,9 @@ int iommu_identity_mapping(struct domain *d, p2m_access_t 
p2ma,
                            unsigned int flag);
 void iommu_identity_map_teardown(struct domain *d);
 
+#ifdef CONFIG_INTEL_VTD
 extern bool untrusted_msi;
+#endif
 
 int pi_update_irte(const struct pi_desc *pi_desc, const struct pirq *pirq,
                    const uint8_t gvec);
diff --git a/xen/arch/x86/pv/hypercall.c b/xen/arch/x86/pv/hypercall.c
index 2eedfbfae8..0e1b03904c 100644
--- a/xen/arch/x86/pv/hypercall.c
+++ b/xen/arch/x86/pv/hypercall.c
@@ -193,8 +193,10 @@ void pv_ring1_init_hypercall_page(void *p)
 
 void do_entry_int82(struct cpu_user_regs *regs)
 {
+#ifdef CONFIG_INTEL_VTD
     if ( unlikely(untrusted_msi) )
         check_for_unexpected_msi((uint8_t)regs->entry_vector);
+#endif
 
     _pv_hypercall(regs, true /* compat */);
 }
diff --git a/xen/arch/x86/x86_64/entry.S b/xen/arch/x86/x86_64/entry.S
index ae01285181..2e06c0a6c1 100644
--- a/xen/arch/x86/x86_64/entry.S
+++ b/xen/arch/x86/x86_64/entry.S
@@ -406,11 +406,13 @@ ENTRY(int80_direct_trap)
 .Lint80_cr3_okay:
         sti
 
+#ifdef CONFIG_INTEL_VTD
         cmpb  $0,untrusted_msi(%rip)
 UNLIKELY_START(ne, msi_check)
         movl  $0x80,%edi
         call  check_for_unexpected_msi
 UNLIKELY_END(msi_check)
+#endif
 
         movq  STACK_CPUINFO_FIELD(current_vcpu)(%rbx), %rbx
 
-- 
2.37.2

Follow-Ups:
- Re: [RFC 5/7] x86/iommu: the code addressing CVE-2011-1898 is VT-d specific
  - From: Andrew Cooper

References:
- [RFC 0/7] Proposal to make x86 IOMMU driver support configurable
  - From: Xenia Ragiadakou

Prev by Date: [RFC 4/7] x86/acpi: separate AMD-Vi and VT-d specific functions
Next by Date: [RFC 6/7] x86/iommu: call pi_update_irte through an hvm_function callback
Previous by thread: Re: [RFC 4/7] x86/acpi: separate AMD-Vi and VT-d specific functions
Next by thread: Re: [RFC 5/7] x86/iommu: the code addressing CVE-2011-1898 is VT-d specific
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.