xen/537b5e79-VT-d-extend-error-report-masking-workaround-to-newer-chipsets.patch

# Commit 04734664eb20c3bf239e473af182bb7ab901d779
# Date 2014-05-20 15:54:01 +0200
# Author Jan Beulich <jbeulich@suse.com>
# Committer Jan Beulich <jbeulich@suse.com>
VT-d: extend error report masking workaround to newer chipsets

Add two more PCI IDs to the set that has been taken care of with a
different workaround long before XSA-59, and (for constency with the
newer workarounds) log a message here too.

Also move the function wide comment to the cases it applies to; this
should really have been done by d061d200 ("VT-d: suppress UR signaling
for server chipsets").

This is CVE-2013-3495 / XSA-59.

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Acked-by: Xiantao Zhang <xiantao.zhang@intel.com>
Acked-by: Yang Zhang <yang.z.zhang@intel.com>

--- a/xen/drivers/passthrough/vtd/quirks.c
+++ b/xen/drivers/passthrough/vtd/quirks.c
@@ -379,12 +379,6 @@ void me_wifi_quirk(struct domain *domain
     }
 }
 
-/*
- * Mask reporting Intel VT-d faults to IOH core logic:
- *   - Some platform escalates VT-d faults to platform errors 
- *   - This can cause system failure upon non-fatal VT-d faults
- *   - Potential security issue if malicious guest trigger VT-d faults
- */
 void pci_vtd_quirk(const struct pci_dev *pdev)
 {
     int seg = pdev->seg;
@@ -402,10 +396,20 @@ void pci_vtd_quirk(const struct pci_dev 
 
     switch ( pci_conf_read16(seg, bus, dev, func, PCI_DEVICE_ID) )
     {
+    /*
+     * Mask reporting Intel VT-d faults to IOH core logic:
+     *   - Some platform escalates VT-d faults to platform errors.
+     *   - This can cause system failure upon non-fatal VT-d faults.
+     *   - Potential security issue if malicious guest trigger VT-d faults.
+     */
+    case 0x0e28: /* Xeon-E5v2 (IvyBridge) */
     case 0x342e: /* Tylersburg chipset (Nehalem / Westmere systems) */
+    case 0x3728: /* Xeon C5500/C3500 (JasperForest) */
     case 0x3c28: /* Sandybridge */
         val = pci_conf_read32(seg, bus, dev, func, 0x1AC);
         pci_conf_write32(seg, bus, dev, func, 0x1AC, val | (1 << 31));
+        printk(XENLOG_INFO "Masked VT-d error signaling on %04x:%02x:%02x.%u\n",
+               seg, bus, dev, func);
         break;
 
     /* Tylersburg (EP)/Boxboro (MP) chipsets (NHM-EP/EX, WSM-EP/EX) */
- bnc#879425: handle cache=unsafe from libvirt to disable flush in qdisk libxl.add-option-to-disable-disk-cache-flushes-in-qdisk.patch qemu-xen-upstream-qdisk-cache-unsafe.patch - libxl: introduce an option for disabling the non-O_DIRECT workaround recognize direct-io-safe in domU.cfg diskspec libxl.introduce-an-option-to-disable-the-non-O_DIRECT-workaround.patch - fate#316071: add discard support for file backed storage (qdisk) update patch to allow more values in overloaded ->readwrite member - bnc#826717 - VUL-0: CVE-2013-3495: XSA-59: xen: Intel VT-d Interrupt Remapping engines can be evaded by native NMI interrupts 537b5e50-VT-d-apply-quirks-at-device-setup-time-rather-than-only-at-boot.patch 537b5e79-VT-d-extend-error-report-masking-workaround-to-newer-chipsets.patch - Upstream patches from Jan 53709b77-Nested-VMX-load-current_vmcs-only-when-it-exists.patch 53732f4f-x86-MCE-bypass-uninitialized-vcpu-in-vMCE-injection.patch 537b5ede-move-domain-to-cpupool0-before-destroying-it.patch - Update README.SuSE with information on the toolstack change - fate#316071: add discard support for file backed storage (qdisk) update to recognize option discard/no-discard instead of discard=0,1 to match upstream change OBS-URL: https://build.opensuse.org/package/show/Virtualization/xen?expand=0&rev=316 2014-05-30 00:55:47 +02:00			`# Commit 04734664eb20c3bf239e473af182bb7ab901d779`
			`# Date 2014-05-20 15:54:01 +0200`
			`# Author Jan Beulich <jbeulich@suse.com>`
			`# Committer Jan Beulich <jbeulich@suse.com>`
			`VT-d: extend error report masking workaround to newer chipsets`

			`Add two more PCI IDs to the set that has been taken care of with a`
			`different workaround long before XSA-59, and (for constency with the`
			`newer workarounds) log a message here too.`

			`Also move the function wide comment to the cases it applies to; this`
			`should really have been done by d061d200 ("VT-d: suppress UR signaling`
			`for server chipsets").`

			`This is CVE-2013-3495 / XSA-59.`

			`Signed-off-by: Jan Beulich <jbeulich@suse.com>`
			`Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>`
			`Acked-by: Xiantao Zhang <xiantao.zhang@intel.com>`
			`Acked-by: Yang Zhang <yang.z.zhang@intel.com>`

			`--- a/xen/drivers/passthrough/vtd/quirks.c`
			`+++ b/xen/drivers/passthrough/vtd/quirks.c`
			`@@ -379,12 +379,6 @@ void me_wifi_quirk(struct domain *domain`
			`}`
			`}`

			`-/*`
			`- * Mask reporting Intel VT-d faults to IOH core logic:`
			`- * - Some platform escalates VT-d faults to platform errors`
			`- * - This can cause system failure upon non-fatal VT-d faults`
			`- * - Potential security issue if malicious guest trigger VT-d faults`
			`- */`
			`void pci_vtd_quirk(const struct pci_dev *pdev)`
			`{`
			`int seg = pdev->seg;`
			`@@ -402,10 +396,20 @@ void pci_vtd_quirk(const struct pci_dev`

			`switch ( pci_conf_read16(seg, bus, dev, func, PCI_DEVICE_ID) )`
			`{`
			`+ /*`
			`+ * Mask reporting Intel VT-d faults to IOH core logic:`
			`+ * - Some platform escalates VT-d faults to platform errors.`
			`+ * - This can cause system failure upon non-fatal VT-d faults.`
			`+ * - Potential security issue if malicious guest trigger VT-d faults.`
			`+ */`
			`+ case 0x0e28: /* Xeon-E5v2 (IvyBridge) */`
			`case 0x342e: /* Tylersburg chipset (Nehalem / Westmere systems) */`
			`+ case 0x3728: /* Xeon C5500/C3500 (JasperForest) */`
			`case 0x3c28: /* Sandybridge */`
			`val = pci_conf_read32(seg, bus, dev, func, 0x1AC);`
			`pci_conf_write32(seg, bus, dev, func, 0x1AC, val \| (1 << 31));`
			`+ printk(XENLOG_INFO "Masked VT-d error signaling on %04x:%02x:%02x.%u\n",`
			`+ seg, bus, dev, func);`
			`break;`

			`/* Tylersburg (EP)/Boxboro (MP) chipsets (NHM-EP/EX, WSM-EP/EX) */`