# HG changeset patch
# User Keir Fraser <keir@xen.org>
# Date 1305214920 -3600
# Node ID 9751bc49639ec4e34837545cdc982d0768e46d94
# Parent  cc91832a02c7cb6b09729ca8e9fc497e5cb2ba4d
vt-d: [CVE-2011-1898] Ensure that "iommu=required" enables interrupt remapping.

Ensure that when Xen boots with "iommu=required" it will also insist
that interrupt remapping is supported and enabled.  It arranges that
booting with that option on vulnerable hardware will fail, rather than
appearing to succeed but actually being vulnerable to guests.

From: Allen Kay <allen.m.kay@intel.com>
Signed-off-by: Keir Fraser <keir@xen.org>

Index: xen-4.1.1-testing/xen/drivers/passthrough/vtd/iommu.c
===================================================================
--- xen-4.1.1-testing.orig/xen/drivers/passthrough/vtd/iommu.c
+++ xen-4.1.1-testing/xen/drivers/passthrough/vtd/iommu.c
@@ -1985,6 +1985,8 @@ static int init_vtd_hw(void)
                     "ioapic_to_iommu: ioapic 0x%x (id: 0x%x) is NULL! "
                     "Will not try to enable Interrupt Remapping.\n",
                     apic, IO_APIC_ID(apic));
+                if ( force_iommu )
+                    panic("intremap remapping failed to enable with iommu=required/force in grub\n");
                 break;
             }
         }
@@ -1999,6 +2001,9 @@ static int init_vtd_hw(void)
                 iommu_intremap = 0;
                 dprintk(XENLOG_WARNING VTDPREFIX,
                         "Interrupt Remapping not enabled\n");
+
+                if ( force_iommu && platform_supports_intremap() )
+                    panic("intremap remapping failed to enable with iommu=required/force in grub\n");
                 break;
             }
         }