c27ed3a4ef
more alternative xend-domain-lock-sfex.patch - fate#311371 - Enhance yast to configure live migration for Xen and KVM add firewall service file for xen-tools - Add man page for xen-list utility updated xen-utils-0.1.tar.bz2 OBS-URL: https://build.opensuse.org/package/show/Virtualization/xen?expand=0&rev=126
39 lines
1.7 KiB
Diff
39 lines
1.7 KiB
Diff
# HG changeset patch
|
|
# User Keir Fraser <keir@xen.org>
|
|
# Date 1305214920 -3600
|
|
# Node ID 9751bc49639ec4e34837545cdc982d0768e46d94
|
|
# Parent cc91832a02c7cb6b09729ca8e9fc497e5cb2ba4d
|
|
vt-d: [CVE-2011-1898] Ensure that "iommu=required" enables interrupt remapping.
|
|
|
|
Ensure that when Xen boots with "iommu=required" it will also insist
|
|
that interrupt remapping is supported and enabled. It arranges that
|
|
booting with that option on vulnerable hardware will fail, rather than
|
|
appearing to succeed but actually being vulnerable to guests.
|
|
|
|
From: Allen Kay <allen.m.kay@intel.com>
|
|
Signed-off-by: Keir Fraser <keir@xen.org>
|
|
|
|
Index: xen-4.1.1-testing/xen/drivers/passthrough/vtd/iommu.c
|
|
===================================================================
|
|
--- xen-4.1.1-testing.orig/xen/drivers/passthrough/vtd/iommu.c
|
|
+++ xen-4.1.1-testing/xen/drivers/passthrough/vtd/iommu.c
|
|
@@ -1985,6 +1985,8 @@ static int init_vtd_hw(void)
|
|
"ioapic_to_iommu: ioapic 0x%x (id: 0x%x) is NULL! "
|
|
"Will not try to enable Interrupt Remapping.\n",
|
|
apic, IO_APIC_ID(apic));
|
|
+ if ( force_iommu )
|
|
+ panic("intremap remapping failed to enable with iommu=required/force in grub\n");
|
|
break;
|
|
}
|
|
}
|
|
@@ -1999,6 +2001,9 @@ static int init_vtd_hw(void)
|
|
iommu_intremap = 0;
|
|
dprintk(XENLOG_WARNING VTDPREFIX,
|
|
"Interrupt Remapping not enabled\n");
|
|
+
|
|
+ if ( force_iommu && platform_supports_intremap() )
|
|
+ panic("intremap remapping failed to enable with iommu=required/force in grub\n");
|
|
break;
|
|
}
|
|
}
|