pool/xen
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
86425157d1
xen/537b5e50-VT-d-apply-quirks-at-device-setup-time-rather-than-only-at-boot.patch
Charles Arnold fb53ca5547 - bnc#879425: handle cache=unsafe from libvirt to disable flush in qdisk 
libxl.add-option-to-disable-disk-cache-flushes-in-qdisk.patch
  qemu-xen-upstream-qdisk-cache-unsafe.patch

- libxl: introduce an option for disabling the non-O_DIRECT workaround
  recognize direct-io-safe in domU.cfg diskspec
  libxl.introduce-an-option-to-disable-the-non-O_DIRECT-workaround.patch
  

- fate#316071: add discard support for file backed storage (qdisk)
  update patch to allow more values in overloaded ->readwrite member

- bnc#826717 - VUL-0: CVE-2013-3495: XSA-59: xen: Intel VT-d
  Interrupt Remapping engines can be evaded by native NMI interrupts 
  537b5e50-VT-d-apply-quirks-at-device-setup-time-rather-than-only-at-boot.patch
  537b5e79-VT-d-extend-error-report-masking-workaround-to-newer-chipsets.patch
- Upstream patches from Jan
  53709b77-Nested-VMX-load-current_vmcs-only-when-it-exists.patch
  53732f4f-x86-MCE-bypass-uninitialized-vcpu-in-vMCE-injection.patch
  537b5ede-move-domain-to-cpupool0-before-destroying-it.patch

- Update README.SuSE with information on the toolstack change

- fate#316071: add discard support for file backed storage (qdisk)
  update to recognize option discard/no-discard instead of discard=0,1
  to match upstream change

OBS-URL: https://build.opensuse.org/package/show/Virtualization/xen?expand=0&rev=316
2014-05-29 22:55:47 +00:00

84 lines
2.9 KiB
Diff
Raw Blame History

# Commit 5786718fbaafbe47d72cc1512cd93de79b8fc2fa
# Date 2014-05-20 15:53:20 +0200
# Author Jan Beulich <jbeulich@suse.com>
# Committer Jan Beulich <jbeulich@suse.com>
VT-d: apply quirks at device setup time rather than only at boot
Accessing extended config space may not be possible at boot time, e.g.
when the memory space used by MMCFG is reserved only via ACPI tables,
but not in the E820/UEFI memory maps (which we need Dom0 to tell us
about). Consequently the change here still leaves the issue unaddressed
for systems where the extended config space remains inaccessible (due
to firmware bugs, i.e. not properly reserving the address space of
those regions).
With the respective messages now potentially getting logged more than
once, we ought to consider whether we should issue them only if we in
fact were required to do any masking (i.e. if the relevant mask bits
weren't already set).
This is CVE-2013-3495 / XSA-59.
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Acked-by: Xiantao Zhang <xiantao.zhang@intel.com>
Acked-by: Yang Zhang <yang.z.zhang@intel.com>
--- a/xen/drivers/passthrough/vtd/extern.h
+++ b/xen/drivers/passthrough/vtd/extern.h
@@ -99,7 +99,7 @@ void platform_quirks_init(void);
void vtd_ops_preamble_quirk(struct iommu* iommu);
void vtd_ops_postamble_quirk(struct iommu* iommu);
void me_wifi_quirk(struct domain *domain, u8 bus, u8 devfn, int map);
-void pci_vtd_quirk(struct pci_dev *pdev);
+void pci_vtd_quirk(const struct pci_dev *);
int platform_supports_intremap(void);
int platform_supports_x2apic(void);
--- a/xen/drivers/passthrough/vtd/iommu.c
+++ b/xen/drivers/passthrough/vtd/iommu.c
@@ -1483,6 +1483,9 @@ static int domain_context_mapping(
break;
}
+ if ( !ret && devfn == pdev->devfn )
+ pci_vtd_quirk(pdev);
+
return ret;
}
@@ -1922,6 +1925,8 @@ static int intel_iommu_enable_device(str
struct acpi_drhd_unit *drhd = acpi_find_matched_drhd_unit(pdev);
int ret = drhd ? ats_device(pdev, drhd) : -ENODEV;
+ pci_vtd_quirk(pdev);
+
if ( ret <= 0 )
return ret;
@@ -1993,12 +1998,7 @@ static int intel_iommu_remove_device(u8
static int __init setup_dom0_device(u8 devfn, struct pci_dev *pdev)
{
- int err;
-
- err = domain_context_mapping(pdev->domain, devfn, pdev);
- if ( !err && devfn == pdev->devfn )
- pci_vtd_quirk(pdev);
- return err;
+ return domain_context_mapping(pdev->domain, devfn, pdev);
}
void clear_fault_bits(struct iommu *iommu)
--- a/xen/drivers/passthrough/vtd/quirks.c
+++ b/xen/drivers/passthrough/vtd/quirks.c
@@ -385,7 +385,7 @@ void me_wifi_quirk(struct domain *domain
* - This can cause system failure upon non-fatal VT-d faults
* - Potential security issue if malicious guest trigger VT-d faults
*/
-void __init pci_vtd_quirk(struct pci_dev *pdev)
+void pci_vtd_quirk(const struct pci_dev *pdev)
{
int seg = pdev->seg;
int bus = pdev->bus;
Reference in New Issue View Git Blame Copy Permalink