vt-d: [CVE-2011-1898] Ensure that "iommu=required" enables interrupt remapping.

Ensure that when Xen boots with "iommu=required" it will also insist
that interrupt remapping is supported and enabled.  It arranges that
booting with that option on vulnerable hardware will fail, rather than
appearing to succeed but actually being vulnerable to guests.

From: Allen Kay <allen.m.kay@intel.com>
Signed-off-by: Keir Fraser <keir@xen.org>

diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c
index aa3b34aa0aab5ef4040aeaef5e1a33d90b62c1be..cbeec5ce0bd7a00e15eac68f0d994fa0cfe2e1a8 100644 (file)
--- a/xen/drivers/passthrough/vtd/iommu.c
+++ b/xen/drivers/passthrough/vtd/iommu.c
@@ -1971,6 +1971,8 @@ static int init_vtd_hw(void)
                     "ioapic_to_iommu: ioapic 0x%x (id: 0x%x) is NULL! "
                     "Will not try to enable Interrupt Remapping.\n",
                     apic, IO_APIC_ID(apic));
+                if ( force_iommu )
+                    panic("intremap remapping failed to enable with iommu=required/force in grub\n");
                 break;
             }
         }
@@ -1984,6 +1986,9 @@ static int init_vtd_hw(void)
             {
                 dprintk(XENLOG_WARNING VTDPREFIX,
                         "Interrupt Remapping not enabled\n");
+
+                if ( force_iommu && platform_supports_intremap() )
+                    panic("intremap remapping failed to enable with iommu=required/force in grub\n");
                 break;
             }
         }