projects / xen.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: b02c5c8) | patch
AMD/IOMMU: correct device unity map handling
authorJan Beulich <jbeulich@suse.com>
Wed, 25 Aug 2021 12:15:11 +0000 (14:15 +0200)
committerJan Beulich <jbeulich@suse.com>
Wed, 25 Aug 2021 12:15:11 +0000 (14:15 +0200)
commit34750a3eb022462cdd1c36e8ef9049d3d73c824c
treee711f953a780a4e9f1f62a49c3f42454d2f3ced3tree | snapshot
parentb02c5c88982411be11e3413159862f255f1f39dccommit | diff
AMD/IOMMU: correct device unity map handling

Blindly assuming all addresses between any two such ranges, specified by
firmware in the ACPI tables, should also be unity-mapped can't be right.
Nor can it be correct to merge ranges with differing permissions. Track
ranges individually; don't merge at all, but check for overlaps instead.
This requires bubbling up error indicators, such that IOMMU init can be
failed when allocation of a new tracking struct wasn't possible, or an
overlap was detected.

At this occasion also stop ignoring
amd_iommu_reserve_domain_unity_map()'s return value.

This is part of XSA-378 / CVE-2021-28695.

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: George Dunlap <george.dunlap@citrix.com>
Reviewed-by: Paul Durrant <paul@xen.org>
xen/drivers/passthrough/amd/iommu.h diff | blob | history
xen/drivers/passthrough/amd/iommu_acpi.c diff | blob | history
xen/drivers/passthrough/amd/pci_amd_iommu.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.