Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Evergreen:Maintenance:114
xen.openSUSE_Evergreen_11.4
CVE-2013-0153-4
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2013-0153-4 of Package xen.openSUSE_Evergreen_11.4
AMD,IOMMU: Make per-device interrupt remapping table default Using global interrupt remapping table may be insecure, as described by XSA-36. This patch makes per-device mode default. This is XSA-36 / CVE-2013-0153. Signed-off-by: Boris Ostrovsky <boris.ostrovsky@amd.com> Moved warning in amd_iov_detect() to location covering all cases. Signed-off-by: Jan Beulich <jbeulich@suse.com> xen-unstable changeset: 26519:1af531e7bc2f xen-unstable date: Tue Feb 5 14:22:11 UTC 2013 --- a/xen/arch/x86/irq.c +++ b/xen/arch/x86/irq.c @@ -1614,9 +1614,6 @@ d->arch.pirq_irq[pirq] = irq; d->arch.irq_pirq[irq] = pirq; spin_unlock_irqrestore(&desc->lock, flags); - - if ( opt_irq_vector_map == OPT_IRQ_VECTOR_MAP_PERDEV ) - printk(XENLOG_INFO "Per-device vector maps for GSIs not implemented yet.\n"); } done: --- a/xen/drivers/passthrough/amd/pci_amd_iommu.c +++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c @@ -203,6 +203,8 @@ { printk("AMD-Vi: Not overriding irq_vector_map setting\n"); } + if ( !amd_iommu_perdev_intremap ) + printk(XENLOG_WARNING "AMD-Vi: Using global interrupt remap table is not recommended (see XSA-36)!\n"); return 0; } --- a/xen/drivers/passthrough/iommu.c +++ b/xen/drivers/passthrough/iommu.c @@ -48,7 +48,7 @@ bool_t __read_mostly iommu_qinval = 1; bool_t __read_mostly iommu_intremap = 1; bool_t __read_mostly amd_iommu_debug; -bool_t __read_mostly amd_iommu_perdev_intremap; +bool_t __read_mostly amd_iommu_perdev_intremap = 1; static void __init parse_iommu_param(char *s) { @@ -78,6 +78,8 @@ amd_iommu_debug = 1; else if ( !strcmp(s, "amd-iommu-perdev-intremap") ) amd_iommu_perdev_intremap = 1; + else if ( !strcmp(s, "amd-iommu-global-intremap") ) + amd_iommu_perdev_intremap = 0; else if ( !strcmp(s, "dom0-passthrough") ) iommu_passthrough = 1; else if ( !strcmp(s, "dom0-strict") )
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor