Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15:Update
xen.13143
xsa304-1.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File xsa304-1.patch of Package xen.13143
x86/vtd: Hide superpage support for SandyBridge IOMMUs Something causes SandyBridge IOMMUs to choke when sharing EPT pagetables, and an EPT superpage gets shattered. The root cause is still under investigation, but the end result is unusable in combination with CVE-2018-12207 protections. This is part of XSA-304 / CVE-2018-12207 Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> Reviewed-by: Jan Beulich <jbeulich@suse.com> --- a/xen/drivers/passthrough/vtd/extern.h +++ b/xen/drivers/passthrough/vtd/extern.h @@ -96,6 +96,8 @@ void vtd_ops_postamble_quirk(struct iomm int __must_check me_wifi_quirk(struct domain *domain, u8 bus, u8 devfn, int map); void pci_vtd_quirk(const struct pci_dev *); +void quirk_iommu_caps(struct iommu *iommu); + bool_t platform_supports_intremap(void); bool_t platform_supports_x2apic(void); --- a/xen/drivers/passthrough/vtd/iommu.c +++ b/xen/drivers/passthrough/vtd/iommu.c @@ -1205,6 +1205,8 @@ int __init iommu_alloc(struct acpi_drhd_ if ( !(iommu->cap + 1) || !(iommu->ecap + 1) ) return -ENODEV; + quirk_iommu_caps(iommu); + if ( cap_fault_reg_offset(iommu->cap) + cap_num_fault_regs(iommu->cap) * PRIMARY_FAULT_REG_LEN >= PAGE_SIZE || ecap_iotlb_offset(iommu->ecap) >= PAGE_SIZE ) --- a/xen/drivers/passthrough/vtd/quirks.c +++ b/xen/drivers/passthrough/vtd/quirks.c @@ -540,3 +540,30 @@ void pci_vtd_quirk(const struct pci_dev break; } } + +void __init quirk_iommu_caps(struct iommu *iommu) +{ + /* + * IOMMU Quirks: + * + * SandyBridge IOMMUs claim support for 2M and 1G superpages, but don't + * implement superpages internally. + * + * There are issues changing the walk length under in-flight DMA, which + * makes EPT/IOMMU sharing incompatible with the workaround for + * CVE-2018-12207 / XSA-304. Furthermore, performance numbers suggest + * using 4k mappings is faster than 2M mappings anyway. + * + * Hide the superpages capabilities in the IOMMU. This will prevent Xen + * from sharing the EPT and IOMMU pagetables. + * + * Detection of SandyBridge unfortunately has to be done by processor + * model because the client parts don't expose their IOMMUs as PCI devices + * we could match with a Device ID. + */ + if ( boot_cpu_data.x86_vendor == X86_VENDOR_INTEL && + boot_cpu_data.x86 == 6 && + (boot_cpu_data.x86_model == 0x2a || + boot_cpu_data.x86_model == 0x2d) ) + iommu->cap &= ~(0xful << 34); +}
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor