Re: [PATCH 2/2] VT-d: extend error report masking workaround to newer chipsets

Re: [PATCH 2/2] VT-d: extend error report masking workaround to newer chipsets

[Zhang, Yang Z]

> Add two more PCI IDs to the set that has been taken care of with a different
> workaround long before XSA-59, and (for constency with the newer
> workarounds) log a message here too.
> 
> Also move the function wide comment to the cases it applies to; this should
> really have been done by d061d200 ("VT-d: suppress UR signaling for server
> chipsets").
> 
> This is CVE-2013-3495 / XSA-59.
> 
> Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>

Acked-by: Yang Zhang <yang.z.zhang@intel.com>

> 
> --- a/xen/drivers/passthrough/vtd/quirks.c
> +++ b/xen/drivers/passthrough/vtd/quirks.c
> @@ -379,12 +379,6 @@ void me_wifi_quirk(struct domain *domain
>      }
>  }
> 
> -/*
> - * Mask reporting Intel VT-d faults to IOH core logic:
> - *   - Some platform escalates VT-d faults to platform errors
> - *   - This can cause system failure upon non-fatal VT-d faults
> - *   - Potential security issue if malicious guest trigger VT-d faults
> - */
>  void pci_vtd_quirk(const struct pci_dev *pdev)  {
>      int seg = pdev->seg;
> @@ -402,10 +396,20 @@ void pci_vtd_quirk(const struct pci_dev
> 
>      switch ( pci_conf_read16(seg, bus, dev, func, PCI_DEVICE_ID) )
>      {
> +    /*
> +     * Mask reporting Intel VT-d faults to IOH core logic:
> +     *   - Some platform escalates VT-d faults to platform errors.
> +     *   - This can cause system failure upon non-fatal VT-d faults.
> +     *   - Potential security issue if malicious guest trigger VT-d faults.
> +     */
> +    case 0x0e28: /* Xeon-E5v2 (IvyBridge) */
>      case 0x342e: /* Tylersburg chipset (Nehalem / Westmere systems) */
> +    case 0x3728: /* Xeon C5500/C3500 (JasperForest) */
>      case 0x3c28: /* Sandybridge */
>          val = pci_conf_read32(seg, bus, dev, func, 0x1AC);
>          pci_conf_write32(seg, bus, dev, func, 0x1AC, val | (1 << 31));
> +        printk(XENLOG_INFO "Masked VT-d error signaling on
> %04x:%02x:%02x.%u\n",
> +               seg, bus, dev, func);
>          break;
> 
>      /* Tylersburg (EP)/Boxboro (MP) chipsets (NHM-EP/EX, WSM-EP/EX) */

Best regards
Yang

Re: [PATCH 2/2] VT-d: extend error report masking workaround to newer chipsets

[Zhang, Xiantao]

Thanks, Acked-by: Xiantao Zhang <xiantao.zhang@intel.com>
Xiantao.

> -----Original Message-----
> From: Jan Beulich [mailto:JBeulich@suse.com]
> Sent: Monday, April 28, 2014 4:02 PM
> To: xen-devel
> Cc: Dugger, Donald D; Zhang, Xiantao
> Subject: [PATCH 2/2] VT-d: extend error report masking workaround to newer
> chipsets
> 
> Add two more PCI IDs to the set that has been taken care of with a different
> workaround long before XSA-59, and (for constency with the newer
> workarounds) log a message here too.
> 
> Also move the function wide comment to the cases it applies to; this should
> really have been done by d061d200 ("VT-d: suppress UR signaling for server
> chipsets").
> 
> This is CVE-2013-3495 / XSA-59.
> 
> Signed-off-by: Jan Beulich <jbeulich@suse.com>
> 
> --- a/xen/drivers/passthrough/vtd/quirks.c
> +++ b/xen/drivers/passthrough/vtd/quirks.c
> @@ -379,12 +379,6 @@ void me_wifi_quirk(struct domain *domain
>      }
>  }
> 
> -/*
> - * Mask reporting Intel VT-d faults to IOH core logic:
> - *   - Some platform escalates VT-d faults to platform errors
> - *   - This can cause system failure upon non-fatal VT-d faults
> - *   - Potential security issue if malicious guest trigger VT-d faults
> - */
>  void pci_vtd_quirk(const struct pci_dev *pdev)  {
>      int seg = pdev->seg;
> @@ -402,10 +396,20 @@ void pci_vtd_quirk(const struct pci_dev
> 
>      switch ( pci_conf_read16(seg, bus, dev, func, PCI_DEVICE_ID) )
>      {
> +    /*
> +     * Mask reporting Intel VT-d faults to IOH core logic:
> +     *   - Some platform escalates VT-d faults to platform errors.
> +     *   - This can cause system failure upon non-fatal VT-d faults.
> +     *   - Potential security issue if malicious guest trigger VT-d faults.
> +     */
> +    case 0x0e28: /* Xeon-E5v2 (IvyBridge) */
>      case 0x342e: /* Tylersburg chipset (Nehalem / Westmere systems) */
> +    case 0x3728: /* Xeon C5500/C3500 (JasperForest) */
>      case 0x3c28: /* Sandybridge */
>          val = pci_conf_read32(seg, bus, dev, func, 0x1AC);
>          pci_conf_write32(seg, bus, dev, func, 0x1AC, val | (1 << 31));
> +        printk(XENLOG_INFO "Masked VT-d error signaling
> on %04x:%02x:%02x.%u\n",
> +               seg, bus, dev, func);
>          break;
> 
>      /* Tylersburg (EP)/Boxboro (MP) chipsets (NHM-EP/EX, WSM-EP/EX) */
> 
> 

Re: [PATCH 2/2] VT-d: extend error report masking workaround to newer chipsets

[Andrew Cooper]

On 28/04/14 10:56, Jan Beulich wrote:
>>>> On 28.04.14 at 11:34, <andrew.cooper3@citrix.com> wrote:
>> On 28/04/14 09:01, Jan Beulich wrote:
>>> Add two more PCI IDs to the set that has been taken care of with a
>>> different workaround long before XSA-59, and (for constency with the
>>> newer workarounds) log a message here too.
>>>
>>> Also move the function wide comment to the cases it applies to; this
>>> should really have been done by d061d200 ("VT-d: suppress UR signaling
>>> for server chipsets").
>>>
>>> This is CVE-2013-3495 / XSA-59.
>>>
>>> Signed-off-by: Jan Beulich <jbeulich@suse.com>
>> As before, this would probably be better being a conditional message.
> In any event I want this to be consistent, i.e. I'd want to keep this
> patch as is and put a third one playing with the verbosity on top.
>
> Jan
>

Agreed.  In which case contentwise Reviewed-by: Andrew Cooper
<andrew.cooper3@citrix.com>

Re: [PATCH 2/2] VT-d: extend error report masking workaround to newer chipsets

[Jan Beulich]

>>> On 28.04.14 at 11:34, <andrew.cooper3@citrix.com> wrote:
> On 28/04/14 09:01, Jan Beulich wrote:
>> Add two more PCI IDs to the set that has been taken care of with a
>> different workaround long before XSA-59, and (for constency with the
>> newer workarounds) log a message here too.
>>
>> Also move the function wide comment to the cases it applies to; this
>> should really have been done by d061d200 ("VT-d: suppress UR signaling
>> for server chipsets").
>>
>> This is CVE-2013-3495 / XSA-59.
>>
>> Signed-off-by: Jan Beulich <jbeulich@suse.com>
> 
> As before, this would probably be better being a conditional message.

In any event I want this to be consistent, i.e. I'd want to keep this
patch as is and put a third one playing with the verbosity on top.

Jan

Re: [PATCH 2/2] VT-d: extend error report masking workaround to newer chipsets

[Andrew Cooper]

[-- Attachment #1.1: Type: text/plain, Size: 2268 bytes --]

On 28/04/14 09:01, Jan Beulich wrote:
> Add two more PCI IDs to the set that has been taken care of with a
> different workaround long before XSA-59, and (for constency with the
> newer workarounds) log a message here too.
>
> Also move the function wide comment to the cases it applies to; this
> should really have been done by d061d200 ("VT-d: suppress UR signaling
> for server chipsets").
>
> This is CVE-2013-3495 / XSA-59.
>
> Signed-off-by: Jan Beulich <jbeulich@suse.com>

As before, this would probably be better being a conditional message.

~Andrew

>
> --- a/xen/drivers/passthrough/vtd/quirks.c
> +++ b/xen/drivers/passthrough/vtd/quirks.c
> @@ -379,12 +379,6 @@ void me_wifi_quirk(struct domain *domain
>      }
>  }
>  
> -/*
> - * Mask reporting Intel VT-d faults to IOH core logic:
> - *   - Some platform escalates VT-d faults to platform errors 
> - *   - This can cause system failure upon non-fatal VT-d faults
> - *   - Potential security issue if malicious guest trigger VT-d faults
> - */
>  void pci_vtd_quirk(const struct pci_dev *pdev)
>  {
>      int seg = pdev->seg;
> @@ -402,10 +396,20 @@ void pci_vtd_quirk(const struct pci_dev 
>  
>      switch ( pci_conf_read16(seg, bus, dev, func, PCI_DEVICE_ID) )
>      {
> +    /*
> +     * Mask reporting Intel VT-d faults to IOH core logic:
> +     *   - Some platform escalates VT-d faults to platform errors.
> +     *   - This can cause system failure upon non-fatal VT-d faults.
> +     *   - Potential security issue if malicious guest trigger VT-d faults.
> +     */
> +    case 0x0e28: /* Xeon-E5v2 (IvyBridge) */
>      case 0x342e: /* Tylersburg chipset (Nehalem / Westmere systems) */
> +    case 0x3728: /* Xeon C5500/C3500 (JasperForest) */
>      case 0x3c28: /* Sandybridge */
>          val = pci_conf_read32(seg, bus, dev, func, 0x1AC);
>          pci_conf_write32(seg, bus, dev, func, 0x1AC, val | (1 << 31));
> +        printk(XENLOG_INFO "Masked VT-d error signaling on %04x:%02x:%02x.%u\n",
> +               seg, bus, dev, func);
>          break;
>  
>      /* Tylersburg (EP)/Boxboro (MP) chipsets (NHM-EP/EX, WSM-EP/EX) */
>
>
>
>
>
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@lists.xen.org
> http://lists.xen.org/xen-devel


[-- Attachment #1.2: Type: text/html, Size: 3044 bytes --]

[-- Attachment #2: Type: text/plain, Size: 126 bytes --]

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel

[PATCH 2/2] VT-d: extend error report masking workaround to newer chipsets

[Jan Beulich]

[-- Attachment #1: Type: text/plain, Size: 1966 bytes --]

Add two more PCI IDs to the set that has been taken care of with a
different workaround long before XSA-59, and (for constency with the
newer workarounds) log a message here too.

Also move the function wide comment to the cases it applies to; this
should really have been done by d061d200 ("VT-d: suppress UR signaling
for server chipsets").

This is CVE-2013-3495 / XSA-59.

Signed-off-by: Jan Beulich <jbeulich@suse.com>

--- a/xen/drivers/passthrough/vtd/quirks.c
+++ b/xen/drivers/passthrough/vtd/quirks.c
@@ -379,12 +379,6 @@ void me_wifi_quirk(struct domain *domain
     }
 }
 
-/*
- * Mask reporting Intel VT-d faults to IOH core logic:
- *   - Some platform escalates VT-d faults to platform errors 
- *   - This can cause system failure upon non-fatal VT-d faults
- *   - Potential security issue if malicious guest trigger VT-d faults
- */
 void pci_vtd_quirk(const struct pci_dev *pdev)
 {
     int seg = pdev->seg;
@@ -402,10 +396,20 @@ void pci_vtd_quirk(const struct pci_dev 
 
     switch ( pci_conf_read16(seg, bus, dev, func, PCI_DEVICE_ID) )
     {
+    /*
+     * Mask reporting Intel VT-d faults to IOH core logic:
+     *   - Some platform escalates VT-d faults to platform errors.
+     *   - This can cause system failure upon non-fatal VT-d faults.
+     *   - Potential security issue if malicious guest trigger VT-d faults.
+     */
+    case 0x0e28: /* Xeon-E5v2 (IvyBridge) */
     case 0x342e: /* Tylersburg chipset (Nehalem / Westmere systems) */
+    case 0x3728: /* Xeon C5500/C3500 (JasperForest) */
     case 0x3c28: /* Sandybridge */
         val = pci_conf_read32(seg, bus, dev, func, 0x1AC);
         pci_conf_write32(seg, bus, dev, func, 0x1AC, val | (1 << 31));
+        printk(XENLOG_INFO "Masked VT-d error signaling on %04x:%02x:%02x.%u\n",
+               seg, bus, dev, func);
         break;
 
     /* Tylersburg (EP)/Boxboro (MP) chipsets (NHM-EP/EX, WSM-EP/EX) */




[-- Attachment #2: VT-d-mask-error-reporting.patch --]
[-- Type: text/plain, Size: 2026 bytes --]

VT-d: extend error report masking workaround to newer chipsets

Add two more PCI IDs to the set that has been taken care of with a
different workaround long before XSA-59, and (for constency with the
newer workarounds) log a message here too.

Also move the function wide comment to the cases it applies to; this
should really have been done by d061d200 ("VT-d: suppress UR signaling
for server chipsets").

This is CVE-2013-3495 / XSA-59.

Signed-off-by: Jan Beulich <jbeulich@suse.com>

--- a/xen/drivers/passthrough/vtd/quirks.c
+++ b/xen/drivers/passthrough/vtd/quirks.c
@@ -379,12 +379,6 @@ void me_wifi_quirk(struct domain *domain
     }
 }
 
-/*
- * Mask reporting Intel VT-d faults to IOH core logic:
- *   - Some platform escalates VT-d faults to platform errors 
- *   - This can cause system failure upon non-fatal VT-d faults
- *   - Potential security issue if malicious guest trigger VT-d faults
- */
 void pci_vtd_quirk(const struct pci_dev *pdev)
 {
     int seg = pdev->seg;
@@ -402,10 +396,20 @@ void pci_vtd_quirk(const struct pci_dev 
 
     switch ( pci_conf_read16(seg, bus, dev, func, PCI_DEVICE_ID) )
     {
+    /*
+     * Mask reporting Intel VT-d faults to IOH core logic:
+     *   - Some platform escalates VT-d faults to platform errors.
+     *   - This can cause system failure upon non-fatal VT-d faults.
+     *   - Potential security issue if malicious guest trigger VT-d faults.
+     */
+    case 0x0e28: /* Xeon-E5v2 (IvyBridge) */
     case 0x342e: /* Tylersburg chipset (Nehalem / Westmere systems) */
+    case 0x3728: /* Xeon C5500/C3500 (JasperForest) */
     case 0x3c28: /* Sandybridge */
         val = pci_conf_read32(seg, bus, dev, func, 0x1AC);
         pci_conf_write32(seg, bus, dev, func, 0x1AC, val | (1 << 31));
+        printk(XENLOG_INFO "Masked VT-d error signaling on %04x:%02x:%02x.%u\n",
+               seg, bus, dev, func);
         break;
 
     /* Tylersburg (EP)/Boxboro (MP) chipsets (NHM-EP/EX, WSM-EP/EX) */

[-- Attachment #3: Type: text/plain, Size: 126 bytes --]

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel