* Re: [PATCH 2/2] VT-d: extend error report masking workaround to newer chipsets
[not found] <A9667DDFB95DB7438FA9D7D576C3D87E0AACE649@SHSMSX104.ccr.corp.intel.com>
@ 2014-05-20 13:39 ` Zhang, Yang Z
0 siblings, 0 replies; 6+ messages in thread
From: Zhang, Yang Z @ 2014-05-20 13:39 UTC (permalink / raw)
To: 'Jan Beulich (JBeulich@suse.com)', xen-devel
> Add two more PCI IDs to the set that has been taken care of with a different
> workaround long before XSA-59, and (for constency with the newer
> workarounds) log a message here too.
>
> Also move the function wide comment to the cases it applies to; this should
> really have been done by d061d200 ("VT-d: suppress UR signaling for server
> chipsets").
>
> This is CVE-2013-3495 / XSA-59.
>
> Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
Acked-by: Yang Zhang <yang.z.zhang@intel.com>
>
> --- a/xen/drivers/passthrough/vtd/quirks.c
> +++ b/xen/drivers/passthrough/vtd/quirks.c
> @@ -379,12 +379,6 @@ void me_wifi_quirk(struct domain *domain
> }
> }
>
> -/*
> - * Mask reporting Intel VT-d faults to IOH core logic:
> - * - Some platform escalates VT-d faults to platform errors
> - * - This can cause system failure upon non-fatal VT-d faults
> - * - Potential security issue if malicious guest trigger VT-d faults
> - */
> void pci_vtd_quirk(const struct pci_dev *pdev) {
> int seg = pdev->seg;
> @@ -402,10 +396,20 @@ void pci_vtd_quirk(const struct pci_dev
>
> switch ( pci_conf_read16(seg, bus, dev, func, PCI_DEVICE_ID) )
> {
> + /*
> + * Mask reporting Intel VT-d faults to IOH core logic:
> + * - Some platform escalates VT-d faults to platform errors.
> + * - This can cause system failure upon non-fatal VT-d faults.
> + * - Potential security issue if malicious guest trigger VT-d faults.
> + */
> + case 0x0e28: /* Xeon-E5v2 (IvyBridge) */
> case 0x342e: /* Tylersburg chipset (Nehalem / Westmere systems) */
> + case 0x3728: /* Xeon C5500/C3500 (JasperForest) */
> case 0x3c28: /* Sandybridge */
> val = pci_conf_read32(seg, bus, dev, func, 0x1AC);
> pci_conf_write32(seg, bus, dev, func, 0x1AC, val | (1 << 31));
> + printk(XENLOG_INFO "Masked VT-d error signaling on
> %04x:%02x:%02x.%u\n",
> + seg, bus, dev, func);
> break;
>
> /* Tylersburg (EP)/Boxboro (MP) chipsets (NHM-EP/EX, WSM-EP/EX) */
Best regards
Yang
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH 2/2] VT-d: extend error report masking workaround to newer chipsets
2014-04-28 8:01 ` [PATCH 2/2] VT-d: extend error report masking workaround to newer chipsets Jan Beulich
2014-04-28 9:34 ` Andrew Cooper
@ 2014-05-20 0:47 ` Zhang, Xiantao
1 sibling, 0 replies; 6+ messages in thread
From: Zhang, Xiantao @ 2014-05-20 0:47 UTC (permalink / raw)
To: Jan Beulich, xen-devel; +Cc: Dugger, Donald D
Thanks, Acked-by: Xiantao Zhang <xiantao.zhang@intel.com>
Xiantao.
> -----Original Message-----
> From: Jan Beulich [mailto:JBeulich@suse.com]
> Sent: Monday, April 28, 2014 4:02 PM
> To: xen-devel
> Cc: Dugger, Donald D; Zhang, Xiantao
> Subject: [PATCH 2/2] VT-d: extend error report masking workaround to newer
> chipsets
>
> Add two more PCI IDs to the set that has been taken care of with a different
> workaround long before XSA-59, and (for constency with the newer
> workarounds) log a message here too.
>
> Also move the function wide comment to the cases it applies to; this should
> really have been done by d061d200 ("VT-d: suppress UR signaling for server
> chipsets").
>
> This is CVE-2013-3495 / XSA-59.
>
> Signed-off-by: Jan Beulich <jbeulich@suse.com>
>
> --- a/xen/drivers/passthrough/vtd/quirks.c
> +++ b/xen/drivers/passthrough/vtd/quirks.c
> @@ -379,12 +379,6 @@ void me_wifi_quirk(struct domain *domain
> }
> }
>
> -/*
> - * Mask reporting Intel VT-d faults to IOH core logic:
> - * - Some platform escalates VT-d faults to platform errors
> - * - This can cause system failure upon non-fatal VT-d faults
> - * - Potential security issue if malicious guest trigger VT-d faults
> - */
> void pci_vtd_quirk(const struct pci_dev *pdev) {
> int seg = pdev->seg;
> @@ -402,10 +396,20 @@ void pci_vtd_quirk(const struct pci_dev
>
> switch ( pci_conf_read16(seg, bus, dev, func, PCI_DEVICE_ID) )
> {
> + /*
> + * Mask reporting Intel VT-d faults to IOH core logic:
> + * - Some platform escalates VT-d faults to platform errors.
> + * - This can cause system failure upon non-fatal VT-d faults.
> + * - Potential security issue if malicious guest trigger VT-d faults.
> + */
> + case 0x0e28: /* Xeon-E5v2 (IvyBridge) */
> case 0x342e: /* Tylersburg chipset (Nehalem / Westmere systems) */
> + case 0x3728: /* Xeon C5500/C3500 (JasperForest) */
> case 0x3c28: /* Sandybridge */
> val = pci_conf_read32(seg, bus, dev, func, 0x1AC);
> pci_conf_write32(seg, bus, dev, func, 0x1AC, val | (1 << 31));
> + printk(XENLOG_INFO "Masked VT-d error signaling
> on %04x:%02x:%02x.%u\n",
> + seg, bus, dev, func);
> break;
>
> /* Tylersburg (EP)/Boxboro (MP) chipsets (NHM-EP/EX, WSM-EP/EX) */
>
>
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH 2/2] VT-d: extend error report masking workaround to newer chipsets
2014-04-28 9:56 ` Jan Beulich
@ 2014-04-28 9:57 ` Andrew Cooper
0 siblings, 0 replies; 6+ messages in thread
From: Andrew Cooper @ 2014-04-28 9:57 UTC (permalink / raw)
To: Jan Beulich; +Cc: xen-devel, xiantao.zhang, Donald D Dugger
On 28/04/14 10:56, Jan Beulich wrote:
>>>> On 28.04.14 at 11:34, <andrew.cooper3@citrix.com> wrote:
>> On 28/04/14 09:01, Jan Beulich wrote:
>>> Add two more PCI IDs to the set that has been taken care of with a
>>> different workaround long before XSA-59, and (for constency with the
>>> newer workarounds) log a message here too.
>>>
>>> Also move the function wide comment to the cases it applies to; this
>>> should really have been done by d061d200 ("VT-d: suppress UR signaling
>>> for server chipsets").
>>>
>>> This is CVE-2013-3495 / XSA-59.
>>>
>>> Signed-off-by: Jan Beulich <jbeulich@suse.com>
>> As before, this would probably be better being a conditional message.
> In any event I want this to be consistent, i.e. I'd want to keep this
> patch as is and put a third one playing with the verbosity on top.
>
> Jan
>
Agreed. In which case contentwise Reviewed-by: Andrew Cooper
<andrew.cooper3@citrix.com>
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH 2/2] VT-d: extend error report masking workaround to newer chipsets
2014-04-28 9:34 ` Andrew Cooper
@ 2014-04-28 9:56 ` Jan Beulich
2014-04-28 9:57 ` Andrew Cooper
0 siblings, 1 reply; 6+ messages in thread
From: Jan Beulich @ 2014-04-28 9:56 UTC (permalink / raw)
To: Andrew Cooper; +Cc: xen-devel, xiantao.zhang, Donald D Dugger
>>> On 28.04.14 at 11:34, <andrew.cooper3@citrix.com> wrote:
> On 28/04/14 09:01, Jan Beulich wrote:
>> Add two more PCI IDs to the set that has been taken care of with a
>> different workaround long before XSA-59, and (for constency with the
>> newer workarounds) log a message here too.
>>
>> Also move the function wide comment to the cases it applies to; this
>> should really have been done by d061d200 ("VT-d: suppress UR signaling
>> for server chipsets").
>>
>> This is CVE-2013-3495 / XSA-59.
>>
>> Signed-off-by: Jan Beulich <jbeulich@suse.com>
>
> As before, this would probably be better being a conditional message.
In any event I want this to be consistent, i.e. I'd want to keep this
patch as is and put a third one playing with the verbosity on top.
Jan
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH 2/2] VT-d: extend error report masking workaround to newer chipsets
2014-04-28 8:01 ` [PATCH 2/2] VT-d: extend error report masking workaround to newer chipsets Jan Beulich
@ 2014-04-28 9:34 ` Andrew Cooper
2014-04-28 9:56 ` Jan Beulich
2014-05-20 0:47 ` Zhang, Xiantao
1 sibling, 1 reply; 6+ messages in thread
From: Andrew Cooper @ 2014-04-28 9:34 UTC (permalink / raw)
To: Jan Beulich; +Cc: xen-devel, Donald D Dugger, xiantao.zhang
[-- Attachment #1.1: Type: text/plain, Size: 2268 bytes --]
On 28/04/14 09:01, Jan Beulich wrote:
> Add two more PCI IDs to the set that has been taken care of with a
> different workaround long before XSA-59, and (for constency with the
> newer workarounds) log a message here too.
>
> Also move the function wide comment to the cases it applies to; this
> should really have been done by d061d200 ("VT-d: suppress UR signaling
> for server chipsets").
>
> This is CVE-2013-3495 / XSA-59.
>
> Signed-off-by: Jan Beulich <jbeulich@suse.com>
As before, this would probably be better being a conditional message.
~Andrew
>
> --- a/xen/drivers/passthrough/vtd/quirks.c
> +++ b/xen/drivers/passthrough/vtd/quirks.c
> @@ -379,12 +379,6 @@ void me_wifi_quirk(struct domain *domain
> }
> }
>
> -/*
> - * Mask reporting Intel VT-d faults to IOH core logic:
> - * - Some platform escalates VT-d faults to platform errors
> - * - This can cause system failure upon non-fatal VT-d faults
> - * - Potential security issue if malicious guest trigger VT-d faults
> - */
> void pci_vtd_quirk(const struct pci_dev *pdev)
> {
> int seg = pdev->seg;
> @@ -402,10 +396,20 @@ void pci_vtd_quirk(const struct pci_dev
>
> switch ( pci_conf_read16(seg, bus, dev, func, PCI_DEVICE_ID) )
> {
> + /*
> + * Mask reporting Intel VT-d faults to IOH core logic:
> + * - Some platform escalates VT-d faults to platform errors.
> + * - This can cause system failure upon non-fatal VT-d faults.
> + * - Potential security issue if malicious guest trigger VT-d faults.
> + */
> + case 0x0e28: /* Xeon-E5v2 (IvyBridge) */
> case 0x342e: /* Tylersburg chipset (Nehalem / Westmere systems) */
> + case 0x3728: /* Xeon C5500/C3500 (JasperForest) */
> case 0x3c28: /* Sandybridge */
> val = pci_conf_read32(seg, bus, dev, func, 0x1AC);
> pci_conf_write32(seg, bus, dev, func, 0x1AC, val | (1 << 31));
> + printk(XENLOG_INFO "Masked VT-d error signaling on %04x:%02x:%02x.%u\n",
> + seg, bus, dev, func);
> break;
>
> /* Tylersburg (EP)/Boxboro (MP) chipsets (NHM-EP/EX, WSM-EP/EX) */
>
>
>
>
>
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@lists.xen.org
> http://lists.xen.org/xen-devel
[-- Attachment #1.2: Type: text/html, Size: 3044 bytes --]
[-- Attachment #2: Type: text/plain, Size: 126 bytes --]
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] 6+ messages in thread
* [PATCH 2/2] VT-d: extend error report masking workaround to newer chipsets
2014-04-28 7:54 [PATCH 0/2] VT-d: further XSA-59 workaround adjustments Jan Beulich
@ 2014-04-28 8:01 ` Jan Beulich
2014-04-28 9:34 ` Andrew Cooper
2014-05-20 0:47 ` Zhang, Xiantao
0 siblings, 2 replies; 6+ messages in thread
From: Jan Beulich @ 2014-04-28 8:01 UTC (permalink / raw)
To: xen-devel; +Cc: xiantao.zhang, Donald D Dugger
[-- Attachment #1: Type: text/plain, Size: 1966 bytes --]
Add two more PCI IDs to the set that has been taken care of with a
different workaround long before XSA-59, and (for constency with the
newer workarounds) log a message here too.
Also move the function wide comment to the cases it applies to; this
should really have been done by d061d200 ("VT-d: suppress UR signaling
for server chipsets").
This is CVE-2013-3495 / XSA-59.
Signed-off-by: Jan Beulich <jbeulich@suse.com>
--- a/xen/drivers/passthrough/vtd/quirks.c
+++ b/xen/drivers/passthrough/vtd/quirks.c
@@ -379,12 +379,6 @@ void me_wifi_quirk(struct domain *domain
}
}
-/*
- * Mask reporting Intel VT-d faults to IOH core logic:
- * - Some platform escalates VT-d faults to platform errors
- * - This can cause system failure upon non-fatal VT-d faults
- * - Potential security issue if malicious guest trigger VT-d faults
- */
void pci_vtd_quirk(const struct pci_dev *pdev)
{
int seg = pdev->seg;
@@ -402,10 +396,20 @@ void pci_vtd_quirk(const struct pci_dev
switch ( pci_conf_read16(seg, bus, dev, func, PCI_DEVICE_ID) )
{
+ /*
+ * Mask reporting Intel VT-d faults to IOH core logic:
+ * - Some platform escalates VT-d faults to platform errors.
+ * - This can cause system failure upon non-fatal VT-d faults.
+ * - Potential security issue if malicious guest trigger VT-d faults.
+ */
+ case 0x0e28: /* Xeon-E5v2 (IvyBridge) */
case 0x342e: /* Tylersburg chipset (Nehalem / Westmere systems) */
+ case 0x3728: /* Xeon C5500/C3500 (JasperForest) */
case 0x3c28: /* Sandybridge */
val = pci_conf_read32(seg, bus, dev, func, 0x1AC);
pci_conf_write32(seg, bus, dev, func, 0x1AC, val | (1 << 31));
+ printk(XENLOG_INFO "Masked VT-d error signaling on %04x:%02x:%02x.%u\n",
+ seg, bus, dev, func);
break;
/* Tylersburg (EP)/Boxboro (MP) chipsets (NHM-EP/EX, WSM-EP/EX) */
[-- Attachment #2: VT-d-mask-error-reporting.patch --]
[-- Type: text/plain, Size: 2026 bytes --]
VT-d: extend error report masking workaround to newer chipsets
Add two more PCI IDs to the set that has been taken care of with a
different workaround long before XSA-59, and (for constency with the
newer workarounds) log a message here too.
Also move the function wide comment to the cases it applies to; this
should really have been done by d061d200 ("VT-d: suppress UR signaling
for server chipsets").
This is CVE-2013-3495 / XSA-59.
Signed-off-by: Jan Beulich <jbeulich@suse.com>
--- a/xen/drivers/passthrough/vtd/quirks.c
+++ b/xen/drivers/passthrough/vtd/quirks.c
@@ -379,12 +379,6 @@ void me_wifi_quirk(struct domain *domain
}
}
-/*
- * Mask reporting Intel VT-d faults to IOH core logic:
- * - Some platform escalates VT-d faults to platform errors
- * - This can cause system failure upon non-fatal VT-d faults
- * - Potential security issue if malicious guest trigger VT-d faults
- */
void pci_vtd_quirk(const struct pci_dev *pdev)
{
int seg = pdev->seg;
@@ -402,10 +396,20 @@ void pci_vtd_quirk(const struct pci_dev
switch ( pci_conf_read16(seg, bus, dev, func, PCI_DEVICE_ID) )
{
+ /*
+ * Mask reporting Intel VT-d faults to IOH core logic:
+ * - Some platform escalates VT-d faults to platform errors.
+ * - This can cause system failure upon non-fatal VT-d faults.
+ * - Potential security issue if malicious guest trigger VT-d faults.
+ */
+ case 0x0e28: /* Xeon-E5v2 (IvyBridge) */
case 0x342e: /* Tylersburg chipset (Nehalem / Westmere systems) */
+ case 0x3728: /* Xeon C5500/C3500 (JasperForest) */
case 0x3c28: /* Sandybridge */
val = pci_conf_read32(seg, bus, dev, func, 0x1AC);
pci_conf_write32(seg, bus, dev, func, 0x1AC, val | (1 << 31));
+ printk(XENLOG_INFO "Masked VT-d error signaling on %04x:%02x:%02x.%u\n",
+ seg, bus, dev, func);
break;
/* Tylersburg (EP)/Boxboro (MP) chipsets (NHM-EP/EX, WSM-EP/EX) */
[-- Attachment #3: Type: text/plain, Size: 126 bytes --]
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2014-05-20 13:40 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
[not found] <A9667DDFB95DB7438FA9D7D576C3D87E0AACE649@SHSMSX104.ccr.corp.intel.com>
2014-05-20 13:39 ` [PATCH 2/2] VT-d: extend error report masking workaround to newer chipsets Zhang, Yang Z
2014-04-28 7:54 [PATCH 0/2] VT-d: further XSA-59 workaround adjustments Jan Beulich
2014-04-28 8:01 ` [PATCH 2/2] VT-d: extend error report masking workaround to newer chipsets Jan Beulich
2014-04-28 9:34 ` Andrew Cooper
2014-04-28 9:56 ` Jan Beulich
2014-04-28 9:57 ` Andrew Cooper
2014-05-20 0:47 ` Zhang, Xiantao
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.