diff options
Diffstat (limited to 'system/xen/xsa/xsa304-4.12-1.patch')
| -rw-r--r-- | system/xen/xsa/xsa304-4.12-1.patch | 71 |
1 files changed, 71 insertions, 0 deletions
diff --git a/system/xen/xsa/xsa304-4.12-1.patch b/system/xen/xsa/xsa304-4.12-1.patch new file mode 100644 index 0000000000000..c2ed2c2ced89f --- /dev/null +++ b/system/xen/xsa/xsa304-4.12-1.patch @@ -0,0 +1,71 @@ +From: Andrew Cooper <andrew.cooper3@citrix.com> +Subject: x86/vtd: Hide superpage support for SandyBridge IOMMUs + +Something causes SandyBridge IOMMUs to choke when sharing EPT pagetables, and +an EPT superpage gets shattered. The root cause is still under investigation, +but the end result is unusable in combination with CVE-2018-12207 protections. + +This is part of XSA-304 / CVE-2018-12207 + +Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> +Reviewed-by: Jan Beulich <jbeulich@suse.com> + +diff --git a/xen/drivers/passthrough/vtd/extern.h b/xen/drivers/passthrough/vtd/extern.h +index 16eada9fa2..a71c8b0f84 100644 +--- a/xen/drivers/passthrough/vtd/extern.h ++++ b/xen/drivers/passthrough/vtd/extern.h +@@ -97,6 +97,8 @@ void vtd_ops_postamble_quirk(struct iommu* iommu); + int __must_check me_wifi_quirk(struct domain *domain, + u8 bus, u8 devfn, int map); + void pci_vtd_quirk(const struct pci_dev *); ++void quirk_iommu_caps(struct iommu *iommu); ++ + bool_t platform_supports_intremap(void); + bool_t platform_supports_x2apic(void); + +diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c +index b3664ecbe0..5d34f75306 100644 +--- a/xen/drivers/passthrough/vtd/iommu.c ++++ b/xen/drivers/passthrough/vtd/iommu.c +@@ -1215,6 +1215,8 @@ int __init iommu_alloc(struct acpi_drhd_unit *drhd) + if ( !(iommu->cap + 1) || !(iommu->ecap + 1) ) + return -ENODEV; + ++ quirk_iommu_caps(iommu); ++ + if ( cap_fault_reg_offset(iommu->cap) + + cap_num_fault_regs(iommu->cap) * PRIMARY_FAULT_REG_LEN >= PAGE_SIZE || + ecap_iotlb_offset(iommu->ecap) >= PAGE_SIZE ) +diff --git a/xen/drivers/passthrough/vtd/quirks.c b/xen/drivers/passthrough/vtd/quirks.c +index d6db862678..b02688e316 100644 +--- a/xen/drivers/passthrough/vtd/quirks.c ++++ b/xen/drivers/passthrough/vtd/quirks.c +@@ -540,3 +540,28 @@ void pci_vtd_quirk(const struct pci_dev *pdev) + break; + } + } ++ ++void __init quirk_iommu_caps(struct iommu *iommu) ++{ ++ /* ++ * IOMMU Quirks: ++ * ++ * SandyBridge IOMMUs claim support for 2M and 1G superpages, but don't ++ * implement superpages internally. ++ * ++ * There are issues changing the walk length under in-flight DMA, which ++ * has manifested as incompatibility between EPT/IOMMU sharing and the ++ * workaround for CVE-2018-12207 / XSA-304. Hide the superpages ++ * capabilities in the IOMMU, which will prevent Xen from sharing the EPT ++ * and IOMMU pagetables. ++ * ++ * Detection of SandyBridge unfortunately has to be done by processor ++ * model because the client parts don't expose their IOMMUs as PCI devices ++ * we could match with a Device ID. ++ */ ++ if ( boot_cpu_data.x86_vendor == X86_VENDOR_INTEL && ++ boot_cpu_data.x86 == 6 && ++ (boot_cpu_data.x86_model == 0x2a || ++ boot_cpu_data.x86_model == 0x2d) ) ++ iommu->cap &= ~(0xful << 34); ++} |