ia64/xen-unstable
changeset 18272:dafe50692c77
vtd: Add 'force_iommu' option
For security reasons, add 'force_iommu' option to ensure that it
should not be possible under any conditions to boot Xen w/o VT-d being
enabled. This would only be specified by users that really want the
added security.
Signed-off-by: Weidong Han <weidong.han@intel.com>
For security reasons, add 'force_iommu' option to ensure that it
should not be possible under any conditions to boot Xen w/o VT-d being
enabled. This would only be specified by users that really want the
added security.
Signed-off-by: Weidong Han <weidong.han@intel.com>
| author | Keir Fraser <keir.fraser@citrix.com> |
|---|---|
| date | Wed Aug 06 09:37:53 2008 +0100 (2008-08-06) |
| parents | 172fa773c5ef |
| children | 75cbde73d6ea |
| files | xen/drivers/passthrough/iommu.c xen/drivers/passthrough/vtd/dmar.c xen/include/xen/iommu.h |
line diff
1.1 --- a/xen/drivers/passthrough/iommu.c Wed Aug 06 09:37:01 2008 +0100 1.2 +++ b/xen/drivers/passthrough/iommu.c Wed Aug 06 09:37:53 2008 +0100 1.3 @@ -30,6 +30,9 @@ boolean_param("iommu", iommu_enabled); 1.4 int iommu_pv_enabled = 0; 1.5 boolean_param("iommu_pv", iommu_pv_enabled); 1.6 1.7 +int force_iommu = 0; 1.8 +boolean_param("force_iommu", force_iommu); 1.9 + 1.10 int iommu_domain_init(struct domain *domain) 1.11 { 1.12 struct hvm_iommu *hd = domain_hvm_iommu(domain); 1.13 @@ -215,6 +218,9 @@ static int iommu_setup(void) 1.14 iommu_enabled = (rc == 0); 1.15 1.16 out: 1.17 + if ( force_iommu && !iommu_enabled ) 1.18 + panic("IOMMU setup failed, crash Xen for security purpose!\n"); 1.19 + 1.20 if ( !iommu_enabled ) 1.21 iommu_pv_enabled = 0; 1.22 printk("I/O virtualisation %sabled\n", iommu_enabled ? "en" : "dis");
2.1 --- a/xen/drivers/passthrough/vtd/dmar.c Wed Aug 06 09:37:01 2008 +0100 2.2 +++ b/xen/drivers/passthrough/vtd/dmar.c Wed Aug 06 09:37:53 2008 +0100 2.3 @@ -427,6 +427,9 @@ static int __init acpi_parse_dmar(struct 2.4 if ( !dmar->width ) 2.5 { 2.6 dprintk(XENLOG_WARNING VTDPREFIX, "Zero: Invalid DMAR width\n"); 2.7 + if ( force_iommu ) 2.8 + panic("acpi_parse_dmar: Invalid DMAR width," 2.9 + " crash Xen for security purpose!\n"); 2.10 return -EINVAL; 2.11 } 2.12 2.13 @@ -468,8 +471,15 @@ static int __init acpi_parse_dmar(struct 2.14 2.15 if ( ret ) 2.16 { 2.17 - printk(XENLOG_WARNING "Failed to parse ACPI DMAR. Disabling VT-d.\n"); 2.18 - disable_all_dmar_units(); 2.19 + if ( force_iommu ) 2.20 + panic("acpi_parse_dmar: Failed to parse ACPI DMAR," 2.21 + " crash Xen for security purpose!\n"); 2.22 + else 2.23 + { 2.24 + printk(XENLOG_WARNING 2.25 + "Failed to parse ACPI DMAR. Disabling VT-d.\n"); 2.26 + disable_all_dmar_units(); 2.27 + } 2.28 } 2.29 2.30 return ret; 2.31 @@ -480,10 +490,15 @@ int acpi_dmar_init(void) 2.32 int rc; 2.33 2.34 rc = -ENODEV; 2.35 + if ( force_iommu ) 2.36 + iommu_enabled = 1; 2.37 + 2.38 if ( !iommu_enabled ) 2.39 goto fail; 2.40 2.41 - acpi_table_parse(ACPI_SIG_DMAR, acpi_parse_dmar); 2.42 + rc = acpi_table_parse(ACPI_SIG_DMAR, acpi_parse_dmar); 2.43 + if ( rc ) 2.44 + goto fail; 2.45 2.46 rc = -ENODEV; 2.47 if ( list_empty(&acpi_drhd_units) ) 2.48 @@ -494,6 +509,10 @@ int acpi_dmar_init(void) 2.49 return 0; 2.50 2.51 fail: 2.52 + if ( force_iommu ) 2.53 + panic("acpi_dmar_init: acpi_dmar_init failed," 2.54 + " crash Xen for security purpose!\n"); 2.55 + 2.56 vtd_enabled = 0; 2.57 return -ENODEV; 2.58 }
3.1 --- a/xen/include/xen/iommu.h Wed Aug 06 09:37:01 2008 +0100 3.2 +++ b/xen/include/xen/iommu.h Wed Aug 06 09:37:53 2008 +0100 3.3 @@ -30,6 +30,7 @@ 3.4 extern int vtd_enabled; 3.5 extern int iommu_enabled; 3.6 extern int iommu_pv_enabled; 3.7 +extern int force_iommu; 3.8 3.9 #define domain_hvm_iommu(d) (&d->arch.hvm_domain.hvm_iommu) 3.10 #define domain_vmx_iommu(d) (&d->arch.hvm_domain.hvm_iommu.vmx_iommu)