After some more thought on the XSA-36 and specifically the comments we
got regarding disabling the IOMMU in this situation altogether making
things worse instead of better, I came to the conclusion that we can
actually restrict the action in affected cases to just disabling
interrupt remapping. That doesn't make the situation worse than prior
to the XSA-36 fixes (where interrupt remapping didn't really protect
domains from one another), but allows at least DMA isolation to still
be utilized.
To do so, disabling of interrupt remapping must be explicitly requested
on the command line - respective checks will then be skipped.
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Suravee Suthikulanit <suravee.suthikulpanit@amd.com>
switch ( special->variety )
{
case ACPI_IVHD_IOAPIC:
+ if ( !iommu_intremap )
+ break;
/*
* Some BIOSes have IOAPIC broken entries so we check for IVRS
* consistency here --- whether entry's IOAPIC ID is valid and
}
/* Each IO-APIC must have been mentioned in the table. */
- for ( apic = 0; !error && apic < nr_ioapics; ++apic )
+ for ( apic = 0; !error && iommu_intremap && apic < nr_ioapics; ++apic )
{
if ( !nr_ioapic_entries[apic] ||
ioapic_sbdf[IO_APIC_ID(apic)].pin_setup )
BUG_ON( !iommu_found() );
- if ( amd_iommu_perdev_intremap && amd_sp5100_erratum28() )
+ if ( iommu_intremap && amd_iommu_perdev_intremap &&
+ amd_sp5100_erratum28() )
goto error_out;
ivrs_bdf_entries = amd_iommu_get_ivrs_dev_entries();
goto error_out;
/* initialize io-apic interrupt remapping entries */
- if ( amd_iommu_setup_ioapic_remapping() != 0 )
+ if ( iommu_intremap && amd_iommu_setup_ioapic_remapping() != 0 )
goto error_out;
/* allocate and initialize a global device table shared by all iommus */
projects / xen.git / commitdiff