The variable untrusted_msi indicates whether the system is vulnerable to
CVE-2011-1898 due to the absence of interrupt remapping support.
Although AMD iommus with interrupt remapping disabled are also affected,
this case is not handled yet. Given that the issue is not VT-d specific,
and to accommodate future use of the flag for covering also the AMD iommu
case, move the definition of the flag out of the VT-d specific code to the
common x86 iommu code.
Also, since the current implementation assumes that only PV guests are prone
to this attack, take the opportunity to define untrusted_msi only when PV is
enabled.
No functional change intended.
Signed-off-by: Xenia Ragiadakou <burzalodowa@gmail.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Kevin Tian <kevin.tian@intel.com>
? dom_iommu(d)->arch.vtd.pgd_maddr \
: (pdev)->arch.vtd.pgd_maddr)
-/* Possible unfiltered LAPIC/MSI messages from untrusted sources? */
-bool __read_mostly untrusted_msi;
-
bool __read_mostly iommu_igfx = true;
bool __read_mostly iommu_qinval = true;
#ifndef iommu_snoop
if ( !has_arch_pdevs(target) )
vmx_pi_hooks_assign(target);
+#ifdef CONFIG_PV
/*
* Devices assigned to untrusted domains (here assumed to be any domU)
* can attempt to send arbitrary LAPIC/MSI messages. We are unprotected
if ( !iommu_intremap && !is_hardware_domain(target) &&
!is_system_domain(target) )
untrusted_msi = true;
+#endif
ret = domain_context_mapping(target, devfn, pdev);
enum iommu_intremap __read_mostly iommu_intremap = iommu_intremap_full;
+#ifdef CONFIG_PV
+/* Possible unfiltered LAPIC/MSI messages from untrusted sources? */
+bool __read_mostly untrusted_msi;
+#endif
+
#ifndef iommu_intpost
/*
* In the current implementation of VT-d posted interrupts, in some extreme
projects / xen.git / commitdiff