| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 6 Aug 2011 09:00:21 +0200 From: Ingo Molnar <mingo@...e.hu> To: Suresh Siddha <suresh.b.siddha@...el.com> Cc: David Woodhouse <dwmw2@...radead.org>, Thomas Gleixner <tglx@...utronix.de>, "H. Peter Anvin" <hpa@...or.com>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, "Song, Youquan" <youquan.song@...el.com>, "Mallick, Asit K" <asit.k.mallick@...el.com>, Prarit Bhargava <prarit@...hat.com>, "trenn@...e.de" <trenn@...e.de> Subject: Re: [patch] x86, x2apic: enable the bios request for x2apic optout * Suresh Siddha <suresh.b.siddha@...el.com> wrote: > On Sat, 2011-07-30 at 16:09 -0700, David Woodhouse wrote: > > On Fri, 2011-07-29 at 17:52 -0700, Suresh Siddha wrote: > > > > > > + WARN(!eim, KERN_WARNING "Your BIOS is broken and requested that" > > > + " x2apic be disabled\n This will leave your machine" > > > + " vulnerable to irq-injection attacks\n Use" > > > + " 'intremap=no_x2apic_optout' to override BIOS " > > > + "request\n"); > > > > Please don't break strings, except at the \n. I think checkpatch.pl even > > has an exception to its 80-column rule for this, these days? > > > > If I see this message and search in the kernel source for the string > > 'requested that x2apic be disabled', I should be able to find it. > > Sure. Updated patch appended. Thanks. > --- > > From: Youquan Song <youquan.song@...el.com> > Subject: x86, x2apic: enable the bios request for x2apic optout > > On the platforms which are x2apic and interrupt-remapping capable, Linux > kernel is enabling x2apic even if the BIOS doesn't. This is to take > advantage of the features that x2apic brings in. > > Some of the OEM platforms are running into issues because of this, as their > bios is not x2apic aware. For example, this was resulting in interrupt migration > issues on one of the platforms. Also if the BIOS SMI handling uses APIC > interface to send SMI's, then the BIOS need to be aware of x2apic mode > that OS has enabled. > > On some of these platforms, BIOS doesn't have a HW mechanism to turnoff > the x2apic feature to prevent OS from enabling it. > > To resolve this mess, recent changes to the VT-d2 specification > (http://download.intel.com/technology/computing/vptech/Intel(r)_VT_for_Direct_IO.pdf) > includes a mechanism that provides BIOS a way to request system software > to opt out of enabling x2apic mode. > > Look at the x2apic optout flag in the DMAR tables before enabling the x2apic > mode in the platform. Also print a warning that we have disabled x2apic > based on the BIOS request. > > Kernel boot parameter "intremap=no_x2apic_optout" can be used to override > the BIOS x2apic optout request. > > Signed-off-by: Youquan Song <youquan.song@...el.com> > Signed-off-by: Suresh Siddha <suresh.b.siddha@...el.com> > --- > Documentation/kernel-parameters.txt | 3 +- > arch/x86/kernel/apic/apic.c | 31 ++++++++++++------------ > drivers/iommu/dmar.c | 2 +- > drivers/iommu/intr_remapping.c | 44 ++++++++++++++++++++++++++++------ > include/linux/dmar.h | 14 +++++++++- > 5 files changed, 66 insertions(+), 28 deletions(-) Guys, mind doing this on top of the DMAR cleanup patches Yinghai posted? (if those patches are fine - i have not checked them in detail yet) Really, if we need to do silly BIOS workarounds then we might as well use the opportunity to clean up this mess. Thanks, Ingo -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists