• Andy Lutomirski's avatar
    x86/intel/irq_remapping: Clean up x2apic opt-out security warning mess · af8d102f
    Andy Lutomirski authored
    Current kernels print this on my Dell server:
    
       ------------[ cut here ]------------
       WARNING: at drivers/iommu/intel_irq_remapping.c:542
       intel_enable_irq_remapping+0x7b/0x27e()
       Hardware name: PowerEdge R620
       Your BIOS is broken and requested that x2apic be disabled
       This will leave your machine vulnerable to irq-injection attacks
       Use 'intremap=no_x2apic_optout' to override BIOS request
       [...]
       Enabled IRQ remapping in xapic mode
       x2apic not enabled, IRQ remapping is in xapic mode
    
    This is inconsistent with itself -- interrupt remapping is *on*.
    
    Fix the mess by making the warnings say what they mean and my
    making sure that compatibility format interrupts (the dangerous
    ones) are disabled if x2apic is present regardless of BIOS
    settings.
    
    With this patch applied, the output is:
    
      Your BIOS is broken and requested that x2apic be disabled.
      This will slightly decrease performance.
      Use 'intremap=no_x2apic_optout' to override BIOS request.
      Enabled IRQ remapping in xapic mode
      x2apic not enabled, IRQ remapping is in xapic mode
    
    This should make us as or more secure than we are now and
    replace a rather scary warning with a much less scary warning on
    silly but functional systems.
    Signed-off-by: default avatarAndy Lutomirski <luto@amacapital.net>
    Cc: Suresh Siddha <suresh.b.siddha@intel.com>
    Cc: Prarit Bhargava <prarit@redhat.com>
    Cc: Gleb Natapov <gleb@redhat.com>
    Cc: Don Zickus <dzickus@redhat.com>
    Cc: Alex Williamson <alex.williamson@redhat.com>
    Link: http://lkml.kernel.org/r/2011b943a886fd7c46079eb10bc24fc130587503.1359759303.git.luto@amacapital.netSigned-off-by: default avatarIngo Molnar <mingo@kernel.org>
    af8d102f
intel_irq_remapping.c 25.4 KB