Re: [PATCH v2] x86, vt-d: enable x2apic opt out

From: Woodhouse, David
Date: Wed May 11 2011 - 13:21:30 EST

Next message: Minchan Kim: "[PATCH v1 02/10] compaction: trivial clean up acct_isolated"
Previous message: Eric W. Biederman: "Re: linux-next: build failure after merge of the namespace tree"
In reply to: Youquan Song: "Re: [PATCH v2] x86, vt-d: enable x2apic opt out"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 2011-04-14 at 08:06 +0100, Song, Youquan wrote:
> + pr_info("Not enabling x2apic, firmware requests OS opt-out "
> + "x2apic.\n");

This output is far too innocuous. At the very least, it should have a
clear statement that this should leave you vulnerable to IRQ injection
attacks that intr-remapping + x2apic would have protected against.

It should probably look more like:

WARN (1, "Your BIOS is broken and requested that x2apic be disabled\n"
"This will leave your machine vulnerable to irq-injection attacks\n"
"Use 'intel_iommu=no_x2apic_optout' to override BIOS request\n");

--
David Woodhouse Open Source Technology Centre
David.Woodhouse@xxxxxxxxx Intel Corporation

Attachment: smime.p7s
Description: S/MIME cryptographic signature

Next message: Minchan Kim: "[PATCH v1 02/10] compaction: trivial clean up acct_isolated"
Previous message: Eric W. Biederman: "Re: linux-next: build failure after merge of the namespace tree"
In reply to: Youquan Song: "Re: [PATCH v2] x86, vt-d: enable x2apic opt out"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]