On 19/12/2022 6:34 am, Xenia Ragiadakou wrote: > The variable untrusted_msi indicates whether the system is vulnerable to > CVE-2011-1898. This vulnerablity is VT-d specific. > Place the code that addresses the issue under CONFIG_INTEL_VTD. > > No functional change intended. > > Signed-off-by: Xenia Ragiadakou <burzalod...@gmail.com>
Actually, this variable is pretty bogus. I think I'd like to delete it entirely. There are systems with no IOMMU at all, and we certainly used to let PV Passthrough go ahead. (Not sure we do any more.) There are systems with DMA remapping only, but no interrupt remapping. These are known insecure. I'm honestly not convinced that an ISR read and crash is useful when the user has already constructed an known-unsafe configuration, because a malicious guest in that case can still fully mess with dom0 by sending vectors other than 0x80 and 0x82. In particular, this option does not get activated on AMD when the user elects to disable interrupt remapping, and I'm disinclined to wire it up in that case too. ~Andrew P.S. It occurs to me that FRED obsoletes the need for this anyway, seeing as it does properly distinguish the source of an event.
