• Weidong Han's avatar
    Intel-IOMMU, intr-remap: source-id checking · f007e99c
    Weidong Han authored
    To support domain-isolation usages, the platform hardware must be
    capable of uniquely identifying the requestor (source-id) for each
    interrupt message. Without source-id checking for interrupt remapping
    , a rouge guest/VM with assigned devices can launch interrupt attacks
    to bring down anothe guest/VM or the VMM itself.
    
    This patch adds source-id checking for interrupt remapping, and then
    really isolates interrupts for guests/VMs with assigned devices.
    
    Because PCI subsystem is not initialized yet when set up IOAPIC
    entries, use read_pci_config_byte to access PCI config space directly.
    Signed-off-by: default avatarWeidong Han <weidong.han@intel.com>
    Signed-off-by: default avatarDavid Woodhouse <David.Woodhouse@intel.com>
    f007e99c
io_apic.c 99.2 KB