diff options
author | Andy Lutomirski <luto@amacapital.net> | 2013-02-01 14:57:43 -0800 |
---|---|---|
committer | Ingo Molnar <mingo@kernel.org> | 2013-02-03 12:13:48 +0100 |
commit | af8d102f999a41c0189bd2cce488bac2ee88c29b (patch) | |
tree | b2ae9835b6711c644386923d0c3d2c583a0a48ea /kernel/time/ntp.c | |
parent | e9b6025bf8f16469f417e07507390f2f079d0a99 (diff) |
x86/intel/irq_remapping: Clean up x2apic opt-out security warning mess
Current kernels print this on my Dell server:
------------[ cut here ]------------
WARNING: at drivers/iommu/intel_irq_remapping.c:542
intel_enable_irq_remapping+0x7b/0x27e()
Hardware name: PowerEdge R620
Your BIOS is broken and requested that x2apic be disabled
This will leave your machine vulnerable to irq-injection attacks
Use 'intremap=no_x2apic_optout' to override BIOS request
[...]
Enabled IRQ remapping in xapic mode
x2apic not enabled, IRQ remapping is in xapic mode
This is inconsistent with itself -- interrupt remapping is *on*.
Fix the mess by making the warnings say what they mean and my
making sure that compatibility format interrupts (the dangerous
ones) are disabled if x2apic is present regardless of BIOS
settings.
With this patch applied, the output is:
Your BIOS is broken and requested that x2apic be disabled.
This will slightly decrease performance.
Use 'intremap=no_x2apic_optout' to override BIOS request.
Enabled IRQ remapping in xapic mode
x2apic not enabled, IRQ remapping is in xapic mode
This should make us as or more secure than we are now and
replace a rather scary warning with a much less scary warning on
silly but functional systems.
Signed-off-by: Andy Lutomirski <luto@amacapital.net>
Cc: Suresh Siddha <suresh.b.siddha@intel.com>
Cc: Prarit Bhargava <prarit@redhat.com>
Cc: Gleb Natapov <gleb@redhat.com>
Cc: Don Zickus <dzickus@redhat.com>
Cc: Alex Williamson <alex.williamson@redhat.com>
Link: http://lkml.kernel.org/r/2011b943a886fd7c46079eb10bc24fc130587503.1359759303.git.luto@amacapital.net
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Diffstat (limited to 'kernel/time/ntp.c')
0 files changed, 0 insertions, 0 deletions