Re: [PATCH v2] irq: add quirk for broken interrupt remapping on 55XX chipsets
From: Bjorn Helgaas
Date: Thu Apr 04 2013 - 14:41:59 EST
On Thu, Apr 4, 2013 at 11:51 AM, Neil Horman <nhorman@xxxxxxxxxxxxx> wrote:
> Oh, you want the bug report that I'm fixing this against? Sure, I can do that.
> I thought you wanted me to include a url in the WARN_TAINT, with which user
> could report occurances of this bug. Yeah, the bug that this is reported in is:
> https://bugzilla.redhat.com/show_bug.cgi?id=887006
>
> Its standing in for about a dozen or so variants of this issue we've seen
Exactly -- I'm just hoping for something in the changelog. BTW, this
particular bugzilla is not public.
> Regardless, theres also the security issue to consider here - namely that
> disabling irq remapping opens up users of virt to a possible security bug
> (potential irq injection). Some users may wish to live with the remapping
> error, given that error typically leads to devices that need to be
> restarted/reset to start working again, rather than live with the security hole.
> I rather like the warning, that gives users a choice, but I'll spin up a version
> that just disables it if you would rather.
I don't believe users will want to make a choice like that or even be
sophisticated enough to do it, at least not based on something in
dmesg. I'm pretty sure I'm not :)
The only supportable thing I can imagine doing would be:
- Disable interrupt remapping if this chipset defect is present, so
devices work reliably (they don't need whatever restart/reset you
referred to above).
- Disable virt functionality when interrupt remapping is disabled to
avoid the security problem (I don't know the details of this.)
- Add a command-line option to enable interrupt remapping (I think
"intremap=on" is currently parsed too early, but maybe this could be
reworked so the option could override the quirk disable).
- Add release notes saying "boot with 'intremap=on' if you want the
virt functionality and can accept unreliable devices."
That way the default behavior is safe and reliable (though perhaps
lacking some functionality), and you have told the user a way to get
safe and unreliable operation if he's willing to accept that. At
least, that's what I think I would want if I were in RH's shoes.
Bjorn
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/