aboutsummaryrefslogtreecommitdiffstats
path: root/drivers
diff options
context:
space:
mode:
authorJoseph Cihula <joseph.cihula@intel.com>2009-06-30 22:31:10 -0400
committerH. Peter Anvin <hpa@zytor.com>2009-07-21 14:50:42 -0400
commita59b50e995465911ba580df0bd10cf64aa81fc43 (patch)
treeb3e97a338ebfd2299675af14b5863ff0dd0b2548 /drivers
parent86886e55b273f565935491816c7c96b82469d4f8 (diff)
intel_txt: Force IOMMU on for Intel TXT launch
The tboot module will DMA protect all of memory in order to ensure the that kernel will be able to initialize without compromise (from DMA). Consequently, the kernel must enable Intel Virtualization Technology for Directed I/O (VT-d or Intel IOMMU) in order to replace this broad protection with the appropriate page-granular protection. Otherwise DMA devices will be unable to read or write from memory and the kernel will eventually panic. Because runtime IOMMU support is configurable by command line options, this patch will force it to be enabled regardless of the options specified, and will log a message if it was required to force it on. dmar.c | 7 +++++++ intel-iommu.c | 17 +++++++++++++++-- 2 files changed, 22 insertions(+), 2 deletions(-) Signed-off-by: Joseph Cihula <joseph.cihula@intel.com> Signed-off-by: Shane Wang <shane.wang@intel.com> Cc: David Woodhouse <dwmw2@infradead.org> Signed-off-by: H. Peter Anvin <hpa@zytor.com>
Diffstat (limited to 'drivers')
-rw-r--r--drivers/pci/dmar.c7
-rw-r--r--drivers/pci/intel-iommu.c17
2 files changed, 22 insertions, 2 deletions
diff --git a/drivers/pci/dmar.c b/drivers/pci/dmar.c
index 7b287cb38b7a..0cbc5fd26c3c 100644
--- a/drivers/pci/dmar.c
+++ b/drivers/pci/dmar.c
@@ -33,6 +33,7 @@
33#include <linux/timer.h> 33#include <linux/timer.h>
34#include <linux/irq.h> 34#include <linux/irq.h>
35#include <linux/interrupt.h> 35#include <linux/interrupt.h>
36#include <asm/tboot.h>
36 37
37#undef PREFIX 38#undef PREFIX
38#define PREFIX "DMAR:" 39#define PREFIX "DMAR:"
@@ -413,6 +414,12 @@ parse_dmar_table(void)
413 */ 414 */
414 dmar_table_detect(); 415 dmar_table_detect();
415 416
417 /*
418 * ACPI tables may not be DMA protected by tboot, so use DMAR copy
419 * SINIT saved in SinitMleData in TXT heap (which is DMA protected)
420 */
421 dmar_tbl = tboot_get_dmar_table(dmar_tbl);
422
416 dmar = (struct acpi_table_dmar *)dmar_tbl; 423 dmar = (struct acpi_table_dmar *)dmar_tbl;
417 if (!dmar) 424 if (!dmar)
418 return -ENODEV; 425 return -ENODEV;
diff --git a/drivers/pci/intel-iommu.c b/drivers/pci/intel-iommu.c
index ebc9b8dca881..2dc72a6d7412 100644
--- a/drivers/pci/intel-iommu.c
+++ b/drivers/pci/intel-iommu.c
@@ -38,6 +38,7 @@
38#include <linux/intel-iommu.h> 38#include <linux/intel-iommu.h>
39#include <linux/sysdev.h> 39#include <linux/sysdev.h>
40#include <asm/cacheflush.h> 40#include <asm/cacheflush.h>
41#include <asm/tboot.h>
41#include <asm/iommu.h> 42#include <asm/iommu.h>
42#include "pci.h" 43#include "pci.h"
43 44
@@ -3183,12 +3184,22 @@ static int __init init_iommu_sysfs(void)
3183int __init intel_iommu_init(void) 3184int __init intel_iommu_init(void)
3184{ 3185{
3185 int ret = 0; 3186 int ret = 0;
3187 int force_on = 0;
3186 3188
3187 if (dmar_table_init()) 3189 /* VT-d is required for a TXT/tboot launch, so enforce that */
3190 force_on = tboot_force_iommu();
3191
3192 if (dmar_table_init()) {
3193 if (force_on)
3194 panic("tboot: Failed to initialize DMAR table\n");
3188 return -ENODEV; 3195 return -ENODEV;
3196 }
3189 3197
3190 if (dmar_dev_scope_init()) 3198 if (dmar_dev_scope_init()) {
3199 if (force_on)
3200 panic("tboot: Failed to initialize DMAR device scope\n");
3191 return -ENODEV; 3201 return -ENODEV;
3202 }
3192 3203
3193 /* 3204 /*
3194 * Check the need for DMA-remapping initialization now. 3205 * Check the need for DMA-remapping initialization now.
@@ -3204,6 +3215,8 @@ int __init intel_iommu_init(void)
3204 3215
3205 ret = init_dmars(); 3216 ret = init_dmars();
3206 if (ret) { 3217 if (ret) {
3218 if (force_on)
3219 panic("tboot: Failed to initialize DMARs\n");
3207 printk(KERN_ERR "IOMMU: dmar init failed\n"); 3220 printk(KERN_ERR "IOMMU: dmar init failed\n");
3208 put_iova_domain(&reserved_iova_list); 3221 put_iova_domain(&reserved_iova_list);
3209 iommu_exit_mempool(); 3222 iommu_exit_mempool();