You should not ignore DRHD even if devices under its scope are not pci
discoverable. For the sake of security, we still enable these DRHDs but don't
set any context mappings. In that case, any DMA that comes from these
"supposedly disabled" devices will get blocked by VT-d, and hence avoid any
security vulnerability with malicious s/w re-enabling these devices.
You RMRR validity fixing is wrong. My RMRR patch is no problem. Pls note that
the RMRR checking logic is:
If all devices under RMRR's scope are not pci discoverable
Ignore the RMRR
Else if base_address > end_address
From: Noboru Iwamatsu [mailto:n_iwamatsu@xxxxxxxxxxxxxx]
Sent: Thursday, January 21, 2010 4:26 PM
To: Han, Weidong
Cc: xen-devel@xxxxxxxxxxxxxxxxxxx; keir.fraser@xxxxxxxxxxxxx
Subject: Re: [Xen-devel] [PATCH] VT-d: improve RMRR validity checking
Some Q35 mainboard that has buggy BIOS, I have one of this, reports invalid
DRHD in addition to the invalid RMRR.
Attached patch fixes this DRHD issue in the same way as RMRR.
And also, I fixed RMRR validity checking loop.
Signed-off-by: Noboru Iwamatsu <n_iwamatsu@xxxxxxxxxxxxxx>
-------- Original Message --------
Subject: [Xen-devel] [PATCH] VT-d: improve RMRR validity checking
From: Han, Weidong <weidong.han@xxxxxxxxx>
To: xen-devel@xxxxxxxxxxxxxxxxxxx <xen-devel@xxxxxxxxxxxxxxxxxxx>
Date: Thu Jan 21 2010 11:46:12 GMT+0900
> Currently, Xen checks RMRR range and disables VT-d if RMRR range is set
> incorrectly in BIOS rigorously. But, actually we can ignore the RMRR if the
> device under its scope are not pci discoverable, because the RMRR won't be
> used by non-existed or disabled devices.
> This patch ignores the RMRR if the device under its scope are not pci
> discoverable, and only checks the validity of RMRRs that are actually used.
> In order to avoid duplicate pci device detection code, this patch defines a
> function pci_device_detect for it.
> Signed-off-by: Weidong Han<weidong.han@xxxxxxxxx>
> Xen-devel mailing list
Xen-devel mailing list