xen-devel

[Top] [All Lists]

RE: [Xen-devel] [PATCH] VT-d: improve RMRR validity checking

from [Han, Weidong]

[Permanent Link][Original]

To:	Noboru Iwamatsu <n_iwamatsu@xxxxxxxxxxxxxx>
Subject:	RE: [Xen-devel] [PATCH] VT-d: improve RMRR validity checking
From:	"Han, Weidong" <weidong.han@xxxxxxxxx>
Date:	Thu, 21 Jan 2010 16:38:43 +0800
Accept-language:	en-US
Acceptlanguage:	en-US
Cc:	"xen-devel@xxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxx>, "keir.fraser@xxxxxxxxxxxxx" <keir.fraser@xxxxxxxxxxxxx>
Delivery-date:	Thu, 21 Jan 2010 00:39:50 -0800
Envelope-to:	www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to:	<4B580F8C.5090807@xxxxxxxxxxxxxx>
List-help:	<mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id:	Xen developer discussion <xen-devel.lists.xensource.com>
List-post:	<mailto:xen-devel@lists.xensource.com>
List-subscribe:	<http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe:	<http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References:	<60E426D47DE8EA47AA104E65008A100D14458756F3@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx> <4B580F8C.5090807@xxxxxxxxxxxxxx>
Sender:	xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
Thread-index:	Acqac3ob/UFIfLk8TCimn2OI1K0iUAAAENSA
Thread-topic:	[Xen-devel] [PATCH] VT-d: improve RMRR validity checking

Hi Noboru,

You should not ignore DRHD even if devices under its scope are not pci 
discoverable. For the sake of security, we still enable these DRHDs but don't 
set any context mappings. In that case, any DMA that comes from these 
"supposedly disabled" devices will get blocked by VT-d, and hence avoid any 
security vulnerability with malicious s/w re-enabling these devices. 

You RMRR validity fixing is wrong. My RMRR patch is no problem. Pls note that 
the RMRR checking logic is:
        If all devices under RMRR's scope are not pci discoverable
                Ignore the RMRR
        Else if base_address > end_address
                Return error
        Else
                Register RMRR

Regards,
Weidong
                

-----Original Message-----
From: Noboru Iwamatsu [mailto:n_iwamatsu@xxxxxxxxxxxxxx] 
Sent: Thursday, January 21, 2010 4:26 PM
To: Han, Weidong
Cc: xen-devel@xxxxxxxxxxxxxxxxxxx; keir.fraser@xxxxxxxxxxxxx
Subject: Re: [Xen-devel] [PATCH] VT-d: improve RMRR validity checking

Hi,

Some Q35 mainboard that has buggy BIOS, I have one of this, reports invalid 
DRHD in addition to the invalid RMRR.

Attached patch fixes this DRHD issue in the same way as RMRR.
And also, I fixed RMRR validity checking loop.

Noboru.

Signed-off-by: Noboru Iwamatsu <n_iwamatsu@xxxxxxxxxxxxxx>


-------- Original Message  --------
Subject: [Xen-devel] [PATCH] VT-d: improve RMRR validity checking
From: Han, Weidong <weidong.han@xxxxxxxxx>
To: xen-devel@xxxxxxxxxxxxxxxxxxx <xen-devel@xxxxxxxxxxxxxxxxxxx>
Date: Thu Jan 21 2010 11:46:12 GMT+0900

> Currently, Xen checks RMRR range and disables VT-d if RMRR range is set 
> incorrectly in BIOS rigorously. But, actually we can ignore the RMRR if the 
> device under its scope are not pci discoverable, because the RMRR won't be 
> used by non-existed or disabled devices.
>
> This patch ignores the RMRR if the device under its scope are not pci 
> discoverable, and only checks the validity of RMRRs that are actually used. 
> In order to avoid duplicate pci device detection code, this patch defines a 
> function pci_device_detect for it.
>
> Signed-off-by: Weidong Han<weidong.han@xxxxxxxxx>
>
>
>
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-devel


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
[Xen-devel] [PATCH] VT-d: improve RMRR validity checking, Han, Weidong Re: [Xen-devel] [PATCH] VT-d: improve RMRR validity checking, Noboru Iwamatsu RE: [Xen-devel] [PATCH] VT-d: improve RMRR validity checking, Han, Weidong <= Re: [Xen-devel] [PATCH] VT-d: improve RMRR validity checking, Noboru Iwamatsu Re: [Xen-devel] [PATCH] VT-d: improve RMRR validity checking, Noboru Iwamatsu Re: [Xen-devel] [PATCH] VT-d: improve RMRR validity checking, Weidong Han Re: [Xen-devel] [PATCH] VT-d: improve RMRR validity checking, Keir Fraser Re: [Xen-devel] [PATCH] VT-d: improve RMRR validity checking, Weidong Han Re: [Xen-devel] [PATCH] VT-d: improve RMRR validity checking, Noboru Iwamatsu Re: [Xen-devel] [PATCH] VT-d: improve RMRR validity checking, Weidong Han Re: [Xen-devel] [PATCH] VT-d: improve RMRR validity checking, Keir Fraser Re: [Xen-devel] [PATCH] VT-d: improve RMRR validity checking, Sander Eikelenboom Re: [Xen-devel] [PATCH] VT-d: improve RMRR validity checking, Keir Fraser

Previous by Date:	Re: [Xen-devel] trouble with the new mmap-batch interface, Jan Beulich
Next by Date:	Re: [Xen-devel] RE: gplpv installer fails to detect testsigning on win7 ultimate x64, Pasi Kärkkäinen
Previous by Thread:	Re: [Xen-devel] [PATCH] VT-d: improve RMRR validity checking, Noboru Iwamatsu
Next by Thread:	Re: [Xen-devel] [PATCH] VT-d: improve RMRR validity checking, Noboru Iwamatsu
Indexes:	[Date] [Thread] [Top] [All Lists]