WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-devel] Xen 4.0.0-rc7 problem/hang with vt-d DMAR parsing

from [Weidong Han] [Permanent Link][Original]
To: Jan Beulich <JBeulich@xxxxxxxxxx>
Subject: Re: [Xen-devel] Xen 4.0.0-rc7 problem/hang with vt-d DMAR parsing
From: Weidong Han <weidong.han@xxxxxxxxx>
Date: Wed, 24 Mar 2010 19:00:17 +0800
Cc: "xen-devel@xxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxx>, Keir Fraser <keir.fraser@xxxxxxxxxxxxx>, "Cui, Dexuan" <dexuan.cui@xxxxxxxxx>
Delivery-date: Wed, 24 Mar 2010 04:06:07 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <4BA9ED8D0200007800036B3F@xxxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <20100323193748.GW1878@xxxxxxxxxxx> <C7CECCF9.E36E%keir.fraser@xxxxxxxxxxxxx> <20100323200515.GZ1878@xxxxxxxxxxx> <ED3036A092A28F4C91B0B4360DD128EABE03D6BC@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx> <4BA9DA400200007800036ABB@xxxxxxxxxxxxxxxxxx> <4BA9D512.9090902@xxxxxxxxx> <4BA9ED8D0200007800036B3F@xxxxxxxxxxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Thunderbird 2.0.0.21 (Windows/20090302) 
Jan Beulich wrote:

Weidong Han <weidong.han@xxxxxxxxx> 24.03.10 10:02 >>>
it cannot check entry_header->length < sizeof(struct acpi_table_XXX), which is not the actual size in acpi table. 

I don't follow here: Minimally checking against
sizeof(struct acpi_dmar_entry_header) should be possible. But I can't
even see why checking for sizeof(struct acpi_table_XXX) in the
individual case statements can't be done.

Jan
Re-checked the code. You're right. Updated the patch to check with sizeof(struct acpi_table_XXX). 

Idea-by: Jan Beulich <jbeulich@xxxxxxxxxx <mailto:jbeulich@xxxxxxxxxx>>
Signed-off-by: Weidong Han <weidong.han@xxxxxxxxx>

diff -r a4eac162dcb9 xen/drivers/passthrough/vtd/dmar.c
--- a/xen/drivers/passthrough/vtd/dmar.c    Thu Mar 25 01:05:03 2010 +0800
+++ b/xen/drivers/passthrough/vtd/dmar.c    Thu Mar 25 03:53:21 2010 +0800
@@ -659,6 +659,23 @@ static int __init acpi_parse_dmar(struct
    while ( ((unsigned long)entry_header) <
            (((unsigned long)dmar) + table->length) )
    {
+        /*
+         * entry_header length should not smaller than size of
+         * any acpi dmar structures. also avoid endless looping
+         * when the lenght is 0 on some bad BIOSs
+         */
+        if ( entry_header->length < sizeof(struct acpi_table_drhd) &&
+             entry_header->length < sizeof(struct acpi_table_rmrr) &&
+             entry_header->length < sizeof(struct acpi_table_atsr) &&
+             entry_header->length < sizeof(struct acpi_table_rhsa) )
+        {
+            dprintk(XENLOG_WARNING VTDPREFIX,
+                    "Invalid entry_header length: 0x%x\n",
+                    entry_header->length);
+            ret = -EINVAL;
+            break;
+        }
+
        switch ( entry_header->type )
        {
        case ACPI_DMAR_DRHD:



_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Xen-devel] [PATCH] Simple emulation of host keyboard and mouse for gfx_passthru., Dietmar Hahn
Next by Date:  [Xen-devel] [PATCH] x86: fix improper return value from relinquish_memory(), Jan Beulich
Previous by Thread:  Re: [Xen-devel] Xen 4.0.0-rc7 problem/hang with vt-d DMAR parsing, Jan Beulich
Next by Thread:  Re: [Xen-devel] Xen 4.0.0-rc7 problem/hang with vt-d DMAR parsing, Jan Beulich
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy