WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-changelog

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Xen-changelog] [xen-unstable] VT-d: improve RMRR validity checking

from [Xen patchbot-unstable] [Permanent Link][Original]
To: xen-changelog@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-changelog] [xen-unstable] VT-d: improve RMRR validity checking
From: Xen patchbot-unstable <patchbot-unstable@xxxxxxxxxxxxxxxxxxx>
Date: Mon, 25 Jan 2010 23:55:11 -0800
Delivery-date: Mon, 25 Jan 2010 23:55:14 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-changelog-request@lists.xensource.com?subject=help>
List-id: BK change log <xen-changelog.lists.xensource.com>
List-post: <mailto:xen-changelog@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=unsubscribe>
Reply-to: xen-devel@xxxxxxxxxxxxxxxxxxx
Sender: xen-changelog-bounces@xxxxxxxxxxxxxxxxxxx 
# HG changeset patch
# User Keir Fraser <keir.fraser@xxxxxxxxxx>
# Date 1264235004 0
# Node ID 7d65247d5f067ac745a73f62696408ad2589fecf
# Parent  4978b4a4bbb69171abc9e92fddaa2b61189a177f
VT-d: improve RMRR validity checking

In order to make Xen more defensive to VT-d related BIOS issue, this
patch ignores a DRHD if all devices under its scope are not pci
discoverable, and regards a DRHD as invalid and then disable whole
VT-d if some devices under its scope are not pci discoverable. But if
iommu=force is set, it will enable all DRHDs reported by BIOS, to
avoid any security vulnerability with malicious s/s re-enabling
"supposed disabled" devices.  Pls note that we don't know the devices
under the "Include_all" DRHD are existent or not, because the scope of
"Include_all" DRHD won't enumerate common pci device, it only
enumerates I/OxAPIC and HPET devices.

Signed-off-by: Noboru Iwamatsu <n_iwamatsu@xxxxxxxxxxxxxx>
Signed-off-by: Weidong Han <weidong.han@xxxxxxxxx>
---
 xen/drivers/passthrough/vtd/dmar.c |   43 ++++++++++++++++++++++++++++++++++++-
 1 files changed, 42 insertions(+), 1 deletion(-)

diff -r 4978b4a4bbb6 -r 7d65247d5f06 xen/drivers/passthrough/vtd/dmar.c
--- a/xen/drivers/passthrough/vtd/dmar.c        Fri Jan 22 13:32:26 2010 +0000
+++ b/xen/drivers/passthrough/vtd/dmar.c        Sat Jan 23 08:23:24 2010 +0000
@@ -396,8 +396,49 @@ acpi_parse_one_drhd(struct acpi_dmar_ent
 
     if ( ret )
         xfree(dmaru);
+    else if ( force_iommu || dmaru->include_all )
+        acpi_register_drhd_unit(dmaru);
     else
-        acpi_register_drhd_unit(dmaru);
+    {
+        u8 b, d, f;
+        int i, invalid_cnt = 0;
+
+        for ( i = 0; i < dmaru->scope.devices_cnt; i++ )
+        {
+            b = PCI_BUS(dmaru->scope.devices[i]);
+            d = PCI_SLOT(dmaru->scope.devices[i]);
+            f = PCI_FUNC(dmaru->scope.devices[i]);
+
+            if ( pci_device_detect(b, d, f) == 0 )
+            {
+                dprintk(XENLOG_WARNING VTDPREFIX,
+                    "  Non-existent device (%x:%x.%x) is reported "
+                    "in this DRHD's scope!\n", b, d, f);
+                invalid_cnt++;
+            }
+        }
+
+        if ( invalid_cnt )
+        {
+            xfree(dmaru);
+            if ( invalid_cnt == dmaru->scope.devices_cnt )
+            {
+                dprintk(XENLOG_WARNING VTDPREFIX,
+                    "  Ignore the DRHD due to all devices under "
+                    "its scope are not PCI discoverable!\n");
+            }
+            else
+            {
+                dprintk(XENLOG_WARNING VTDPREFIX,
+                    "  The DRHD is invalid due to some devices under "
+                    "its scope are not PCI discoverable!\n");
+                ret = -EINVAL;
+            }
+        }
+        else
+            acpi_register_drhd_unit(dmaru);
+    }
+
     return ret;
 }
 

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Xen-changelog] [xen-unstable] Get libconfig tarball from xenbits, Xen patchbot-unstable
Next by Date:  [Xen-changelog] [xen-unstable] pv-on-hvm: Only unplug emulated devices if requested via module parameter., Xen patchbot-unstable
Previous by Thread:  [Xen-changelog] [xen-unstable] VT-d: improve RMRR validity checking, Xen patchbot-unstable
Next by Thread:  [Xen-changelog] [xen-unstable] xentrace: XC_PAGE_SIZE should be used, Xen patchbot-unstable
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy