WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

Re: [Xen-devel] [PATCH] VT-d: improve RMRR validity checking

To: weidong.han@xxxxxxxxx
Subject: Re: [Xen-devel] [PATCH] VT-d: improve RMRR validity checking
From: Noboru Iwamatsu <n_iwamatsu@xxxxxxxxxxxxxx>
Date: Thu, 21 Jan 2010 19:08:09 +0900
Cc: xen-devel@xxxxxxxxxxxxxxxxxxx
Delivery-date: Thu, 21 Jan 2010 02:08:52 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <4B582665.300@xxxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <60E426D47DE8EA47AA104E65008A100D14458756F3@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx> <4B580F8C.5090807@xxxxxxxxxxxxxx> <60E426D47DE8EA47AA104E65008A100D14458759D3@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx> <4B582665.300@xxxxxxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; ja; rv:1.9.1.7) Gecko/20100111 Thunderbird/3.0.1
> So, I think RMRR that has no-existent device is valid.

Sorry this is typo.
I mean:
So, I think RMRR that has no-existent device is "invalid"
and whole RMRR should be ignored.

Noboru.

Hi,

After registered invalid DRHDs, Xen hangs in boot time.

About RMRR, I understood the logic.
In my mainboard, unfortunately, RMRR has non-existent device under
its scope, and to make matters worse, the RMRR range is invalid.
So, I think RMRR that has no-existent device is valid.

How do you think about these?

Hi Noboru,

You should not ignore DRHD even if devices under its scope are not pci
discoverable. For the sake of security, we still enable these DRHDs
but don't set any context mappings. In that case, any DMA that comes
from these "supposedly disabled" devices will get blocked by VT-d, and
hence avoid any security vulnerability with malicious s/w re-enabling
these devices.

You RMRR validity fixing is wrong. My RMRR patch is no problem. Pls
note that the RMRR checking logic is:
If all devices under RMRR's scope are not pci discoverable
Ignore the RMRR
Else if base_address> end_address
Return error
Else
Register RMRR

Regards,
Weidong


-----Original Message-----
From: Noboru Iwamatsu [mailto:n_iwamatsu@xxxxxxxxxxxxxx]
Sent: Thursday, January 21, 2010 4:26 PM
To: Han, Weidong
Cc: xen-devel@xxxxxxxxxxxxxxxxxxx; keir.fraser@xxxxxxxxxxxxx
Subject: Re: [Xen-devel] [PATCH] VT-d: improve RMRR validity checking

Hi,

Some Q35 mainboard that has buggy BIOS, I have one of this, reports
invalid DRHD in addition to the invalid RMRR.

Attached patch fixes this DRHD issue in the same way as RMRR.
And also, I fixed RMRR validity checking loop.

Noboru.

Signed-off-by: Noboru Iwamatsu<n_iwamatsu@xxxxxxxxxxxxxx>


-------- Original Message --------
Subject: [Xen-devel] [PATCH] VT-d: improve RMRR validity checking
From: Han, Weidong<weidong.han@xxxxxxxxx>
To: xen-devel@xxxxxxxxxxxxxxxxxxx<xen-devel@xxxxxxxxxxxxxxxxxxx>
Date: Thu Jan 21 2010 11:46:12 GMT+0900

Currently, Xen checks RMRR range and disables VT-d if RMRR range is
set incorrectly in BIOS rigorously. But, actually we can ignore the
RMRR if the device under its scope are not pci discoverable, because
the RMRR won't be used by non-existed or disabled devices.

This patch ignores the RMRR if the device under its scope are not pci
discoverable, and only checks the validity of RMRRs that are actually
used. In order to avoid duplicate pci device detection code, this
patch defines a function pci_device_detect for it.

Signed-off-by: Weidong Han<weidong.han@xxxxxxxxx>



_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel




_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel



_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel