[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH] VT-d: protect against bogus information coming from BIOS



On Wed, Jul 10, 2013 at 6:26 AM, Jan Beulich <JBeulich@xxxxxxxx> wrote:
> Add checks similar to those done by Linux: The DRHD address must not
> be all zeros or all ones (Linux only checks for zero), and capabilities
> as well as extended capabilities must not be all ones.
>
> Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
Tested-by: Ben Guthro <benjamin.guthro@xxxxxxxxxx>

>
> --- a/xen/drivers/passthrough/vtd/dmar.c
> +++ b/xen/drivers/passthrough/vtd/dmar.c
> @@ -447,6 +447,9 @@ acpi_parse_one_drhd(struct acpi_dmar_hea
>      if ( (ret = acpi_dmar_check_length(header, sizeof(*drhd))) != 0 )
>          return ret;
>
> +    if ( !drhd->address || !(drhd->address + 1) )
> +        return -ENODEV;
> +
>      dmaru = xzalloc(struct acpi_drhd_unit);
>      if ( !dmaru )
>          return -ENOMEM;
> --- a/xen/drivers/passthrough/vtd/iommu.c
> +++ b/xen/drivers/passthrough/vtd/iommu.c
> @@ -1159,6 +1159,9 @@ int __init iommu_alloc(struct acpi_drhd_
>          dprintk(VTDPREFIX,
>                  "cap = %"PRIx64" ecap = %"PRIx64"\n", iommu->cap, 
> iommu->ecap);
>      }
> +    if ( !(iommu->cap + 1) || !(iommu->ecap + 1) )
> +        return -ENODEV;
> +
>      if ( cap_fault_reg_offset(iommu->cap) +
>           cap_num_fault_regs(iommu->cap) * PRIMARY_FAULT_REG_LEN >= PAGE_SIZE 
> ||
>           ecap_iotlb_offset(iommu->ecap) >= PAGE_SIZE )
>
>
>

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.