[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] Ping #2: [PATCH] VT-d: protect against bogus information coming from BIOS



The first ping was sent over a week ago, and I'll assume silent
agreement if I won't hear back otherwise in a day or two. (I would,
btw, have wanted this to also go into 4.2.3 and 4.1.6, but likely
it's going to be too late now for this, and thus for the 4.1 branch
altogether.)

Jan

>>> On 10.07.13 at 12:26, "Jan Beulich" <JBeulich@xxxxxxxx> wrote:
> Add checks similar to those done by Linux: The DRHD address must not
> be all zeros or all ones (Linux only checks for zero), and capabilities
> as well as extended capabilities must not be all ones.
> 
> Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
> 
> --- a/xen/drivers/passthrough/vtd/dmar.c
> +++ b/xen/drivers/passthrough/vtd/dmar.c
> @@ -447,6 +447,9 @@ acpi_parse_one_drhd(struct acpi_dmar_hea
>      if ( (ret = acpi_dmar_check_length(header, sizeof(*drhd))) != 0 )
>          return ret;
>  
> +    if ( !drhd->address || !(drhd->address + 1) )
> +        return -ENODEV;
> +
>      dmaru = xzalloc(struct acpi_drhd_unit);
>      if ( !dmaru )
>          return -ENOMEM;
> --- a/xen/drivers/passthrough/vtd/iommu.c
> +++ b/xen/drivers/passthrough/vtd/iommu.c
> @@ -1159,6 +1159,9 @@ int __init iommu_alloc(struct acpi_drhd_
>          dprintk(VTDPREFIX,
>                  "cap = %"PRIx64" ecap = %"PRIx64"\n", iommu->cap, 
> iommu->ecap);
>      }
> +    if ( !(iommu->cap + 1) || !(iommu->ecap + 1) )
> +        return -ENODEV;
> +
>      if ( cap_fault_reg_offset(iommu->cap) +
>           cap_num_fault_regs(iommu->cap) * PRIMARY_FAULT_REG_LEN >= PAGE_SIZE 
> ||
>           ecap_iotlb_offset(iommu->ecap) >= PAGE_SIZE )




_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.