All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH] VT-d: protect against bogus information coming from BIOS
@ 2013-07-10 10:26 Jan Beulich
  2013-07-10 11:32 ` Ben Guthro
  2013-08-05 13:06 ` Ping: " Jan Beulich
  0 siblings, 2 replies; 5+ messages in thread
From: Jan Beulich @ 2013-07-10 10:26 UTC (permalink / raw)
  To: xen-devel; +Cc: Ben Guthro, xiantao.zhang

[-- Attachment #1: Type: text/plain, Size: 1209 bytes --]

Add checks similar to those done by Linux: The DRHD address must not
be all zeros or all ones (Linux only checks for zero), and capabilities
as well as extended capabilities must not be all ones.

Signed-off-by: Jan Beulich <jbeulich@suse.com>

--- a/xen/drivers/passthrough/vtd/dmar.c
+++ b/xen/drivers/passthrough/vtd/dmar.c
@@ -447,6 +447,9 @@ acpi_parse_one_drhd(struct acpi_dmar_hea
     if ( (ret = acpi_dmar_check_length(header, sizeof(*drhd))) != 0 )
         return ret;
 
+    if ( !drhd->address || !(drhd->address + 1) )
+        return -ENODEV;
+
     dmaru = xzalloc(struct acpi_drhd_unit);
     if ( !dmaru )
         return -ENOMEM;
--- a/xen/drivers/passthrough/vtd/iommu.c
+++ b/xen/drivers/passthrough/vtd/iommu.c
@@ -1159,6 +1159,9 @@ int __init iommu_alloc(struct acpi_drhd_
         dprintk(VTDPREFIX,
                 "cap = %"PRIx64" ecap = %"PRIx64"\n", iommu->cap, iommu->ecap);
     }
+    if ( !(iommu->cap + 1) || !(iommu->ecap + 1) )
+        return -ENODEV;
+
     if ( cap_fault_reg_offset(iommu->cap) +
          cap_num_fault_regs(iommu->cap) * PRIMARY_FAULT_REG_LEN >= PAGE_SIZE ||
          ecap_iotlb_offset(iommu->ecap) >= PAGE_SIZE )




[-- Attachment #2: VT-d-protect-broken.patch --]
[-- Type: text/plain, Size: 1263 bytes --]

VT-d: protect against bogus information coming from BIOS

Add checks similar to those done by Linux: The DRHD address must not
be all zeros or all ones (Linux only checks for zero), and capabilities
as well as extended capabilities must not be all ones.

Signed-off-by: Jan Beulich <jbeulich@suse.com>

--- a/xen/drivers/passthrough/vtd/dmar.c
+++ b/xen/drivers/passthrough/vtd/dmar.c
@@ -447,6 +447,9 @@ acpi_parse_one_drhd(struct acpi_dmar_hea
     if ( (ret = acpi_dmar_check_length(header, sizeof(*drhd))) != 0 )
         return ret;
 
+    if ( !drhd->address || !(drhd->address + 1) )
+        return -ENODEV;
+
     dmaru = xzalloc(struct acpi_drhd_unit);
     if ( !dmaru )
         return -ENOMEM;
--- a/xen/drivers/passthrough/vtd/iommu.c
+++ b/xen/drivers/passthrough/vtd/iommu.c
@@ -1159,6 +1159,9 @@ int __init iommu_alloc(struct acpi_drhd_
         dprintk(VTDPREFIX,
                 "cap = %"PRIx64" ecap = %"PRIx64"\n", iommu->cap, iommu->ecap);
     }
+    if ( !(iommu->cap + 1) || !(iommu->ecap + 1) )
+        return -ENODEV;
+
     if ( cap_fault_reg_offset(iommu->cap) +
          cap_num_fault_regs(iommu->cap) * PRIMARY_FAULT_REG_LEN >= PAGE_SIZE ||
          ecap_iotlb_offset(iommu->ecap) >= PAGE_SIZE )

[-- Attachment #3: Type: text/plain, Size: 126 bytes --]

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: [PATCH] VT-d: protect against bogus information coming from BIOS
  2013-07-10 10:26 [PATCH] VT-d: protect against bogus information coming from BIOS Jan Beulich
@ 2013-07-10 11:32 ` Ben Guthro
  2013-08-05 13:06 ` Ping: " Jan Beulich
  1 sibling, 0 replies; 5+ messages in thread
From: Ben Guthro @ 2013-07-10 11:32 UTC (permalink / raw)
  To: Jan Beulich; +Cc: xiantao.zhang, xen-devel

On Wed, Jul 10, 2013 at 6:26 AM, Jan Beulich <JBeulich@suse.com> wrote:
> Add checks similar to those done by Linux: The DRHD address must not
> be all zeros or all ones (Linux only checks for zero), and capabilities
> as well as extended capabilities must not be all ones.
>
> Signed-off-by: Jan Beulich <jbeulich@suse.com>
Tested-by: Ben Guthro <benjamin.guthro@citrix.com>

>
> --- a/xen/drivers/passthrough/vtd/dmar.c
> +++ b/xen/drivers/passthrough/vtd/dmar.c
> @@ -447,6 +447,9 @@ acpi_parse_one_drhd(struct acpi_dmar_hea
>      if ( (ret = acpi_dmar_check_length(header, sizeof(*drhd))) != 0 )
>          return ret;
>
> +    if ( !drhd->address || !(drhd->address + 1) )
> +        return -ENODEV;
> +
>      dmaru = xzalloc(struct acpi_drhd_unit);
>      if ( !dmaru )
>          return -ENOMEM;
> --- a/xen/drivers/passthrough/vtd/iommu.c
> +++ b/xen/drivers/passthrough/vtd/iommu.c
> @@ -1159,6 +1159,9 @@ int __init iommu_alloc(struct acpi_drhd_
>          dprintk(VTDPREFIX,
>                  "cap = %"PRIx64" ecap = %"PRIx64"\n", iommu->cap, iommu->ecap);
>      }
> +    if ( !(iommu->cap + 1) || !(iommu->ecap + 1) )
> +        return -ENODEV;
> +
>      if ( cap_fault_reg_offset(iommu->cap) +
>           cap_num_fault_regs(iommu->cap) * PRIMARY_FAULT_REG_LEN >= PAGE_SIZE ||
>           ecap_iotlb_offset(iommu->ecap) >= PAGE_SIZE )
>
>
>

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Ping: [PATCH] VT-d: protect against bogus information coming from BIOS
  2013-07-10 10:26 [PATCH] VT-d: protect against bogus information coming from BIOS Jan Beulich
  2013-07-10 11:32 ` Ben Guthro
@ 2013-08-05 13:06 ` Jan Beulich
  2013-08-05 13:10   ` Ben Guthro
  2013-08-05 14:55   ` Andrew Cooper
  1 sibling, 2 replies; 5+ messages in thread
From: Jan Beulich @ 2013-08-05 13:06 UTC (permalink / raw)
  To: xiantao.zhang; +Cc: Ben Guthro, xen-devel

Ping?

>>> On 10.07.13 at 12:26, "Jan Beulich" <JBeulich@suse.com> wrote:
> Add checks similar to those done by Linux: The DRHD address must not
> be all zeros or all ones (Linux only checks for zero), and capabilities
> as well as extended capabilities must not be all ones.
> 
> Signed-off-by: Jan Beulich <jbeulich@suse.com>
> 
> --- a/xen/drivers/passthrough/vtd/dmar.c
> +++ b/xen/drivers/passthrough/vtd/dmar.c
> @@ -447,6 +447,9 @@ acpi_parse_one_drhd(struct acpi_dmar_hea
>      if ( (ret = acpi_dmar_check_length(header, sizeof(*drhd))) != 0 )
>          return ret;
>  
> +    if ( !drhd->address || !(drhd->address + 1) )
> +        return -ENODEV;
> +
>      dmaru = xzalloc(struct acpi_drhd_unit);
>      if ( !dmaru )
>          return -ENOMEM;
> --- a/xen/drivers/passthrough/vtd/iommu.c
> +++ b/xen/drivers/passthrough/vtd/iommu.c
> @@ -1159,6 +1159,9 @@ int __init iommu_alloc(struct acpi_drhd_
>          dprintk(VTDPREFIX,
>                  "cap = %"PRIx64" ecap = %"PRIx64"\n", iommu->cap, iommu->ecap);
>      }
> +    if ( !(iommu->cap + 1) || !(iommu->ecap + 1) )
> +        return -ENODEV;
> +
>      if ( cap_fault_reg_offset(iommu->cap) +
>           cap_num_fault_regs(iommu->cap) * PRIMARY_FAULT_REG_LEN >= PAGE_SIZE 
> ||
>           ecap_iotlb_offset(iommu->ecap) >= PAGE_SIZE )

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: Ping: [PATCH] VT-d: protect against bogus information coming from BIOS
  2013-08-05 13:06 ` Ping: " Jan Beulich
@ 2013-08-05 13:10   ` Ben Guthro
  2013-08-05 14:55   ` Andrew Cooper
  1 sibling, 0 replies; 5+ messages in thread
From: Ben Guthro @ 2013-08-05 13:10 UTC (permalink / raw)
  To: Jan Beulich; +Cc: xiantao.zhang, xen-devel


[-- Attachment #1.1: Type: text/plain, Size: 1549 bytes --]

On Mon, Aug 5, 2013 at 9:06 AM, Jan Beulich <JBeulich@suse.com> wrote:

> Ping?
>
> >>> On 10.07.13 at 12:26, "Jan Beulich" <JBeulich@suse.com> wrote:
> > Add checks similar to those done by Linux: The DRHD address must not
> > be all zeros or all ones (Linux only checks for zero), and capabilities
> > as well as extended capabilities must not be all ones.
> >
> > Signed-off-by: Jan Beulich <jbeulich@suse.com>
> >
>

Looks OK to me, FWIW

You can add
Reviewed-by: Ben Guthro <benjamin.guthro@citrix.com>



> > --- a/xen/drivers/passthrough/vtd/dmar.c
> > +++ b/xen/drivers/passthrough/vtd/dmar.c
> > @@ -447,6 +447,9 @@ acpi_parse_one_drhd(struct acpi_dmar_hea
> >      if ( (ret = acpi_dmar_check_length(header, sizeof(*drhd))) != 0 )
> >          return ret;
> >
> > +    if ( !drhd->address || !(drhd->address + 1) )
> > +        return -ENODEV;
> > +
> >      dmaru = xzalloc(struct acpi_drhd_unit);
> >      if ( !dmaru )
> >          return -ENOMEM;
> > --- a/xen/drivers/passthrough/vtd/iommu.c
> > +++ b/xen/drivers/passthrough/vtd/iommu.c
> > @@ -1159,6 +1159,9 @@ int __init iommu_alloc(struct acpi_drhd_
> >          dprintk(VTDPREFIX,
> >                  "cap = %"PRIx64" ecap = %"PRIx64"\n", iommu->cap,
> iommu->ecap);
> >      }
> > +    if ( !(iommu->cap + 1) || !(iommu->ecap + 1) )
> > +        return -ENODEV;
> > +
> >      if ( cap_fault_reg_offset(iommu->cap) +
> >           cap_num_fault_regs(iommu->cap) * PRIMARY_FAULT_REG_LEN >=
> PAGE_SIZE
> > ||
> >           ecap_iotlb_offset(iommu->ecap) >= PAGE_SIZE )
>
>
>
>

[-- Attachment #1.2: Type: text/html, Size: 2418 bytes --]

[-- Attachment #2: Type: text/plain, Size: 126 bytes --]

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: Ping: [PATCH] VT-d: protect against bogus information coming from BIOS
  2013-08-05 13:06 ` Ping: " Jan Beulich
  2013-08-05 13:10   ` Ben Guthro
@ 2013-08-05 14:55   ` Andrew Cooper
  1 sibling, 0 replies; 5+ messages in thread
From: Andrew Cooper @ 2013-08-05 14:55 UTC (permalink / raw)
  To: Jan Beulich; +Cc: Ben Guthro, xiantao.zhang, xen-devel

On 05/08/13 14:06, Jan Beulich wrote:
> Ping?
>
>>>> On 10.07.13 at 12:26, "Jan Beulich" <JBeulich@suse.com> wrote:
>> Add checks similar to those done by Linux: The DRHD address must not
>> be all zeros or all ones (Linux only checks for zero), and capabilities
>> as well as extended capabilities must not be all ones.
>>
>> Signed-off-by: Jan Beulich <jbeulich@suse.com>

Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>

>>
>> --- a/xen/drivers/passthrough/vtd/dmar.c
>> +++ b/xen/drivers/passthrough/vtd/dmar.c
>> @@ -447,6 +447,9 @@ acpi_parse_one_drhd(struct acpi_dmar_hea
>>      if ( (ret = acpi_dmar_check_length(header, sizeof(*drhd))) != 0 )
>>          return ret;
>>  
>> +    if ( !drhd->address || !(drhd->address + 1) )
>> +        return -ENODEV;
>> +
>>      dmaru = xzalloc(struct acpi_drhd_unit);
>>      if ( !dmaru )
>>          return -ENOMEM;
>> --- a/xen/drivers/passthrough/vtd/iommu.c
>> +++ b/xen/drivers/passthrough/vtd/iommu.c
>> @@ -1159,6 +1159,9 @@ int __init iommu_alloc(struct acpi_drhd_
>>          dprintk(VTDPREFIX,
>>                  "cap = %"PRIx64" ecap = %"PRIx64"\n", iommu->cap, iommu->ecap);
>>      }
>> +    if ( !(iommu->cap + 1) || !(iommu->ecap + 1) )
>> +        return -ENODEV;
>> +
>>      if ( cap_fault_reg_offset(iommu->cap) +
>>           cap_num_fault_regs(iommu->cap) * PRIMARY_FAULT_REG_LEN >= PAGE_SIZE 
>> ||
>>           ecap_iotlb_offset(iommu->ecap) >= PAGE_SIZE )
>
>
>
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@lists.xen.org
> http://lists.xen.org/xen-devel

^ permalink raw reply	[flat|nested] 5+ messages in thread
end of thread, other threads:[~2013-08-05 14:55 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2013-07-10 10:26 [PATCH] VT-d: protect against bogus information coming from BIOS Jan Beulich
2013-07-10 11:32 ` Ben Guthro
2013-08-05 13:06 ` Ping: " Jan Beulich
2013-08-05 13:10   ` Ben Guthro
2013-08-05 14:55   ` Andrew Cooper

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.