* [PATCH] VT-d: protect against bogus information coming from BIOS
@ 2013-07-10 10:26 Jan Beulich
2013-07-10 11:32 ` Ben Guthro
2013-08-05 13:06 ` Ping: " Jan Beulich
0 siblings, 2 replies; 5+ messages in thread
From: Jan Beulich @ 2013-07-10 10:26 UTC (permalink / raw)
To: xen-devel; +Cc: Ben Guthro, xiantao.zhang
[-- Attachment #1: Type: text/plain, Size: 1209 bytes --]
Add checks similar to those done by Linux: The DRHD address must not
be all zeros or all ones (Linux only checks for zero), and capabilities
as well as extended capabilities must not be all ones.
Signed-off-by: Jan Beulich <jbeulich@suse.com>
--- a/xen/drivers/passthrough/vtd/dmar.c
+++ b/xen/drivers/passthrough/vtd/dmar.c
@@ -447,6 +447,9 @@ acpi_parse_one_drhd(struct acpi_dmar_hea
if ( (ret = acpi_dmar_check_length(header, sizeof(*drhd))) != 0 )
return ret;
+ if ( !drhd->address || !(drhd->address + 1) )
+ return -ENODEV;
+
dmaru = xzalloc(struct acpi_drhd_unit);
if ( !dmaru )
return -ENOMEM;
--- a/xen/drivers/passthrough/vtd/iommu.c
+++ b/xen/drivers/passthrough/vtd/iommu.c
@@ -1159,6 +1159,9 @@ int __init iommu_alloc(struct acpi_drhd_
dprintk(VTDPREFIX,
"cap = %"PRIx64" ecap = %"PRIx64"\n", iommu->cap, iommu->ecap);
}
+ if ( !(iommu->cap + 1) || !(iommu->ecap + 1) )
+ return -ENODEV;
+
if ( cap_fault_reg_offset(iommu->cap) +
cap_num_fault_regs(iommu->cap) * PRIMARY_FAULT_REG_LEN >= PAGE_SIZE ||
ecap_iotlb_offset(iommu->ecap) >= PAGE_SIZE )
[-- Attachment #2: VT-d-protect-broken.patch --]
[-- Type: text/plain, Size: 1263 bytes --]
VT-d: protect against bogus information coming from BIOS
Add checks similar to those done by Linux: The DRHD address must not
be all zeros or all ones (Linux only checks for zero), and capabilities
as well as extended capabilities must not be all ones.
Signed-off-by: Jan Beulich <jbeulich@suse.com>
--- a/xen/drivers/passthrough/vtd/dmar.c
+++ b/xen/drivers/passthrough/vtd/dmar.c
@@ -447,6 +447,9 @@ acpi_parse_one_drhd(struct acpi_dmar_hea
if ( (ret = acpi_dmar_check_length(header, sizeof(*drhd))) != 0 )
return ret;
+ if ( !drhd->address || !(drhd->address + 1) )
+ return -ENODEV;
+
dmaru = xzalloc(struct acpi_drhd_unit);
if ( !dmaru )
return -ENOMEM;
--- a/xen/drivers/passthrough/vtd/iommu.c
+++ b/xen/drivers/passthrough/vtd/iommu.c
@@ -1159,6 +1159,9 @@ int __init iommu_alloc(struct acpi_drhd_
dprintk(VTDPREFIX,
"cap = %"PRIx64" ecap = %"PRIx64"\n", iommu->cap, iommu->ecap);
}
+ if ( !(iommu->cap + 1) || !(iommu->ecap + 1) )
+ return -ENODEV;
+
if ( cap_fault_reg_offset(iommu->cap) +
cap_num_fault_regs(iommu->cap) * PRIMARY_FAULT_REG_LEN >= PAGE_SIZE ||
ecap_iotlb_offset(iommu->ecap) >= PAGE_SIZE )
[-- Attachment #3: Type: text/plain, Size: 126 bytes --]
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] VT-d: protect against bogus information coming from BIOS
2013-07-10 10:26 [PATCH] VT-d: protect against bogus information coming from BIOS Jan Beulich
@ 2013-07-10 11:32 ` Ben Guthro
2013-08-05 13:06 ` Ping: " Jan Beulich
1 sibling, 0 replies; 5+ messages in thread
From: Ben Guthro @ 2013-07-10 11:32 UTC (permalink / raw)
To: Jan Beulich; +Cc: xiantao.zhang, xen-devel
On Wed, Jul 10, 2013 at 6:26 AM, Jan Beulich <JBeulich@suse.com> wrote:
> Add checks similar to those done by Linux: The DRHD address must not
> be all zeros or all ones (Linux only checks for zero), and capabilities
> as well as extended capabilities must not be all ones.
>
> Signed-off-by: Jan Beulich <jbeulich@suse.com>
Tested-by: Ben Guthro <benjamin.guthro@citrix.com>
>
> --- a/xen/drivers/passthrough/vtd/dmar.c
> +++ b/xen/drivers/passthrough/vtd/dmar.c
> @@ -447,6 +447,9 @@ acpi_parse_one_drhd(struct acpi_dmar_hea
> if ( (ret = acpi_dmar_check_length(header, sizeof(*drhd))) != 0 )
> return ret;
>
> + if ( !drhd->address || !(drhd->address + 1) )
> + return -ENODEV;
> +
> dmaru = xzalloc(struct acpi_drhd_unit);
> if ( !dmaru )
> return -ENOMEM;
> --- a/xen/drivers/passthrough/vtd/iommu.c
> +++ b/xen/drivers/passthrough/vtd/iommu.c
> @@ -1159,6 +1159,9 @@ int __init iommu_alloc(struct acpi_drhd_
> dprintk(VTDPREFIX,
> "cap = %"PRIx64" ecap = %"PRIx64"\n", iommu->cap, iommu->ecap);
> }
> + if ( !(iommu->cap + 1) || !(iommu->ecap + 1) )
> + return -ENODEV;
> +
> if ( cap_fault_reg_offset(iommu->cap) +
> cap_num_fault_regs(iommu->cap) * PRIMARY_FAULT_REG_LEN >= PAGE_SIZE ||
> ecap_iotlb_offset(iommu->ecap) >= PAGE_SIZE )
>
>
>
^ permalink raw reply [flat|nested] 5+ messages in thread
* Ping: [PATCH] VT-d: protect against bogus information coming from BIOS
2013-07-10 10:26 [PATCH] VT-d: protect against bogus information coming from BIOS Jan Beulich
2013-07-10 11:32 ` Ben Guthro
@ 2013-08-05 13:06 ` Jan Beulich
2013-08-05 13:10 ` Ben Guthro
2013-08-05 14:55 ` Andrew Cooper
1 sibling, 2 replies; 5+ messages in thread
From: Jan Beulich @ 2013-08-05 13:06 UTC (permalink / raw)
To: xiantao.zhang; +Cc: Ben Guthro, xen-devel
Ping?
>>> On 10.07.13 at 12:26, "Jan Beulich" <JBeulich@suse.com> wrote:
> Add checks similar to those done by Linux: The DRHD address must not
> be all zeros or all ones (Linux only checks for zero), and capabilities
> as well as extended capabilities must not be all ones.
>
> Signed-off-by: Jan Beulich <jbeulich@suse.com>
>
> --- a/xen/drivers/passthrough/vtd/dmar.c
> +++ b/xen/drivers/passthrough/vtd/dmar.c
> @@ -447,6 +447,9 @@ acpi_parse_one_drhd(struct acpi_dmar_hea
> if ( (ret = acpi_dmar_check_length(header, sizeof(*drhd))) != 0 )
> return ret;
>
> + if ( !drhd->address || !(drhd->address + 1) )
> + return -ENODEV;
> +
> dmaru = xzalloc(struct acpi_drhd_unit);
> if ( !dmaru )
> return -ENOMEM;
> --- a/xen/drivers/passthrough/vtd/iommu.c
> +++ b/xen/drivers/passthrough/vtd/iommu.c
> @@ -1159,6 +1159,9 @@ int __init iommu_alloc(struct acpi_drhd_
> dprintk(VTDPREFIX,
> "cap = %"PRIx64" ecap = %"PRIx64"\n", iommu->cap, iommu->ecap);
> }
> + if ( !(iommu->cap + 1) || !(iommu->ecap + 1) )
> + return -ENODEV;
> +
> if ( cap_fault_reg_offset(iommu->cap) +
> cap_num_fault_regs(iommu->cap) * PRIMARY_FAULT_REG_LEN >= PAGE_SIZE
> ||
> ecap_iotlb_offset(iommu->ecap) >= PAGE_SIZE )
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Ping: [PATCH] VT-d: protect against bogus information coming from BIOS
2013-08-05 13:06 ` Ping: " Jan Beulich
@ 2013-08-05 13:10 ` Ben Guthro
2013-08-05 14:55 ` Andrew Cooper
1 sibling, 0 replies; 5+ messages in thread
From: Ben Guthro @ 2013-08-05 13:10 UTC (permalink / raw)
To: Jan Beulich; +Cc: xiantao.zhang, xen-devel
[-- Attachment #1.1: Type: text/plain, Size: 1549 bytes --]
On Mon, Aug 5, 2013 at 9:06 AM, Jan Beulich <JBeulich@suse.com> wrote:
> Ping?
>
> >>> On 10.07.13 at 12:26, "Jan Beulich" <JBeulich@suse.com> wrote:
> > Add checks similar to those done by Linux: The DRHD address must not
> > be all zeros or all ones (Linux only checks for zero), and capabilities
> > as well as extended capabilities must not be all ones.
> >
> > Signed-off-by: Jan Beulich <jbeulich@suse.com>
> >
>
Looks OK to me, FWIW
You can add
Reviewed-by: Ben Guthro <benjamin.guthro@citrix.com>
> > --- a/xen/drivers/passthrough/vtd/dmar.c
> > +++ b/xen/drivers/passthrough/vtd/dmar.c
> > @@ -447,6 +447,9 @@ acpi_parse_one_drhd(struct acpi_dmar_hea
> > if ( (ret = acpi_dmar_check_length(header, sizeof(*drhd))) != 0 )
> > return ret;
> >
> > + if ( !drhd->address || !(drhd->address + 1) )
> > + return -ENODEV;
> > +
> > dmaru = xzalloc(struct acpi_drhd_unit);
> > if ( !dmaru )
> > return -ENOMEM;
> > --- a/xen/drivers/passthrough/vtd/iommu.c
> > +++ b/xen/drivers/passthrough/vtd/iommu.c
> > @@ -1159,6 +1159,9 @@ int __init iommu_alloc(struct acpi_drhd_
> > dprintk(VTDPREFIX,
> > "cap = %"PRIx64" ecap = %"PRIx64"\n", iommu->cap,
> iommu->ecap);
> > }
> > + if ( !(iommu->cap + 1) || !(iommu->ecap + 1) )
> > + return -ENODEV;
> > +
> > if ( cap_fault_reg_offset(iommu->cap) +
> > cap_num_fault_regs(iommu->cap) * PRIMARY_FAULT_REG_LEN >=
> PAGE_SIZE
> > ||
> > ecap_iotlb_offset(iommu->ecap) >= PAGE_SIZE )
>
>
>
>
[-- Attachment #1.2: Type: text/html, Size: 2418 bytes --]
[-- Attachment #2: Type: text/plain, Size: 126 bytes --]
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Ping: [PATCH] VT-d: protect against bogus information coming from BIOS
2013-08-05 13:06 ` Ping: " Jan Beulich
2013-08-05 13:10 ` Ben Guthro
@ 2013-08-05 14:55 ` Andrew Cooper
1 sibling, 0 replies; 5+ messages in thread
From: Andrew Cooper @ 2013-08-05 14:55 UTC (permalink / raw)
To: Jan Beulich; +Cc: Ben Guthro, xiantao.zhang, xen-devel
On 05/08/13 14:06, Jan Beulich wrote:
> Ping?
>
>>>> On 10.07.13 at 12:26, "Jan Beulich" <JBeulich@suse.com> wrote:
>> Add checks similar to those done by Linux: The DRHD address must not
>> be all zeros or all ones (Linux only checks for zero), and capabilities
>> as well as extended capabilities must not be all ones.
>>
>> Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
>>
>> --- a/xen/drivers/passthrough/vtd/dmar.c
>> +++ b/xen/drivers/passthrough/vtd/dmar.c
>> @@ -447,6 +447,9 @@ acpi_parse_one_drhd(struct acpi_dmar_hea
>> if ( (ret = acpi_dmar_check_length(header, sizeof(*drhd))) != 0 )
>> return ret;
>>
>> + if ( !drhd->address || !(drhd->address + 1) )
>> + return -ENODEV;
>> +
>> dmaru = xzalloc(struct acpi_drhd_unit);
>> if ( !dmaru )
>> return -ENOMEM;
>> --- a/xen/drivers/passthrough/vtd/iommu.c
>> +++ b/xen/drivers/passthrough/vtd/iommu.c
>> @@ -1159,6 +1159,9 @@ int __init iommu_alloc(struct acpi_drhd_
>> dprintk(VTDPREFIX,
>> "cap = %"PRIx64" ecap = %"PRIx64"\n", iommu->cap, iommu->ecap);
>> }
>> + if ( !(iommu->cap + 1) || !(iommu->ecap + 1) )
>> + return -ENODEV;
>> +
>> if ( cap_fault_reg_offset(iommu->cap) +
>> cap_num_fault_regs(iommu->cap) * PRIMARY_FAULT_REG_LEN >= PAGE_SIZE
>> ||
>> ecap_iotlb_offset(iommu->ecap) >= PAGE_SIZE )
>
>
>
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@lists.xen.org
> http://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2013-08-05 14:55 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2013-07-10 10:26 [PATCH] VT-d: protect against bogus information coming from BIOS Jan Beulich
2013-07-10 11:32 ` Ben Guthro
2013-08-05 13:06 ` Ping: " Jan Beulich
2013-08-05 13:10 ` Ben Guthro
2013-08-05 14:55 ` Andrew Cooper
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.