From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Jan Beulich" Subject: Ping: [PATCH] VT-d: protect against bogus information coming from BIOS Date: Mon, 05 Aug 2013 14:06:51 +0100 Message-ID: <51FFBF8B02000078000E94AC@nat28.tlf.novell.com> References: <51DD52EF02000078000E3CDE@nat28.tlf.novell.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <51DD52EF02000078000E3CDE@nat28.tlf.novell.com> Content-Disposition: inline List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xen.org Errors-To: xen-devel-bounces@lists.xen.org To: xiantao.zhang@intel.com Cc: Ben Guthro , xen-devel List-Id: xen-devel@lists.xenproject.org Ping? >>> On 10.07.13 at 12:26, "Jan Beulich" wrote: > Add checks similar to those done by Linux: The DRHD address must not > be all zeros or all ones (Linux only checks for zero), and capabilities > as well as extended capabilities must not be all ones. > > Signed-off-by: Jan Beulich > > --- a/xen/drivers/passthrough/vtd/dmar.c > +++ b/xen/drivers/passthrough/vtd/dmar.c > @@ -447,6 +447,9 @@ acpi_parse_one_drhd(struct acpi_dmar_hea > if ( (ret = acpi_dmar_check_length(header, sizeof(*drhd))) != 0 ) > return ret; > > + if ( !drhd->address || !(drhd->address + 1) ) > + return -ENODEV; > + > dmaru = xzalloc(struct acpi_drhd_unit); > if ( !dmaru ) > return -ENOMEM; > --- a/xen/drivers/passthrough/vtd/iommu.c > +++ b/xen/drivers/passthrough/vtd/iommu.c > @@ -1159,6 +1159,9 @@ int __init iommu_alloc(struct acpi_drhd_ > dprintk(VTDPREFIX, > "cap = %"PRIx64" ecap = %"PRIx64"\n", iommu->cap, iommu->ecap); > } > + if ( !(iommu->cap + 1) || !(iommu->ecap + 1) ) > + return -ENODEV; > + > if ( cap_fault_reg_offset(iommu->cap) + > cap_num_fault_regs(iommu->cap) * PRIMARY_FAULT_REG_LEN >= PAGE_SIZE > || > ecap_iotlb_offset(iommu->ecap) >= PAGE_SIZE )