From mboxrd@z Thu Jan  1 00:00:00 1970
From: Ben Guthro <ben@guthro.net>
Subject: Re: [PATCH] VT-d: protect against bogus information
	coming from BIOS
Date: Wed, 10 Jul 2013 07:32:34 -0400
Message-ID: <CAOvdn6WwWGpdSu6UfZ+YcisdCJgsJVmWPHCAK-UC45wjqyre+Q@mail.gmail.com>
References: <51DD52EF02000078000E3CDE@nat28.tlf.novell.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-bounces@lists.xen.org>
In-Reply-To: <51DD52EF02000078000E3CDE@nat28.tlf.novell.com>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Sender: xen-devel-bounces@lists.xen.org
Errors-To: xen-devel-bounces@lists.xen.org
To: Jan Beulich <JBeulich@suse.com>
Cc: xiantao.zhang@intel.com, xen-devel <xen-devel@lists.xen.org>
List-Id: xen-devel@lists.xenproject.org

On Wed, Jul 10, 2013 at 6:26 AM, Jan Beulich <JBeulich@suse.com> wrote:
> Add checks similar to those done by Linux: The DRHD address must not
> be all zeros or all ones (Linux only checks for zero), and capabilities
> as well as extended capabilities must not be all ones.
>
> Signed-off-by: Jan Beulich <jbeulich@suse.com>
Tested-by: Ben Guthro <benjamin.guthro@citrix.com>

>
> --- a/xen/drivers/passthrough/vtd/dmar.c
> +++ b/xen/drivers/passthrough/vtd/dmar.c
> @@ -447,6 +447,9 @@ acpi_parse_one_drhd(struct acpi_dmar_hea
>      if ( (ret = acpi_dmar_check_length(header, sizeof(*drhd))) != 0 )
>          return ret;
>
> +    if ( !drhd->address || !(drhd->address + 1) )
> +        return -ENODEV;
> +
>      dmaru = xzalloc(struct acpi_drhd_unit);
>      if ( !dmaru )
>          return -ENOMEM;
> --- a/xen/drivers/passthrough/vtd/iommu.c
> +++ b/xen/drivers/passthrough/vtd/iommu.c
> @@ -1159,6 +1159,9 @@ int __init iommu_alloc(struct acpi_drhd_
>          dprintk(VTDPREFIX,
>                  "cap = %"PRIx64" ecap = %"PRIx64"\n", iommu->cap, iommu->ecap);
>      }
> +    if ( !(iommu->cap + 1) || !(iommu->ecap + 1) )
> +        return -ENODEV;
> +
>      if ( cap_fault_reg_offset(iommu->cap) +
>           cap_num_fault_regs(iommu->cap) * PRIMARY_FAULT_REG_LEN >= PAGE_SIZE ||
>           ecap_iotlb_offset(iommu->ecap) >= PAGE_SIZE )
>
>
>