[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Xen-devel] [PATCH] VT-d: improve RMRR validity checking



Hi Noboru,

You should not ignore DRHD even if devices under its scope are not pci 
discoverable. For the sake of security, we still enable these DRHDs but don't 
set any context mappings. In that case, any DMA that comes from these 
"supposedly disabled" devices will get blocked by VT-d, and hence avoid any 
security vulnerability with malicious s/w re-enabling these devices. 

You RMRR validity fixing is wrong. My RMRR patch is no problem. Pls note that 
the RMRR checking logic is:
        If all devices under RMRR's scope are not pci discoverable
                Ignore the RMRR
        Else if base_address > end_address
                Return error
        Else
                Register RMRR

Regards,
Weidong
                

-----Original Message-----
From: Noboru Iwamatsu [mailto:n_iwamatsu@xxxxxxxxxxxxxx] 
Sent: Thursday, January 21, 2010 4:26 PM
To: Han, Weidong
Cc: xen-devel@xxxxxxxxxxxxxxxxxxx; keir.fraser@xxxxxxxxxxxxx
Subject: Re: [Xen-devel] [PATCH] VT-d: improve RMRR validity checking

Hi,

Some Q35 mainboard that has buggy BIOS, I have one of this, reports invalid 
DRHD in addition to the invalid RMRR.

Attached patch fixes this DRHD issue in the same way as RMRR.
And also, I fixed RMRR validity checking loop.

Noboru.

Signed-off-by: Noboru Iwamatsu <n_iwamatsu@xxxxxxxxxxxxxx>


-------- Original Message  --------
Subject: [Xen-devel] [PATCH] VT-d: improve RMRR validity checking
From: Han, Weidong <weidong.han@xxxxxxxxx>
To: xen-devel@xxxxxxxxxxxxxxxxxxx <xen-devel@xxxxxxxxxxxxxxxxxxx>
Date: Thu Jan 21 2010 11:46:12 GMT+0900

> Currently, Xen checks RMRR range and disables VT-d if RMRR range is set 
> incorrectly in BIOS rigorously. But, actually we can ignore the RMRR if the 
> device under its scope are not pci discoverable, because the RMRR won't be 
> used by non-existed or disabled devices.
>
> This patch ignores the RMRR if the device under its scope are not pci 
> discoverable, and only checks the validity of RMRRs that are actually used. 
> In order to avoid duplicate pci device detection code, this patch defines a 
> function pci_device_detect for it.
>
> Signed-off-by: Weidong Han<weidong.han@xxxxxxxxx>
>
>
>
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-devel


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.