[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [Xen-devel] [PATCH] VT-d: improve RMRR validity checking
Hi Noboru, You should not ignore DRHD even if devices under its scope are not pci discoverable. For the sake of security, we still enable these DRHDs but don't set any context mappings. In that case, any DMA that comes from these "supposedly disabled" devices will get blocked by VT-d, and hence avoid any security vulnerability with malicious s/w re-enabling these devices. You RMRR validity fixing is wrong. My RMRR patch is no problem. Pls note that the RMRR checking logic is: If all devices under RMRR's scope are not pci discoverable Ignore the RMRR Else if base_address > end_address Return error Else Register RMRR Regards, Weidong -----Original Message----- From: Noboru Iwamatsu [mailto:n_iwamatsu@xxxxxxxxxxxxxx] Sent: Thursday, January 21, 2010 4:26 PM To: Han, Weidong Cc: xen-devel@xxxxxxxxxxxxxxxxxxx; keir.fraser@xxxxxxxxxxxxx Subject: Re: [Xen-devel] [PATCH] VT-d: improve RMRR validity checking Hi, Some Q35 mainboard that has buggy BIOS, I have one of this, reports invalid DRHD in addition to the invalid RMRR. Attached patch fixes this DRHD issue in the same way as RMRR. And also, I fixed RMRR validity checking loop. Noboru. Signed-off-by: Noboru Iwamatsu <n_iwamatsu@xxxxxxxxxxxxxx> -------- Original Message -------- Subject: [Xen-devel] [PATCH] VT-d: improve RMRR validity checking From: Han, Weidong <weidong.han@xxxxxxxxx> To: xen-devel@xxxxxxxxxxxxxxxxxxx <xen-devel@xxxxxxxxxxxxxxxxxxx> Date: Thu Jan 21 2010 11:46:12 GMT+0900 > Currently, Xen checks RMRR range and disables VT-d if RMRR range is set > incorrectly in BIOS rigorously. But, actually we can ignore the RMRR if the > device under its scope are not pci discoverable, because the RMRR won't be > used by non-existed or disabled devices. > > This patch ignores the RMRR if the device under its scope are not pci > discoverable, and only checks the validity of RMRRs that are actually used. > In order to avoid duplicate pci device detection code, this patch defines a > function pci_device_detect for it. > > Signed-off-by: Weidong Han<weidong.han@xxxxxxxxx> > > > > _______________________________________________ > Xen-devel mailing list > Xen-devel@xxxxxxxxxxxxxxxxxxx > http://lists.xensource.com/xen-devel _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |