|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] Xen 4.0.0-rc7 problem/hang with vt-d DMAR parsing
Jan Beulich wrote: Re-checked the code. You're right. Updated the patch to check with sizeof(struct acpi_table_XXX).it cannot check entry_header->length < sizeof(struct acpi_table_XXX), which is not the actual size in acpi table.Weidong Han <weidong.han@xxxxxxxxx> 24.03.10 10:02 >>>I don't follow here: Minimally checking against sizeof(struct acpi_dmar_entry_header) should be possible. But I can't even see why checking for sizeof(struct acpi_table_XXX) in the individual case statements can't be done. Jan Idea-by: Jan Beulich <jbeulich@xxxxxxxxxx <mailto:jbeulich@xxxxxxxxxx>> Signed-off-by: Weidong Han <weidong.han@xxxxxxxxx> diff -r a4eac162dcb9 xen/drivers/passthrough/vtd/dmar.c --- a/xen/drivers/passthrough/vtd/dmar.c Thu Mar 25 01:05:03 2010 +0800 +++ b/xen/drivers/passthrough/vtd/dmar.c Thu Mar 25 03:53:21 2010 +0800 @@ -659,6 +659,23 @@ static int __init acpi_parse_dmar(struct while ( ((unsigned long)entry_header) < (((unsigned long)dmar) + table->length) ) { + /* + * entry_header length should not smaller than size of + * any acpi dmar structures. also avoid endless looping + * when the lenght is 0 on some bad BIOSs + */ + if ( entry_header->length < sizeof(struct acpi_table_drhd) && + entry_header->length < sizeof(struct acpi_table_rmrr) && + entry_header->length < sizeof(struct acpi_table_atsr) && + entry_header->length < sizeof(struct acpi_table_rhsa) ) + { + dprintk(XENLOG_WARNING VTDPREFIX, + "Invalid entry_header length: 0x%x\n", + entry_header->length); + ret = -EINVAL; + break; + } + switch ( entry_header->type ) { case ACPI_DMAR_DRHD: _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |