|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-devel] Ping #2: [PATCH] VT-d: protect against bogus information coming from BIOS
The first ping was sent over a week ago, and I'll assume silent agreement if I won't hear back otherwise in a day or two. (I would, btw, have wanted this to also go into 4.2.3 and 4.1.6, but likely it's going to be too late now for this, and thus for the 4.1 branch altogether.) Jan >>> On 10.07.13 at 12:26, "Jan Beulich" <JBeulich@xxxxxxxx> wrote: > Add checks similar to those done by Linux: The DRHD address must not > be all zeros or all ones (Linux only checks for zero), and capabilities > as well as extended capabilities must not be all ones. > > Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx> > > --- a/xen/drivers/passthrough/vtd/dmar.c > +++ b/xen/drivers/passthrough/vtd/dmar.c > @@ -447,6 +447,9 @@ acpi_parse_one_drhd(struct acpi_dmar_hea > if ( (ret = acpi_dmar_check_length(header, sizeof(*drhd))) != 0 ) > return ret; > > + if ( !drhd->address || !(drhd->address + 1) ) > + return -ENODEV; > + > dmaru = xzalloc(struct acpi_drhd_unit); > if ( !dmaru ) > return -ENOMEM; > --- a/xen/drivers/passthrough/vtd/iommu.c > +++ b/xen/drivers/passthrough/vtd/iommu.c > @@ -1159,6 +1159,9 @@ int __init iommu_alloc(struct acpi_drhd_ > dprintk(VTDPREFIX, > "cap = %"PRIx64" ecap = %"PRIx64"\n", iommu->cap, > iommu->ecap); > } > + if ( !(iommu->cap + 1) || !(iommu->ecap + 1) ) > + return -ENODEV; > + > if ( cap_fault_reg_offset(iommu->cap) + > cap_num_fault_regs(iommu->cap) * PRIMARY_FAULT_REG_LEN >= PAGE_SIZE > || > ecap_iotlb_offset(iommu->ecap) >= PAGE_SIZE ) _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |