From: Weidong Han <weidong.han@intel.com>
To: Jan Beulich <JBeulich@novell.com>
Cc: "xen-devel@lists.xensource.com" <xen-devel@lists.xensource.com>,
Keir Fraser <keir.fraser@eu.citrix.com>,
"Cui, Dexuan" <dexuan.cui@intel.com>
Subject: Re: Xen 4.0.0-rc7 problem/hang with vt-d DMAR parsing
Date: Thu, 25 Mar 2010 17:21:12 +0800 [thread overview]
Message-ID: <4BAB2B08.9010201@intel.com> (raw)
In-Reply-To: <4BAB37E80200007800036DB1@vpn.id2.novell.com>
[-- Attachment #1: Type: text/plain, Size: 486 bytes --]
Jan Beulich wrote:
>>>> Weidong Han <weidong.han@intel.com> 25.03.10 10:05 >>>
>>>>
>> Ok. Updated the patch according to your suggestion. Thanks.
>>
>
> Looks good to me, and I would ack it if I didn't (sorry, only now)
> notice that it can't be against -unstable: The patch seems to be
> against code which doesn't have an ACPI_DMAR_RHSA case in
> acpi_parse_dmar(). Quite odd...
>
> Jan
>
Sorry, I didn't copy it completely. Attached it. Thanks.
Regards,
Weidong
[-- Attachment #2: dmar-length-check.patch --]
[-- Type: text/plain, Size: 2693 bytes --]
diff -r a4eac162dcb9 xen/drivers/passthrough/vtd/dmar.c
--- a/xen/drivers/passthrough/vtd/dmar.c Thu Mar 25 01:05:03 2010 +0800
+++ b/xen/drivers/passthrough/vtd/dmar.c Fri Mar 26 01:59:55 2010 +0800
@@ -659,26 +659,71 @@ static int __init acpi_parse_dmar(struct
while ( ((unsigned long)entry_header) <
(((unsigned long)dmar) + table->length) )
{
+ if ( entry_header->length < sizeof(struct acpi_dmar_entry_header) )
+ {
+ dprintk(XENLOG_ERR VTDPREFIX,
+ "Invalid ACPI DMAR entry length: 0x%x\n",
+ entry_header->length);
+ ret = -EINVAL;
+ break;
+ }
+
switch ( entry_header->type )
{
case ACPI_DMAR_DRHD:
if ( iommu_verbose )
dprintk(VTDPREFIX, "found ACPI_DMAR_DRHD:\n");
+
+ if ( entry_header->length < sizeof(struct acpi_table_drhd) )
+ {
+ dprintk(XENLOG_ERR VTDPREFIX,
+ " Invalid length: 0x%x\n", entry_header->length);
+ ret = -EINVAL;
+ break;
+ }
+
ret = acpi_parse_one_drhd(entry_header);
break;
case ACPI_DMAR_RMRR:
if ( iommu_verbose )
dprintk(VTDPREFIX, "found ACPI_DMAR_RMRR:\n");
+
+ if ( entry_header->length < sizeof(struct acpi_table_rmrr) )
+ {
+ dprintk(XENLOG_ERR VTDPREFIX,
+ " Invalid length: 0x%x\n", entry_header->length);
+ ret = -EINVAL;
+ break;
+ }
+
ret = acpi_parse_one_rmrr(entry_header);
break;
case ACPI_DMAR_ATSR:
if ( iommu_verbose )
dprintk(VTDPREFIX, "found ACPI_DMAR_ATSR:\n");
+
+ if ( entry_header->length < sizeof(struct acpi_table_atsr) )
+ {
+ dprintk(XENLOG_ERR VTDPREFIX,
+ " Invalid length: 0x%x\n", entry_header->length);
+ ret = -EINVAL;
+ break;
+ }
+
ret = acpi_parse_one_atsr(entry_header);
break;
case ACPI_DMAR_RHSA:
if ( iommu_verbose )
dprintk(VTDPREFIX, "found ACPI_DMAR_RHSA:\n");
+
+ if ( entry_header->length < sizeof(struct acpi_table_rhsa) )
+ {
+ dprintk(XENLOG_ERR VTDPREFIX,
+ " Invalid length: 0x%x\n", entry_header->length);
+ ret = -EINVAL;
+ break;
+ }
+
ret = acpi_parse_one_rhsa(entry_header);
break;
default:
[-- Attachment #3: Type: text/plain, Size: 138 bytes --]
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel
next prev parent reply other threads:[~2010-03-25 9:21 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-03-23 14:27 Xen 4.0.0-rc7 problem/hang with vt-d DMAR parsing Pasi Kärkkäinen
2010-03-23 14:40 ` Jan Beulich
2010-03-23 14:40 ` Pasi Kärkkäinen
2010-03-23 14:48 ` Keir Fraser
2010-03-23 19:37 ` Pasi Kärkkäinen
2010-03-23 19:54 ` Keir Fraser
2010-03-23 20:05 ` Pasi Kärkkäinen
2010-03-24 0:40 ` Weidong Han
2010-03-24 1:52 ` Cui, Dexuan
2010-03-24 8:24 ` Jan Beulich
2010-03-24 8:54 ` Cui, Dexuan
2010-03-24 9:02 ` Weidong Han
2010-03-24 9:10 ` Pasi Kärkkäinen
2010-03-24 9:46 ` Jan Beulich
2010-03-24 11:00 ` Weidong Han
2010-03-24 11:11 ` Jan Beulich
2010-03-25 0:55 ` Weidong Han
2010-03-25 8:43 ` Jan Beulich
2010-03-25 9:05 ` Weidong Han
2010-03-25 9:16 ` Jan Beulich
2010-03-25 9:21 ` Weidong Han [this message]
2010-03-25 9:30 ` Jan Beulich
2010-03-25 9:34 ` Pasi Kärkkäinen
2010-03-25 9:44 ` Keir Fraser
2010-03-26 19:20 ` Pasi Kärkkäinen
2010-03-29 6:42 ` Cui, Dexuan
2010-03-24 17:34 ` Nadolski, Ed
2010-03-25 0:04 ` Weidong Han
2010-04-05 18:00 ` Nadolski, Ed
2010-04-07 1:43 ` Weidong Han
2010-03-24 8:50 ` Pasi Kärkkäinen
2010-03-26 19:45 ` Pasi Kärkkäinen
2010-03-29 6:48 ` Cui, Dexuan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4BAB2B08.9010201@intel.com \
--to=weidong.han@intel.com \
--cc=JBeulich@novell.com \
--cc=dexuan.cui@intel.com \
--cc=keir.fraser@eu.citrix.com \
--cc=xen-devel@lists.xensource.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.