From: Noboru Iwamatsu <n_iwamatsu@jp.fujitsu.com>
To: weidong.han@intel.com
Cc: xen-devel@lists.xensource.com
Subject: Re: [PATCH] VT-d: improve RMRR validity checking
Date: Thu, 21 Jan 2010 19:03:17 +0900 [thread overview]
Message-ID: <4B582665.300@jp.fujitsu.com> (raw)
In-Reply-To: <60E426D47DE8EA47AA104E65008A100D14458759D3@shzsmsx501.ccr.corp.intel.com>
Hi,
After registered invalid DRHDs, Xen hangs in boot time.
About RMRR, I understood the logic.
In my mainboard, unfortunately, RMRR has non-existent device under
its scope, and to make matters worse, the RMRR range is invalid.
So, I think RMRR that has no-existent device is valid.
How do you think about these?
> Hi Noboru,
>
> You should not ignore DRHD even if devices under its scope are not pci discoverable. For the sake of security, we still enable these DRHDs but don't set any context mappings. In that case, any DMA that comes from these "supposedly disabled" devices will get blocked by VT-d, and hence avoid any security vulnerability with malicious s/w re-enabling these devices.
>
> You RMRR validity fixing is wrong. My RMRR patch is no problem. Pls note that the RMRR checking logic is:
> If all devices under RMRR's scope are not pci discoverable
> Ignore the RMRR
> Else if base_address> end_address
> Return error
> Else
> Register RMRR
>
> Regards,
> Weidong
>
>
> -----Original Message-----
> From: Noboru Iwamatsu [mailto:n_iwamatsu@jp.fujitsu.com]
> Sent: Thursday, January 21, 2010 4:26 PM
> To: Han, Weidong
> Cc: xen-devel@lists.xensource.com; keir.fraser@eu.citrix.com
> Subject: Re: [Xen-devel] [PATCH] VT-d: improve RMRR validity checking
>
> Hi,
>
> Some Q35 mainboard that has buggy BIOS, I have one of this, reports invalid DRHD in addition to the invalid RMRR.
>
> Attached patch fixes this DRHD issue in the same way as RMRR.
> And also, I fixed RMRR validity checking loop.
>
> Noboru.
>
> Signed-off-by: Noboru Iwamatsu<n_iwamatsu@jp.fujitsu.com>
>
>
> -------- Original Message --------
> Subject: [Xen-devel] [PATCH] VT-d: improve RMRR validity checking
> From: Han, Weidong<weidong.han@intel.com>
> To: xen-devel@lists.xensource.com<xen-devel@lists.xensource.com>
> Date: Thu Jan 21 2010 11:46:12 GMT+0900
>
>> Currently, Xen checks RMRR range and disables VT-d if RMRR range is set incorrectly in BIOS rigorously. But, actually we can ignore the RMRR if the device under its scope are not pci discoverable, because the RMRR won't be used by non-existed or disabled devices.
>>
>> This patch ignores the RMRR if the device under its scope are not pci discoverable, and only checks the validity of RMRRs that are actually used. In order to avoid duplicate pci device detection code, this patch defines a function pci_device_detect for it.
>>
>> Signed-off-by: Weidong Han<weidong.han@intel.com>
>>
>>
>>
>> _______________________________________________
>> Xen-devel mailing list
>> Xen-devel@lists.xensource.com
>> http://lists.xensource.com/xen-devel
>
next prev parent reply other threads:[~2010-01-21 10:03 UTC|newest]
Thread overview: 76+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-01-21 2:46 [PATCH] VT-d: improve RMRR validity checking Han, Weidong
2010-01-21 8:25 ` Noboru Iwamatsu
2010-01-21 8:38 ` Han, Weidong
2010-01-21 10:03 ` Noboru Iwamatsu [this message]
2010-01-21 10:08 ` Noboru Iwamatsu
2010-01-21 10:19 ` Weidong Han
2010-01-21 10:27 ` Keir Fraser
2010-01-21 10:49 ` Weidong Han
2010-01-21 12:19 ` Noboru Iwamatsu
2010-01-21 12:46 ` Weidong Han
2010-01-21 14:01 ` Keir Fraser
2010-01-21 14:17 ` Sander Eikelenboom
2010-01-21 14:33 ` Keir Fraser
2010-01-22 2:12 ` Weidong Han
2010-01-22 2:38 ` Noboru Iwamatsu
2010-01-22 2:53 ` Weidong Han
2010-01-22 3:16 ` Noboru Iwamatsu
2010-01-22 8:47 ` Weidong Han
2010-01-22 9:19 ` Sander Eikelenboom
2010-01-22 12:15 ` Weidong Han
2010-01-22 12:32 ` Pasi Kärkkäinen
2010-01-23 12:40 ` Weidong Han
2010-01-23 13:08 ` Pasi Kärkkäinen
2010-01-23 14:33 ` Sander Eikelenboom
2010-01-23 14:54 ` [PATCH] VT-d: improve RMRR validity checking, documenting boot options Pasi Kärkkäinen
2010-01-25 16:40 ` Stephen Spector
2010-01-25 16:58 ` Documentation Xen-hypervisor and Dom0 xen-related boot options (was Re: [PATCH] VT-d: improve RMRR validity checking, documenting boot options) Sander Eikelenboom
2010-01-25 20:56 ` Stephen Spector
2010-01-27 11:33 ` Pasi Kärkkäinen
2010-01-25 7:06 ` [PATCH] VT-d: improve RMRR validity checking Noboru Iwamatsu
2010-01-25 7:56 ` Weidong Han
2010-01-25 9:02 ` Sander Eikelenboom
2010-01-25 9:11 ` Weidong Han
2010-01-25 9:22 ` Noboru Iwamatsu
2010-01-25 10:08 ` Weidong Han
2010-01-25 10:45 ` Sander Eikelenboom
2010-01-25 13:43 ` Keir Fraser
2010-01-25 13:57 ` Christian Tramnitz
2010-01-25 14:10 ` Weidong Han
2010-01-26 1:16 ` Noboru Iwamatsu
2010-01-26 5:51 ` Weidong Han
2010-01-26 6:38 ` Noboru Iwamatsu
2010-01-26 6:42 ` Weidong Han
2010-01-25 14:12 ` Weidong Han
2010-01-25 14:13 ` Han, Weidong
2010-03-09 21:39 ` Alex Williamson
2010-03-09 21:30 ` Konrad Rzeszutek Wilk
2010-03-09 21:57 ` Alex Williamson
2010-03-09 22:22 ` Konrad Rzeszutek Wilk
2010-03-09 23:05 ` Alex Williamson
2010-03-09 23:25 ` Alex Williamson
2010-03-10 2:13 ` Alex Williamson
2010-03-10 2:40 ` Weidong Han
2010-03-10 3:18 ` Alex Williamson
2010-03-10 3:28 ` Weidong Han
2010-03-10 3:37 ` Alex Williamson
2010-03-10 4:25 ` Weidong Han
2010-03-10 4:47 ` Alex Williamson
2010-03-10 7:03 ` Weidong Han
2010-03-10 13:56 ` Alex Williamson
2010-03-10 18:06 ` Alex Williamson
2010-03-11 2:11 ` Weidong Han
2010-03-11 2:32 ` Alex Williamson
2010-03-11 3:44 ` Weidong Han
2010-03-11 4:52 ` Alex Williamson
2010-03-11 8:30 ` Weidong Han
2010-01-21 15:28 ` Andrew Lyon
2010-01-21 15:04 ` Keir Fraser
2010-01-22 1:35 ` Noboru Iwamatsu
2010-01-21 10:13 ` Weidong Han
2010-01-21 12:09 ` Noboru Iwamatsu
2010-01-21 12:38 ` Weidong Han
2010-01-22 0:23 ` Noboru Iwamatsu
2010-01-21 8:45 ` Andrew Lyon
2010-01-21 10:03 ` Weidong Han
2010-01-21 9:15 ` Keir Fraser
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4B582665.300@jp.fujitsu.com \
--to=n_iwamatsu@jp.fujitsu.com \
--cc=weidong.han@intel.com \
--cc=xen-devel@lists.xensource.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).