From mboxrd@z Thu Jan 1 00:00:00 1970 From: Weidong Han Subject: Re: [PATCH] VT-d: improve RMRR validity checking Date: Thu, 21 Jan 2010 18:19:16 +0800 Message-ID: <4B582A24.5040701@intel.com> References: <60E426D47DE8EA47AA104E65008A100D14458756F3@shzsmsx501.ccr.corp.intel.com> <4B580F8C.5090807@jp.fujitsu.com> <60E426D47DE8EA47AA104E65008A100D14458759D3@shzsmsx501.ccr.corp.intel.com> <4B582665.300@jp.fujitsu.com> <4B582789.8070907@jp.fujitsu.com> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <4B582789.8070907@jp.fujitsu.com> List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xensource.com Errors-To: xen-devel-bounces@lists.xensource.com To: Noboru Iwamatsu Cc: "xen-devel@lists.xensource.com" List-Id: xen-devel@lists.xenproject.org Noboru Iwamatsu wrote: > > So, I think RMRR that has no-existent device is valid. > > Sorry this is typo. > I mean: > So, I think RMRR that has no-existent device is "invalid" > and whole RMRR should be ignored. > looks reasonable. Keir, I Acks Noboru's rmrr patch. Or do you want us to merge them to one patch? Regards, Weidong > Noboru. > > >> Hi, >> >> After registered invalid DRHDs, Xen hangs in boot time. >> >> About RMRR, I understood the logic. >> In my mainboard, unfortunately, RMRR has non-existent device under >> its scope, and to make matters worse, the RMRR range is invalid. >> So, I think RMRR that has no-existent device is valid. >> >> How do you think about these? >> >> >>> Hi Noboru, >>> >>> You should not ignore DRHD even if devices under its scope are not pci >>> discoverable. For the sake of security, we still enable these DRHDs >>> but don't set any context mappings. In that case, any DMA that comes >>> from these "supposedly disabled" devices will get blocked by VT-d, and >>> hence avoid any security vulnerability with malicious s/w re-enabling >>> these devices. >>> >>> You RMRR validity fixing is wrong. My RMRR patch is no problem. Pls >>> note that the RMRR checking logic is: >>> If all devices under RMRR's scope are not pci discoverable >>> Ignore the RMRR >>> Else if base_address> end_address >>> Return error >>> Else >>> Register RMRR >>> >>> Regards, >>> Weidong >>> >>> >>> -----Original Message----- >>> From: Noboru Iwamatsu [mailto:n_iwamatsu@jp.fujitsu.com] >>> Sent: Thursday, January 21, 2010 4:26 PM >>> To: Han, Weidong >>> Cc: xen-devel@lists.xensource.com; keir.fraser@eu.citrix.com >>> Subject: Re: [Xen-devel] [PATCH] VT-d: improve RMRR validity checking >>> >>> Hi, >>> >>> Some Q35 mainboard that has buggy BIOS, I have one of this, reports >>> invalid DRHD in addition to the invalid RMRR. >>> >>> Attached patch fixes this DRHD issue in the same way as RMRR. >>> And also, I fixed RMRR validity checking loop. >>> >>> Noboru. >>> >>> Signed-off-by: Noboru Iwamatsu >>> >>> >>> -------- Original Message -------- >>> Subject: [Xen-devel] [PATCH] VT-d: improve RMRR validity checking >>> From: Han, Weidong >>> To: xen-devel@lists.xensource.com >>> Date: Thu Jan 21 2010 11:46:12 GMT+0900 >>> >>> >>>> Currently, Xen checks RMRR range and disables VT-d if RMRR range is >>>> set incorrectly in BIOS rigorously. But, actually we can ignore the >>>> RMRR if the device under its scope are not pci discoverable, because >>>> the RMRR won't be used by non-existed or disabled devices. >>>> >>>> This patch ignores the RMRR if the device under its scope are not pci >>>> discoverable, and only checks the validity of RMRRs that are actually >>>> used. In order to avoid duplicate pci device detection code, this >>>> patch defines a function pci_device_detect for it. >>>> >>>> Signed-off-by: Weidong Han >>>> >>>> >>>> >>>> _______________________________________________ >>>> Xen-devel mailing list >>>> Xen-devel@lists.xensource.com >>>> http://lists.xensource.com/xen-devel >>>> >> >> _______________________________________________ >> Xen-devel mailing list >> Xen-devel@lists.xensource.com >> http://lists.xensource.com/xen-devel >> > > >