From: Weidong Han <weidong.han@intel.com>
To: Jan Beulich <JBeulich@novell.com>
Cc: "xen-devel@lists.xensource.com" <xen-devel@lists.xensource.com>,
Keir Fraser <keir.fraser@eu.citrix.com>,
"Cui, Dexuan" <dexuan.cui@intel.com>
Subject: Re: Xen 4.0.0-rc7 problem/hang with vt-d DMAR parsing
Date: Wed, 24 Mar 2010 19:00:17 +0800 [thread overview]
Message-ID: <4BA9F0C1.7080809@intel.com> (raw)
In-Reply-To: <4BA9ED8D0200007800036B3F@vpn.id2.novell.com>
Jan Beulich wrote:
>>>> Weidong Han <weidong.han@intel.com> 24.03.10 10:02 >>>
>>>>
>> it cannot check entry_header->length < sizeof(struct acpi_table_XXX),
>> which is not the actual size in acpi table.
>>
>
> I don't follow here: Minimally checking against
> sizeof(struct acpi_dmar_entry_header) should be possible. But I can't
> even see why checking for sizeof(struct acpi_table_XXX) in the
> individual case statements can't be done.
>
> Jan
>
Re-checked the code. You're right. Updated the patch to check with
sizeof(struct acpi_table_XXX).
Idea-by: Jan Beulich <jbeulich@novell.com <mailto:jbeulich@novell.com>>
Signed-off-by: Weidong Han <weidong.han@intel.com>
diff -r a4eac162dcb9 xen/drivers/passthrough/vtd/dmar.c
--- a/xen/drivers/passthrough/vtd/dmar.c Thu Mar 25 01:05:03 2010 +0800
+++ b/xen/drivers/passthrough/vtd/dmar.c Thu Mar 25 03:53:21 2010 +0800
@@ -659,6 +659,23 @@ static int __init acpi_parse_dmar(struct
while ( ((unsigned long)entry_header) <
(((unsigned long)dmar) + table->length) )
{
+ /*
+ * entry_header length should not smaller than size of
+ * any acpi dmar structures. also avoid endless looping
+ * when the lenght is 0 on some bad BIOSs
+ */
+ if ( entry_header->length < sizeof(struct acpi_table_drhd) &&
+ entry_header->length < sizeof(struct acpi_table_rmrr) &&
+ entry_header->length < sizeof(struct acpi_table_atsr) &&
+ entry_header->length < sizeof(struct acpi_table_rhsa) )
+ {
+ dprintk(XENLOG_WARNING VTDPREFIX,
+ "Invalid entry_header length: 0x%x\n",
+ entry_header->length);
+ ret = -EINVAL;
+ break;
+ }
+
switch ( entry_header->type )
{
case ACPI_DMAR_DRHD:
next prev parent reply other threads:[~2010-03-24 11:00 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-03-23 14:27 Xen 4.0.0-rc7 problem/hang with vt-d DMAR parsing Pasi Kärkkäinen
2010-03-23 14:40 ` Jan Beulich
2010-03-23 14:40 ` Pasi Kärkkäinen
2010-03-23 14:48 ` Keir Fraser
2010-03-23 19:37 ` Pasi Kärkkäinen
2010-03-23 19:54 ` Keir Fraser
2010-03-23 20:05 ` Pasi Kärkkäinen
2010-03-24 0:40 ` Weidong Han
2010-03-24 1:52 ` Cui, Dexuan
2010-03-24 8:24 ` Jan Beulich
2010-03-24 8:54 ` Cui, Dexuan
2010-03-24 9:02 ` Weidong Han
2010-03-24 9:10 ` Pasi Kärkkäinen
2010-03-24 9:46 ` Jan Beulich
2010-03-24 11:00 ` Weidong Han [this message]
2010-03-24 11:11 ` Jan Beulich
2010-03-25 0:55 ` Weidong Han
2010-03-25 8:43 ` Jan Beulich
2010-03-25 9:05 ` Weidong Han
2010-03-25 9:16 ` Jan Beulich
2010-03-25 9:21 ` Weidong Han
2010-03-25 9:30 ` Jan Beulich
2010-03-25 9:34 ` Pasi Kärkkäinen
2010-03-25 9:44 ` Keir Fraser
2010-03-26 19:20 ` Pasi Kärkkäinen
2010-03-29 6:42 ` Cui, Dexuan
2010-03-24 17:34 ` Nadolski, Ed
2010-03-25 0:04 ` Weidong Han
2010-04-05 18:00 ` Nadolski, Ed
2010-04-07 1:43 ` Weidong Han
2010-03-24 8:50 ` Pasi Kärkkäinen
2010-03-26 19:45 ` Pasi Kärkkäinen
2010-03-29 6:48 ` Cui, Dexuan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4BA9F0C1.7080809@intel.com \
--to=weidong.han@intel.com \
--cc=JBeulich@novell.com \
--cc=dexuan.cui@intel.com \
--cc=keir.fraser@eu.citrix.com \
--cc=xen-devel@lists.xensource.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).