WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-changelog

[Xen-changelog] [xen-unstable] VT-d: Sanity check ACPI DMAR struct lengt

To: xen-changelog@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-changelog] [xen-unstable] VT-d: Sanity check ACPI DMAR struct lengths.
From: Xen patchbot-unstable <patchbot-unstable@xxxxxxxxxxxxxxxxxxx>
Date: Thu, 25 Mar 2010 02:35:14 -0700
Delivery-date: Thu, 25 Mar 2010 02:37:00 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-changelog-request@lists.xensource.com?subject=help>
List-id: BK change log <xen-changelog.lists.xensource.com>
List-post: <mailto:xen-changelog@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=unsubscribe>
Reply-to: xen-devel@xxxxxxxxxxxxxxxxxxx
Sender: xen-changelog-bounces@xxxxxxxxxxxxxxxxxxx
# HG changeset patch
# User Keir Fraser <keir.fraser@xxxxxxxxxx>
# Date 1269509541 0
# Node ID f42ff98a2cdca966dbfd6b16fb763920104cd38e
# Parent  e362fab06d4231eca198874edc8a14b31125a8f1
VT-d: Sanity check ACPI DMAR struct lengths.

Signed-off-by: Weidong Han <weidong.han@xxxxxxxxx>
Signed-off-by: Keir Fraser <keir.fraser@xxxxxxxxxx>
---
 xen/drivers/passthrough/vtd/dmar.c |   36 ++++++++++++++++++++++++++++++++----
 1 files changed, 32 insertions(+), 4 deletions(-)

diff -r e362fab06d42 -r f42ff98a2cdc xen/drivers/passthrough/vtd/dmar.c
--- a/xen/drivers/passthrough/vtd/dmar.c        Thu Mar 25 09:19:33 2010 +0000
+++ b/xen/drivers/passthrough/vtd/dmar.c        Thu Mar 25 09:32:21 2010 +0000
@@ -361,6 +361,17 @@ static int __init acpi_parse_dev_scope(v
     return 0;
 }
 
+static int __init acpi_dmar_check_length(
+    struct acpi_dmar_entry_header *h, unsigned int min_len)
+{
+    if ( h->length >= min_len )
+        return 0;
+    dprintk(XENLOG_ERR VTDPREFIX,
+            "Invalid ACPI DMAR entry length: 0x%x\n",
+            h->length);
+    return -EINVAL;
+}
+
 static int __init
 acpi_parse_one_drhd(struct acpi_dmar_entry_header *header)
 {
@@ -368,8 +379,11 @@ acpi_parse_one_drhd(struct acpi_dmar_ent
     void *dev_scope_start, *dev_scope_end;
     struct acpi_drhd_unit *dmaru;
     void *addr;
-    int ret = 0;
+    int ret;
     static int include_all = 0;
+
+    if ( (ret = acpi_dmar_check_length(header, sizeof(*drhd))) != 0 )
+        return ret;
 
     dmaru = xmalloc(struct acpi_drhd_unit);
     if ( !dmaru )
@@ -470,7 +484,10 @@ acpi_parse_one_rmrr(struct acpi_dmar_ent
     struct acpi_rmrr_unit *rmrru;
     void *dev_scope_start, *dev_scope_end;
     u64 base_addr = rmrr->base_address, end_addr = rmrr->end_address;
-    int ret = 0;
+    int ret;
+
+    if ( (ret = acpi_dmar_check_length(header, sizeof(*rmrr))) != 0 )
+        return ret;
 
 #ifdef CONFIG_X86
     /* This check is here simply to detect when RMRR values are
@@ -564,9 +581,12 @@ acpi_parse_one_atsr(struct acpi_dmar_ent
 {
     struct acpi_table_atsr *atsr = (struct acpi_table_atsr *)header;
     struct acpi_atsr_unit *atsru;
-    int ret = 0;
+    int ret;
     static int all_ports;
     void *dev_scope_start, *dev_scope_end;
+
+    if ( (ret = acpi_dmar_check_length(header, sizeof(*atsr))) != 0 )
+        return ret;
 
     atsru = xmalloc(struct acpi_atsr_unit);
     if ( !atsru )
@@ -610,7 +630,10 @@ acpi_parse_one_rhsa(struct acpi_dmar_ent
 {
     struct acpi_table_rhsa *rhsa = (struct acpi_table_rhsa *)header;
     struct acpi_rhsa_unit *rhsau;
-    int ret = 0;
+    int ret;
+
+    if ( (ret = acpi_dmar_check_length(header, sizeof(*rhsa))) != 0 )
+        return ret;
 
     rhsau = xmalloc(struct acpi_rhsa_unit);
     if ( !rhsau )
@@ -659,6 +682,11 @@ static int __init acpi_parse_dmar(struct
     while ( ((unsigned long)entry_header) <
             (((unsigned long)dmar) + table->length) )
     {
+        ret = acpi_dmar_check_length(
+            entry_header, sizeof(struct acpi_dmar_entry_header));
+        if ( ret )
+            break;
+
         switch ( entry_header->type )
         {
         case ACPI_DMAR_DRHD:

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog

<Prev in Thread] Current Thread [Next in Thread>
  • [Xen-changelog] [xen-unstable] VT-d: Sanity check ACPI DMAR struct lengths., Xen patchbot-unstable <=