WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-devel] Xen 4.0.0-rc7 problem/hang with vt-d DMAR parsing

from [Weidong Han] [Permanent Link][Original]
To: Jan Beulich <JBeulich@xxxxxxxxxx>
Subject: Re: [Xen-devel] Xen 4.0.0-rc7 problem/hang with vt-d DMAR parsing
From: Weidong Han <weidong.han@xxxxxxxxx>
Date: Thu, 25 Mar 2010 17:21:12 +0800
Cc: "xen-devel@xxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxx>, Keir Fraser <keir.fraser@xxxxxxxxxxxxx>, "Cui, Dexuan" <dexuan.cui@xxxxxxxxx>
Delivery-date: Thu, 25 Mar 2010 02:23:43 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <4BAB37E80200007800036DB1@xxxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <20100323193748.GW1878@xxxxxxxxxxx> <C7CECCF9.E36E%keir.fraser@xxxxxxxxxxxxx> <20100323200515.GZ1878@xxxxxxxxxxx> <ED3036A092A28F4C91B0B4360DD128EABE03D6BC@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx> <4BA9DA400200007800036ABB@xxxxxxxxxxxxxxxxxx> <4BA9D512.9090902@xxxxxxxxx> <4BA9ED8D0200007800036B3F@xxxxxxxxxxxxxxxxxx> <4BA9F0C1.7080809@xxxxxxxxx> <4BAA01560200007800036B9B@xxxxxxxxxxxxxxxxxx> <4BAAB488.3020007@xxxxxxxxx> <4BAB304A0200007800036D8B@xxxxxxxxxxxxxxxxxx> <4BAB2775.5010208@xxxxxxxxx> <4BAB37E80200007800036DB1@xxxxxxxxxxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Thunderbird 2.0.0.21 (Windows/20090302) 
Jan Beulich wrote:

Weidong Han <weidong.han@xxxxxxxxx> 25.03.10 10:05 >>>

Ok. Updated the patch according to your suggestion. Thanks.


Looks good to me, and I would ack it if I didn't (sorry, only now)
notice that it can't be against -unstable: The patch seems to be
against code which doesn't have an ACPI_DMAR_RHSA case in
acpi_parse_dmar(). Quite odd...

Jan


Sorry, I didn't copy it completely. Attached it. Thanks.

Regards,
Weidong


diff -r a4eac162dcb9 xen/drivers/passthrough/vtd/dmar.c
--- a/xen/drivers/passthrough/vtd/dmar.c        Thu Mar 25 01:05:03 2010 +0800
+++ b/xen/drivers/passthrough/vtd/dmar.c        Fri Mar 26 01:59:55 2010 +0800
@@ -659,26 +659,71 @@ static int __init acpi_parse_dmar(struct
     while ( ((unsigned long)entry_header) <
             (((unsigned long)dmar) + table->length) )
     {
+        if ( entry_header->length < sizeof(struct acpi_dmar_entry_header) )
+        {
+            dprintk(XENLOG_ERR VTDPREFIX,
+                    "Invalid ACPI DMAR entry length: 0x%x\n",
+                    entry_header->length);
+            ret = -EINVAL;
+            break;
+        }
+
         switch ( entry_header->type )
         {
         case ACPI_DMAR_DRHD:
             if ( iommu_verbose )
                 dprintk(VTDPREFIX, "found ACPI_DMAR_DRHD:\n");
+
+            if ( entry_header->length < sizeof(struct acpi_table_drhd) )
+            {
+                dprintk(XENLOG_ERR VTDPREFIX,
+                        "  Invalid length: 0x%x\n", entry_header->length);
+                ret = -EINVAL;
+                break;
+            }
+
             ret = acpi_parse_one_drhd(entry_header);
             break;
         case ACPI_DMAR_RMRR:
             if ( iommu_verbose )
                 dprintk(VTDPREFIX, "found ACPI_DMAR_RMRR:\n");
+
+            if ( entry_header->length < sizeof(struct acpi_table_rmrr) )
+            {
+                dprintk(XENLOG_ERR VTDPREFIX,
+                        "  Invalid length: 0x%x\n", entry_header->length);
+                ret = -EINVAL;
+                break;
+            }
+
             ret = acpi_parse_one_rmrr(entry_header);
             break;
         case ACPI_DMAR_ATSR:
             if ( iommu_verbose )
                 dprintk(VTDPREFIX, "found ACPI_DMAR_ATSR:\n");
+
+            if ( entry_header->length < sizeof(struct acpi_table_atsr) )
+            {
+                dprintk(XENLOG_ERR VTDPREFIX,
+                        "  Invalid length: 0x%x\n", entry_header->length);
+                ret = -EINVAL;
+                break;
+            }
+
             ret = acpi_parse_one_atsr(entry_header);
             break;
         case ACPI_DMAR_RHSA:
             if ( iommu_verbose )
                 dprintk(VTDPREFIX, "found ACPI_DMAR_RHSA:\n");
+
+            if ( entry_header->length < sizeof(struct acpi_table_rhsa) )
+            {
+                dprintk(XENLOG_ERR VTDPREFIX,
+                        "  Invalid length: 0x%x\n", entry_header->length);
+                ret = -EINVAL;
+                break;
+            }
+
             ret = acpi_parse_one_rhsa(entry_header);
             break;
         default:

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Xen-devel] [PATCH] linux: allow pv scsi hba driver to be loaded automatically, Jan Beulich
Next by Date:  Re: [Xen-devel] Xen 4.0.0-rc7 problem/hang with vt-d DMAR parsing, Jan Beulich
Previous by Thread:  Re: [Xen-devel] Xen 4.0.0-rc7 problem/hang with vt-d DMAR parsing, Jan Beulich
Next by Thread:  Re: [Xen-devel] Xen 4.0.0-rc7 problem/hang with vt-d DMAR parsing, Jan Beulich
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy