[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Xen 4.0.0-rc7 problem/hang with vt-d DMAR parsing

To: Jan Beulich <JBeulich@xxxxxxxxxx>
From: Weidong Han <weidong.han@xxxxxxxxx>
Date: Thu, 25 Mar 2010 17:05:57 +0800
Cc: "xen-devel@xxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxx>, Keir Fraser <keir.fraser@xxxxxxxxxxxxx>, "Cui, Dexuan" <dexuan.cui@xxxxxxxxx>
Delivery-date: Thu, 25 Mar 2010 02:06:19 -0700
List-id: Xen developer discussion <xen-devel.lists.xensource.com>

Jan Beulich wrote:

Weidong Han <weidong.han@xxxxxxxxx> 25.03.10 01:55 >>>
Do you mean to know which case fails on length checking? How about belowpatch?


Yes, something like this. Although I'd prefer to have a general
sizeof(struct acpi_dmar_entry_header) check before the switch
statement (to avoid even looking at out of range header fields),
and "break"s instead of "goto disable"s.

Ok. Updated the patch according to your suggestion. Thanks.

diff -r a4eac162dcb9 xen/drivers/passthrough/vtd/dmar.c
--- a/xen/drivers/passthrough/vtd/dmar.c    Thu Mar 25 01:05:03 2010 +0800
+++ b/xen/drivers/passthrough/vtd/dmar.c    Fri Mar 26 01:59:55 2010 +0800
@@ -659,26 +659,71 @@ static int __init acpi_parse_dmar(struct
    while ( ((unsigned long)entry_header) <
            (((unsigned long)dmar) + table->length) )
    {
+        if ( entry_header->length < sizeof(struct acpi_dmar_entry_header) )
+        {
+            dprintk(XENLOG_ERR VTDPREFIX,
+                    "Invalid ACPI DMAR entry length: 0x%x\n",
+                    entry_header->length);
+            ret = -EINVAL;
+            break;
+        }
+
        switch ( entry_header->type )
        {
        case ACPI_DMAR_DRHD:
            if ( iommu_verbose )
                dprintk(VTDPREFIX, "found ACPI_DMAR_DRHD:\n");
+
+            if ( entry_header->length < sizeof(struct acpi_table_drhd) )
+            {
+                dprintk(XENLOG_ERR VTDPREFIX,
+                        "  Invalid length: 0x%x\n", entry_header->length);
+                ret = -EINVAL;
+                break;
+            }
+
            ret = acpi_parse_one_drhd(entry_header);
            break;
        case ACPI_DMAR_RMRR:
            if ( iommu_verbose )
                dprintk(VTDPREFIX, "found ACPI_DMAR_RMRR:\n");
+
+            if ( entry_header->length < sizeof(struct acpi_table_rmrr) )
+            {
+                dprintk(XENLOG_ERR VTDPREFIX,
+                        "  Invalid length: 0x%x\n", entry_header->length);
+                ret = -EINVAL;
+                break;
+            }
+
            ret = acpi_parse_one_rmrr(entry_header);
            break;
        case ACPI_DMAR_ATSR:
            if ( iommu_verbose )
                dprintk(VTDPREFIX, "found ACPI_DMAR_ATSR:\n");
+
+            if ( entry_header->length < sizeof(struct acpi_table_atsr) )
+            {
+                dprintk(XENLOG_ERR VTDPREFIX,
+                        "  Invalid length: 0x%x\n", entry_header->length);
+                ret = -EINVAL;
+                break;
+            }
+
            ret = acpi_parse_one_atsr(entry_header);
            break;
        default:


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

Follow-Ups:
- Re: [Xen-devel] Xen 4.0.0-rc7 problem/hang with vt-d DMAR parsing
  - From: Jan Beulich

References:
- Re: [Xen-devel] Xen 4.0.0-rc7 problem/hang with vt-d DMAR parsing
  - From: Pasi Kärkkäinen
- Re: [Xen-devel] Xen 4.0.0-rc7 problem/hang with vt-d DMAR parsing
  - From: Keir Fraser
- Re: [Xen-devel] Xen 4.0.0-rc7 problem/hang with vt-d DMAR parsing
  - From: Pasi Kärkkäinen
- RE: [Xen-devel] Xen 4.0.0-rc7 problem/hang with vt-d DMAR parsing
  - From: Cui, Dexuan
- RE: [Xen-devel] Xen 4.0.0-rc7 problem/hang with vt-d DMAR parsing
  - From: Jan Beulich
- Re: [Xen-devel] Xen 4.0.0-rc7 problem/hang with vt-d DMAR parsing
  - From: Weidong Han
- Re: [Xen-devel] Xen 4.0.0-rc7 problem/hang with vt-d DMAR parsing
  - From: Jan Beulich
- Re: [Xen-devel] Xen 4.0.0-rc7 problem/hang with vt-d DMAR parsing
  - From: Weidong Han
- Re: [Xen-devel] Xen 4.0.0-rc7 problem/hang with vt-d DMAR parsing
  - From: Jan Beulich
- Re: [Xen-devel] Xen 4.0.0-rc7 problem/hang with vt-d DMAR parsing
  - From: Weidong Han
- Re: [Xen-devel] Xen 4.0.0-rc7 problem/hang with vt-d DMAR parsing
  - From: Jan Beulich

Prev by Date: [Xen-devel] [PATCH] x86: s3: write_msi_msg: entry->msg should be in the compatibility format
Next by Date: Re: [Xen-devel] Xen 4.0.0-rc7 problem/hang with vt-d DMAR parsing
Previous by thread: Re: [Xen-devel] Xen 4.0.0-rc7 problem/hang with vt-d DMAR parsing
Next by thread: Re: [Xen-devel] Xen 4.0.0-rc7 problem/hang with vt-d DMAR parsing
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.