[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH 1/3] x86: don't allow Dom0 access to the MSI address range



On Wed, Aug 21, 2013 at 07:36:58AM +0100, Jan Beulich wrote:
> In particular, MMIO assignments should not be done using this area.

And just to make sure there are no regressions - have you tested
this with an upstream dom0 kernel to make sure it does not blow things up?

Or at least if it does blow up - are there any WARN or BUG to help
in coming up with a patch?
> 
> Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
> 
> --- a/xen/arch/x86/domain_build.c
> +++ b/xen/arch/x86/domain_build.c
> @@ -1122,6 +1122,10 @@ int __init construct_dom0(
>          if ( !rangeset_contains_singleton(mmio_ro_ranges, mfn) )
>              rc |= iomem_deny_access(dom0, mfn, mfn);
>      }
> +    /* MSI range. */
> +    rc |= iomem_deny_access(dom0, paddr_to_pfn(MSI_ADDR_BASE_LO),
> +                            paddr_to_pfn(MSI_ADDR_BASE_LO +
> +                                         MSI_ADDR_DEST_ID_MASK));
>  
>      /* Remove access to E820_UNUSABLE I/O regions above 1MB. */
>      for ( i = 0; i < e820.nr_map; i++ )
> 
> 
> 

> x86: don't allow Dom0 access to the MSI address range
> 
> In particular, MMIO assignments should not be done using this area.
> 
> Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
> 
> --- a/xen/arch/x86/domain_build.c
> +++ b/xen/arch/x86/domain_build.c
> @@ -1122,6 +1122,10 @@ int __init construct_dom0(
>          if ( !rangeset_contains_singleton(mmio_ro_ranges, mfn) )
>              rc |= iomem_deny_access(dom0, mfn, mfn);
>      }
> +    /* MSI range. */
> +    rc |= iomem_deny_access(dom0, paddr_to_pfn(MSI_ADDR_BASE_LO),
> +                            paddr_to_pfn(MSI_ADDR_BASE_LO +
> +                                         MSI_ADDR_DEST_ID_MASK));
>  
>      /* Remove access to E820_UNUSABLE I/O regions above 1MB. */
>      for ( i = 0; i < e820.nr_map; i++ )

> _______________________________________________
> Xen-devel mailing list
> Xen-devel@xxxxxxxxxxxxx
> http://lists.xen.org/xen-devel


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.