[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [PATCH v5 3/3] xen: block access to IO port 0xcf9



This port is used by PM1a and should not be accessed directly by Dom0. This
also premits trapping 2 and 4 byte accesses to 0xcf8, which need to be
handled by the hypervisor.

Also, since admin_io_okay is now a wrapper around ioports_access_permitted
remove it.

Signed-off-by: Roger Pau Monnà <roger.pau@xxxxxxxxxx>
Cc: Jan Beulich <jbeulich@xxxxxxxx>
Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
---
 xen/arch/x86/domain_build.c |  2 ++
 xen/arch/x86/traps.c        | 23 ++++-------------------
 2 files changed, 6 insertions(+), 19 deletions(-)

diff --git a/xen/arch/x86/domain_build.c b/xen/arch/x86/domain_build.c
index 2a23746..ecc872d 100644
--- a/xen/arch/x86/domain_build.c
+++ b/xen/arch/x86/domain_build.c
@@ -1551,6 +1551,8 @@ int __init construct_dom0(
     rc |= ioports_deny_access(d, 0xcfc, 0xcff);
     /* Never permit direct access to the RTC/CMOS registers. */
     rc |= ioports_deny_access(d, RTC_PORT(0), RTC_PORT(1));
+    /* PM1a */
+    rc |= ioports_deny_access(d, 0xcf9, 0xcf9);
     /* Command-line I/O ranges. */
     process_dom0_ioports_disable(d);
 
diff --git a/xen/arch/x86/traps.c b/xen/arch/x86/traps.c
index 0b0c5e9..8d2bbb2 100644
--- a/xen/arch/x86/traps.c
+++ b/xen/arch/x86/traps.c
@@ -1753,21 +1753,6 @@ static int guest_io_okay(
     return 0;
 }
 
-/* Has the administrator granted sufficient permission for this I/O access? */
-static int admin_io_okay(
-    unsigned int port, unsigned int bytes,
-    struct vcpu *v, struct cpu_user_regs *regs)
-{
-    /*
-     * Port 0xcf8 (CONFIG_ADDRESS) is only visible for DWORD accesses.
-     * We never permit direct access to that register.
-     */
-    if ( (port == 0xcf8) && (bytes == 4) )
-        return 0;
-
-    return ioports_access_permitted(v->domain, port, port + bytes - 1);
-}
-
 static int pci_cfg_ok(struct domain *d, int write, int size)
 {
     uint32_t machine_bdf;
@@ -1809,7 +1794,7 @@ uint32_t guest_io_read(
     uint32_t data = 0;
     unsigned int shift = 0;
 
-    if ( admin_io_okay(port, bytes, v, regs) )
+    if ( ioports_access_permitted(v->domain, port, port + bytes - 1) )
     {
         switch ( bytes )
         {
@@ -1873,7 +1858,7 @@ void guest_io_write(
     unsigned int port, unsigned int bytes, uint32_t data,
     struct vcpu *v, struct cpu_user_regs *regs)
 {
-    if ( admin_io_okay(port, bytes, v, regs) )
+    if ( ioports_access_permitted(v->domain, port, port + bytes - 1) )
     {
         switch ( bytes ) {
         case 1:
@@ -2224,7 +2209,7 @@ static int emulate_privileged_op(struct cpu_user_regs 
*regs)
     exec_in:
         if ( !guest_io_okay(port, op_bytes, v, regs) )
             goto fail;
-        if ( admin_io_okay(port, op_bytes, v, regs) )
+        if ( ioports_access_permitted(v->domain, port, port + op_bytes - 1) )
         {
             mark_regs_dirty(regs);
             io_emul(regs);            
@@ -2254,7 +2239,7 @@ static int emulate_privileged_op(struct cpu_user_regs 
*regs)
     exec_out:
         if ( !guest_io_okay(port, op_bytes, v, regs) )
             goto fail;
-        if ( admin_io_okay(port, op_bytes, v, regs) )
+        if ( ioports_access_permitted(v->domain, port, port + op_bytes - 1) )
         {
             mark_regs_dirty(regs);
             io_emul(regs);            
-- 
1.9.5 (Apple Git-50.3)


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.