|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH v7 17/22] arm/gic: Add a new callback to deny Dom0 access to GIC regions
On Fri, 25 Mar 2016, Shannon Zhao wrote:
> Add a new member in gic_hw_operations which is used to deny Dom0 access
> to GIC regions.
>
> Signed-off-by: Shannon Zhao <shannon.zhao@xxxxxxxxxx>
Reviewed-by: Stefano Stabellini <stefano.stabellini@xxxxxxxxxxxxx>
> v7: move them out of CONFIG_ACPI
> ---
> xen/arch/arm/gic-v2.c | 27 +++++++++++++++++++++++++++
> xen/arch/arm/gic-v3.c | 41 +++++++++++++++++++++++++++++++++++++++++
> xen/arch/arm/gic.c | 5 +++++
> xen/include/asm-arm/gic.h | 3 +++
> 4 files changed, 76 insertions(+)
>
> diff --git a/xen/arch/arm/gic-v2.c b/xen/arch/arm/gic-v2.c
> index 38e3216..450755f 100644
> --- a/xen/arch/arm/gic-v2.c
> +++ b/xen/arch/arm/gic-v2.c
> @@ -22,6 +22,7 @@
> #include <xen/init.h>
> #include <xen/mm.h>
> #include <xen/irq.h>
> +#include <xen/iocap.h>
> #include <xen/sched.h>
> #include <xen/errno.h>
> #include <xen/softirq.h>
> @@ -684,6 +685,31 @@ static void __init gicv2_dt_init(void)
> csize, vsize);
> }
>
> +static int gicv2_iomem_deny_access(const struct domain *d)
> +{
> + int rc;
> + unsigned long gfn, nr;
> +
> + gfn = dbase >> PAGE_SHIFT;
> + rc = iomem_deny_access(d, gfn, gfn + 1);
> + if ( rc )
> + return rc;
> +
> + gfn = hbase >> PAGE_SHIFT;
> + rc = iomem_deny_access(d, gfn, gfn + 1);
> + if ( rc )
> + return rc;
> +
> + gfn = cbase >> PAGE_SHIFT;
> + nr = DIV_ROUND_UP(csize, PAGE_SIZE);
> + rc = iomem_deny_access(d, gfn, gfn + nr);
> + if ( rc )
> + return rc;
> +
> + gfn = vbase >> PAGE_SHIFT;
> + return iomem_deny_access(d, gfn, gfn + nr);
> +}
> +
> #ifdef CONFIG_ACPI
> static int gicv2_make_hwdom_madt(const struct domain *d, u32 offset)
> {
> @@ -910,6 +936,7 @@ const static struct gic_hw_operations gicv2_ops = {
> .read_apr = gicv2_read_apr,
> .make_hwdom_dt_node = gicv2_make_hwdom_dt_node,
> .make_hwdom_madt = gicv2_make_hwdom_madt,
> + .iomem_deny_access = gicv2_iomem_deny_access,
> };
>
> /* Set up the GIC */
> diff --git a/xen/arch/arm/gic-v3.c b/xen/arch/arm/gic-v3.c
> index 52ee23c..a095064 100644
> --- a/xen/arch/arm/gic-v3.c
> +++ b/xen/arch/arm/gic-v3.c
> @@ -27,6 +27,7 @@
> #include <xen/cpu.h>
> #include <xen/mm.h>
> #include <xen/irq.h>
> +#include <xen/iocap.h>
> #include <xen/sched.h>
> #include <xen/errno.h>
> #include <xen/delay.h>
> @@ -1235,6 +1236,45 @@ static void __init gicv3_dt_init(void)
> &vbase, &vsize);
> }
>
> +static int gicv3_iomem_deny_access(const struct domain *d)
> +{
> + int rc, i;
> + unsigned long gfn, nr;
> +
> + gfn = dbase >> PAGE_SHIFT;
> + nr = DIV_ROUND_UP(SZ_64K, PAGE_SIZE);
> + rc = iomem_deny_access(d, gfn, gfn + nr);
> + if ( rc )
> + return rc;
> +
> + for ( i = 0; i < gicv3.rdist_count; i++ )
> + {
> + gfn = gicv3.rdist_regions[i].base >> PAGE_SHIFT;
> + nr = DIV_ROUND_UP(gicv3.rdist_regions[i].size, PAGE_SIZE);
> + rc = iomem_deny_access(d, gfn, gfn + nr);
> + if ( rc )
> + return rc;
> + }
> +
> + if ( cbase != INVALID_PADDR )
> + {
> + gfn = cbase >> PAGE_SHIFT;
> + nr = DIV_ROUND_UP(csize, PAGE_SIZE);
> + rc = iomem_deny_access(d, gfn, gfn + nr);
> + if ( rc )
> + return rc;
> + }
> +
> + if ( vbase != INVALID_PADDR )
> + {
> + gfn = vbase >> PAGE_SHIFT;
> + nr = DIV_ROUND_UP(csize, PAGE_SIZE);
> + return iomem_deny_access(d, gfn, gfn + nr);
> + }
> +
> + return 0;
> +}
> +
> #ifdef CONFIG_ACPI
> static int gicv3_make_hwdom_madt(const struct domain *d, u32 offset)
> {
> @@ -1530,6 +1570,7 @@ static const struct gic_hw_operations gicv3_ops = {
> .secondary_init = gicv3_secondary_cpu_init,
> .make_hwdom_dt_node = gicv3_make_hwdom_dt_node,
> .make_hwdom_madt = gicv3_make_hwdom_madt,
> + .iomem_deny_access = gicv3_iomem_deny_access,
> };
>
> static int __init gicv3_dt_preinit(struct dt_device_node *node, const void
> *data)
> diff --git a/xen/arch/arm/gic.c b/xen/arch/arm/gic.c
> index b3c1eb3..2bfe4de 100644
> --- a/xen/arch/arm/gic.c
> +++ b/xen/arch/arm/gic.c
> @@ -744,6 +744,11 @@ int gic_make_hwdom_madt(const struct domain *d, u32
> offset)
> return gic_hw_ops->make_hwdom_madt(d, offset);
> }
>
> +int gic_iomem_deny_access(const struct domain *d)
> +{
> + return gic_hw_ops->iomem_deny_access(d);
> +}
> +
> /*
> * Local variables:
> * mode: C
> diff --git a/xen/include/asm-arm/gic.h b/xen/include/asm-arm/gic.h
> index 8130136..cd97bb2 100644
> --- a/xen/include/asm-arm/gic.h
> +++ b/xen/include/asm-arm/gic.h
> @@ -360,6 +360,8 @@ struct gic_hw_operations {
> const struct dt_device_node *gic, void *fdt);
> /* Create MADT table for the hardware domain */
> int (*make_hwdom_madt)(const struct domain *d, u32 offset);
> + /* Deny access to GIC regions */
> + int (*iomem_deny_access)(const struct domain *d);
> };
>
> void register_gic_ops(const struct gic_hw_operations *ops);
> @@ -367,6 +369,7 @@ int gic_make_hwdom_dt_node(const struct domain *d,
> const struct dt_device_node *gic,
> void *fdt);
> int gic_make_hwdom_madt(const struct domain *d, u32 offset);
> +int gic_iomem_deny_access(const struct domain *d);
>
> #endif /* __ASSEMBLY__ */
> #endif
> --
> 2.1.4
>
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |