[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH RFC 1/4] x86/dom0: prevent access to MMCFG areas for PVH Dom0

>>> On 30.06.17 at 17:33, <roger.pau@xxxxxxxxxx> wrote:
> On Fri, Jun 30, 2017 at 05:27:06AM -0600, Jan Beulich wrote:
>> >>> Roger Pau Monne <roger.pau@xxxxxxxxxx> 04/24/17 1:52 PM >>>
>> >--- a/xen/arch/x86/dom0_build.c
>> >+++ b/xen/arch/x86/dom0_build.c
>> >@@ -18,6 +18,8 @@
>>  >#include <asm/p2m.h>
>>  >#include <asm/setup.h>
>>  >
>> >+#include "x86_64/mmconfig.h"
>> Not just but also because of this I'd prefer if this was taken care of in the
>> MMCFG code itself, also covering ranges which are being added post-
>> boot. Presumably in/from pci_mmcfg_arch_{en,dis}able().
> The problem with this approach is that at the point in the boot where
> pci_mmcfg_arch_enable gets called (from acpi_mmcfg_init) the domain
> has not yet been created, so it's not possible to call
> iomem_deny_access, and in any case the iomem ranges are initialized in
> dom0_setup_permissions, so that would get overwritten.

I understand that; a new helper function would be needed.


Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.