Xen project Mailing List

Re: [Xen-devel] [PATCH RFC 1/4] x86/dom0: prevent access to MMCFG areas for PVH Dom0

To: "Roger Pau Monné" <roger.pau@xxxxxxxxxx>

From: "Jan Beulich" <JBeulich@xxxxxxxx>

Date: Mon, 03 Jul 2017 01:06:04 -0600

Cc: andrew.cooper3@xxxxxxxxxx, boris.ostrovsky@xxxxxxxxxx, xen-devel@xxxxxxxxxxxxxxxxxxxx

Delivery-date: Mon, 03 Jul 2017 07:06:19 +0000

List-id: Xen developer discussion <xen-devel.lists.xen.org>

>>> On 30.06.17 at 17:33, <roger.pau@xxxxxxxxxx> wrote: > On Fri, Jun 30, 2017 at 05:27:06AM -0600, Jan Beulich wrote: >> >>> Roger Pau Monne <roger.pau@xxxxxxxxxx> 04/24/17 1:52 PM >>> >> >--- a/xen/arch/x86/dom0_build.c >> >+++ b/xen/arch/x86/dom0_build.c >> >@@ -18,6 +18,8 @@ >> >#include <asm/p2m.h> >> >#include <asm/setup.h> >> > >> >+#include "x86_64/mmconfig.h" >> >> Not just but also because of this I'd prefer if this was taken care of in the >> MMCFG code itself, also covering ranges which are being added post- >> boot. Presumably in/from pci_mmcfg_arch_{en,dis}able(). > > The problem with this approach is that at the point in the boot where > pci_mmcfg_arch_enable gets called (from acpi_mmcfg_init) the domain > has not yet been created, so it's not possible to call > iomem_deny_access, and in any case the iomem ranges are initialized in > dom0_setup_permissions, so that would get overwritten. I understand that; a new helper function would be needed. Jan _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx https://lists.xen.org/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.