Xen project Mailing List

[Xen-devel] [PATCH] vpci: don't allow access to devices not assigned to the domain

From: Roger Pau Monne <roger.pau@xxxxxxxxxx>

Date: Mon, 2 Sep 2019 13:30:34 +0200

Authentication-results: esa2.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none; spf=None smtp.pra=roger.pau@xxxxxxxxxx; spf=Pass smtp.mailfrom=roger.pau@xxxxxxxxxx; spf=None smtp.helo=postmaster@xxxxxxxxxxxxxxx

Cc: Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx>, George Dunlap <George.Dunlap@xxxxxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Ian Jackson <ian.jackson@xxxxxxxxxxxxx>, Tim Deegan <tim@xxxxxxx>, Julien Grall <julien.grall@xxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Roger Pau Monne <roger.pau@xxxxxxxxxx>

Delivery-date: Mon, 02 Sep 2019 11:31:06 +0000

Ironport-sdr: quvEcpl2OtjP5hNP/0Buy+YzHjBhLU+6B1wCdeiPj7RdzD21KEDynDV20dsOu4MkeqzE/ejIfm 76BomTIbdaW5emplpnm9RbXC20IRakPowchI44MIFVyran5pksmS7zOzblhSl9bzRhvmFHUdqi S72ic6TQfksuZaaPF0YhmsieK6TD3g5mGAFfXmvTd+duvfD+AzAuVbJtMkdbQ+vwX8o7tOWzkC e+VF0reRLoBbqqFXbhwA+eFhWycfGbcqzeS0QtGn5edY6i44QD64cFbMfX93EG18w7t5Y04KMV PRU=

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Don't allow the hardware domain to access the PCI config space of devices not assigned to it. Ie: the config space of iommu devices in use by Xen should not be accessible to the hardware domain. Note that access from the hardware domain to config space regions where Xen hasn't detected any devices is still allowed. Signed-off-by: Roger Pau Monné <roger.pau@xxxxxxxxxx> --- xen/drivers/vpci/vpci.c | 31 +++++++++++++++++++++++++++---- 1 file changed, 27 insertions(+), 4 deletions(-) diff --git a/xen/drivers/vpci/vpci.c b/xen/drivers/vpci/vpci.c index 758d9420e7..761aa40f99 100644 --- a/xen/drivers/vpci/vpci.c +++ b/xen/drivers/vpci/vpci.c @@ -319,7 +319,21 @@ uint32_t vpci_read(pci_sbdf_t sbdf, unsigned int reg, unsigned int size) /* Find the PCI dev matching the address. */ pdev = pci_get_pdev_by_domain(d, sbdf.seg, sbdf.bus, sbdf.devfn); if ( !pdev ) + { + pcidevs_lock(); + pdev = pci_get_pdev(sbdf.seg, sbdf.bus, sbdf.devfn); + pcidevs_unlock(); + if ( pdev ) + /* Drop reads to devices not assigned to the domain. */ + return data; + + /* + * Let the hardware domain access config space regions for non-existent + * devices. + * TODO: revisit for domU support. + */ return vpci_read_hw(sbdf, reg, size); + } spin_lock(&pdev->vpci->lock); @@ -418,13 +432,22 @@ void vpci_write(pci_sbdf_t sbdf, unsigned int reg, unsigned int size, return; } - /* - * Find the PCI dev matching the address. - * Passthrough everything that's not trapped. - */ + /* Find the PCI dev matching the address. */ pdev = pci_get_pdev_by_domain(d, sbdf.seg, sbdf.bus, sbdf.devfn); if ( !pdev ) { + pcidevs_lock(); + pdev = pci_get_pdev(sbdf.seg, sbdf.bus, sbdf.devfn); + pcidevs_unlock(); + if ( pdev ) + /* Ignore writes to devices not assigned to the domain. */ + return; + + /* + * Let the hardware domain access config space regions for non-existent + * devices. + * TODO: revisit for domU support. + */ vpci_write_hw(sbdf, reg, size, data); return; } -- 2.22.0 _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/mailman/listinfo/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.