[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] x86: guard against port I/O overlapping the RTC/CMOS range

  • To: Jan Beulich <jbeulich@xxxxxxxx>
  • From: Roger Pau Monné <roger.pau@xxxxxxxxxx>
  • Date: Mon, 20 Jul 2020 15:22:19 +0200
  • Authentication-results: esa1.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none
  • Cc: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
  • Delivery-date: Mon, 20 Jul 2020 13:22:38 +0000
  • Ironport-sdr: JSc1KxCDMqwgE350jYVkc/thdFnuFjAul1kIhutLHrFGFEDANkexuSOA36gQXjddgIDy0KW4Qf XcmQzqw6iz0blI6b0dZYR3gxZK5HcOdY1G0FbNBP/7jEUqfz0vv3J5SEfXWZKFq8ytyhYpeh8t ha8iTqLjkQ0hC9Y/7omqNNQ+cwlvQ2p/4xgkpSBIcWFBkCVdlkUqGDXlywxgrDr0psZtvmzCpA raNj+4vvEpmOGoK+M0SAgXwQsgnhzrWNk047SNaw3GW8PFX8TKaHmmpTVk9yB/Hds1mGe6Qnl8 uAE=
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On Mon, Jul 20, 2020 at 01:58:40PM +0200, Jan Beulich wrote:
> On 20.07.2020 12:52, Roger Pau Monné wrote:
> > On Fri, Jul 17, 2020 at 03:10:43PM +0200, Jan Beulich wrote:
> >> Since we intercept RTC/CMOS port accesses, let's do so consistently in
> >> all cases, i.e. also for e.g. a dword access to [006E,0071]. To avoid
> >> the risk of unintended impact on Dom0 code actually doing so (despite
> >> the belief that none ought to exist), also extend
> >> guest_io_{read,write}() to decompose accesses where some ports are
> >> allowed to be directly accessed and some aren't.
> > 
> > Wouldn't the same apply to displaced accesses to port 0xcf8?
> 
> No, CF8 is special - partial accesses have no meaning as to the
> index selection for subsequent CFC accesses. Or else CF9
> couldn't be a standalone port with entirely different
> functionality..

Right:

Reviewed-by: Roger Pau Monné <roger.pau@xxxxxxxxxx>

See below.

> >> @@ -373,25 +384,31 @@ static int read_io(unsigned int port, un
> >>      return X86EMUL_OKAY;
> >>  }
> >>  
> >> +static void _guest_io_write(unsigned int port, unsigned int bytes,
> >> +                            uint32_t data)
> > 
> > There's nothing guest specific about this function I think? If so you
> > could drop the _guest_ prefix and just name it io_write?
> 
> Hmm, when choosing the name I decided that (a) it's a helper of
> the other function and (b) it's still guest driven data that we
> output.

Well, the fact that it's guest driven data shouldn't matter much,
because there are no guest-specific checks in the function anyway - it
might as well be used for non-guest driven data AFAICT? (even if it's
not the case ATM).

It's likely that if I have to change code here in the future I will
drop such prefix, but the change is correct regardless of the naming,
so I'm not going to insist.

> >> +{
> >> +    switch ( bytes )
> >> +    {
> >> +    case 1:
> >> +        outb((uint8_t)data, port);
> >> +        if ( amd_acpi_c1e_quirk )
> >> +            amd_check_disable_c1e(port, (uint8_t)data);
> >> +        break;
> >> +    case 2:
> >> +        outw((uint16_t)data, port);
> >> +        break;
> >> +    case 4:
> >> +        outl(data, port);
> >> +        break;
> >> +    }
> > 
> > Newlines after break statements would be nice, and maybe add a
> > default: ASSERT_UNREACHABLE() case to be on the safe side?
> 
> Well, yes, I guess I should. But then if I edit this moved code,
> I guess I'll also get rid of the stray casts.

Was going to also ask for that, but I assumed there might we some
value in making the truncations explicit here. Feel free to drop those
also if you end up making the above adjustments.

Thanks, Roger.

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.