Xen project Mailing List

Re: [PATCH v5] x86: detect CMOS aliasing on ports other than 0x70/0x71

From: Roger Pau Monné <roger.pau@xxxxxxxxxx>

Date: Mon, 3 Apr 2023 13:44:05 +0200

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=GDY6ZPt2ogBpnfv4hBUOFEYDGrLLJXxL+TTEDteGKw4=; b=dv3e76jrtr1xVHetxmjX8DlIhGNK8TEGARIPlLpGxw1dHh0UQ3/oq/fFPBtm6CyCyeVT/UZKVxDP4hJiwGgeO9vfXtph62CrlsmdbwxSBSMkT/K7vnJokg9gkBQA8Z/J18QKt+2N3lZZwrtxb/DEvcfqcd+Y8bD5OViSy3nvoySB11oMd+iVpiGEZC9uQf2ma4gy9uBp8iWr5f3TtmGu9p1pZiKs5sSKWojucshehCliMykNipCOlU7rElvR+alAdgmRAB+diwF7gDZz79UXjJ8Yq0bBptDIWVvHxj4Ux5Lz8+hnQ7sZA3ismA1DGAFt4BnLG5HCVJel/vwUEIIbMg==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=iFhXLTVEItfp1DLIYa3L9wwHl7QAUQCDsB8GSi+fKpdlfxMzoWWVuxfEWobem8+CWWzocq3YxWoZHOIIkAg3tv0/LB7Et4Sk6C7JaYFDY8aia+jahxueXmCI2MFR+kKE5rtvRa0UF7afZf7/PchYbUNkCPjyc3guIbGHjjY2mzarnVHVaZI/mtK9BkvY7xQyr1fMUx9I/RPXunFJcBgg91BTFB3sh6DDdqEHfawZnhUay38IwNGpKQe9IjhS8RROBUCujrOzYDLBin7Mcs5VO9Ax+jRYHrWvJcBOxMxEUHAkELZ2wIhi413kHgowlNBQxZet9bWCO4Km+Fp0hunzeA==

Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=citrix.com;

Cc: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Paul Durrant <paul@xxxxxxx>, Wei Liu <wl@xxxxxxx>

Delivery-date: Mon, 03 Apr 2023 11:44:41 +0000

Ironport-data: A9a23:mlhrX61UOZVmlorjE/bD5eZwkn2cJEfYwER7XKvMYLTBsI5bpzcAy DNMC22AbKuPMWXzKYh1b47i8RsOvJSAyYJhTAJppC1hF35El5HIVI+TRqvS04F+DeWYFR46s J9OAjXkBJppJpMJjk71atANlVEliefTAOK6ULWeUsxIbVcMYD87jh5+kPIOjIdtgNyoayuAo tq3qMDEULOf82cc3lk8tuTS+HuDgNyo4GlD5gBmPqgS1LPjvyJ94Kw3dPnZw0TQGuG4LsbiL 87fwbew+H/u/htFIrtJRZ6iLyXm6paLVeS/oiI+t5qK23CulQRrukoPD9IOaF8/ttm8t4sZJ OOhF3CHYVxB0qXkwIzxWvTDes10FfUuFLTveRBTvSEPpqFvnrSFL/hGVSkL0YMkFulfC0IQ6 eQSIhUxMB3dib6d3qKmWtJwv5F2RCXrFNt3VnBI6xj8VaxjeraaBqLA6JlfwSs6gd1IEbDGf c0FZDFzbRPGJRpSJlMQD5F4l+Ct7pX9W2QA9BTJ+uxqvC6Pk2Sd05C0WDbRUsaNSshP2F6Ru 0rN/njjAwFcP9uaodaA2iv03L6XwX2nBOr+EpXgq8ZLuwS/m1ZKI14WfFXghKeGrlSHDoc3x 0s8v3BGQbIJ3E6hQ8T5Xha4iGWZpRNaUN1Ve8Uq5QfIxqfK7gKxAmkfUiUHeNEgrNUxRzEhy hmOhdyBLSRmrbm9WX+bsLCOoluaJiw9PWIEIygeQmM4D8LLpYgyilfUSI9lGavt1NntQ2msn HaNsTQ0gKgVgYgTzaKn8FvbgjWq4J/UUgoy4QaRVWWghu9kWLOYi0WTwQCzxZ59wEyxFzFtY FBsdxCi0d0z

Ironport-hdrordr: A9a23:jWwQvKnUYeSkO4uI1OiHpmkKk+XpDfLo3DAbv31ZSRFFG/Fw9/ rCoB17726QtN91YhsdcL+7V5VoLUmzyXcX2/hyAV7BZmnbUQKTRekP0WKL+Vbd8kbFh41gPM lbEpSXCLfLfCJHZcSR2njELz73quP3jJxBho3lvghQpRkBUdAF0+/gYDzranGfQmN9dP0EPa vZ3OVrjRy6d08aa8yqb0N1JNQq97Xw5fTbiQdtPW9f1DWz

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On Mon, Apr 03, 2023 at 01:26:41PM +0200, Jan Beulich wrote: > On 03.04.2023 13:09, Roger Pau Monné wrote: > > On Thu, Mar 30, 2023 at 12:40:38PM +0200, Jan Beulich wrote: > >> ... in order to also intercept Dom0 accesses through the alias ports. > >> > >> Also stop intercepting accesses to the CMOS ports if we won't ourselves > >> use the CMOS RTC, because of there being none. > > > > So it's fine for dom0 to switch off NMIs if Xen isn't using the RTC? > > Seems like a weird side-effect of Xen not using the RTC (seeing as we > > would otherwise mask bit 8 from dom0 RTC accesses). > > I haven't been able to find documentation on this single bit in the > absence of RTC / CMOS. > > > Also I'm worried that when Xen doesn't intercept RTC ports accesses > > from dom0 could be interrupted for example by the vCPU being scheduled > > out, so a vCPU might perform a write to the index port, and be > > scheduled out, leaving the RTC in an undefined state. > > I did specifically add "because of there being none" to the sentence > to clarify in which case we avoid intercepting. Oh, right, sorry for the fuzz, I didn't parse that last bit of the sentence. I'm fine with the current wording then. > >> +bool is_cmos_port(unsigned int port, unsigned int bytes, const struct > >> domain *d) > >> +{ > >> + unsigned int offs; > >> + > >> + if ( !is_hardware_domain(d) || > >> + !(acpi_gbl_FADT.boot_flags & ACPI_FADT_NO_CMOS_RTC) ) > >> + return port <= RTC_PORT(1) && port + bytes > RTC_PORT(0); > >> + > >> + if ( acpi_gbl_FADT.boot_flags & ACPI_FADT_NO_CMOS_RTC ) > >> + return false; > >> + > >> + for ( offs = 2; offs <= cmos_alias_mask; offs <<= 1 ) > >> + { > >> + if ( !(offs & cmos_alias_mask) ) > >> + continue; > >> + if ( port <= RTC_PORT(offs | 1) && port + bytes > RTC_PORT(offs) ) > >> + return true; > >> + } > > > > Maybe I'm confused, but doesn't this loop start at RTC_PORT(2), and > > hence you need to check for the RTC_PORT(0,1) pair outside of the > > loop? > > The loop starts at offset 2, yes, but see the initial if() in the > function. Or at least I thought I got that right, but it looks like > I didn't (failed attempt to try to address a specific request of > yours, iirc). Hm, doesn't that first if() cause that on all systems with an RTC only PORTS(0,1) are allowed? > >> @@ -1256,23 +1330,25 @@ unsigned int rtc_guest_read(unsigned int > >> unsigned long flags; > >> unsigned int data = ~0; > >> > >> - switch ( port ) > >> + switch ( port & ~cmos_alias_mask ) > > > > Given that the call is gated with is_cmos_port() it would be clearer > > to just use RTC_PORT(1) as the mask here IMO. > > Hmm, personally I wouldn't consider RTC_PORT(1) to be reasonable to > use as a mask (even if technically it would be okay). OK, never mind then. Thanks, Roger.

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.