Xen project Mailing List

Re: [PATCH 4/7] x86: detect PIC aliasing on ports other than 0x[2A][01]

From: Roger Pau Monné <roger.pau@xxxxxxxxxx>

Date: Thu, 26 Oct 2023 15:24:44 +0200

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=o/mmP/GnLyA0cnqztq7H0FcYsONSfuIxFrqUb3Vb40c=; b=G4cJqXNqtX1CAuPGTRLC0stKbazw2RievXLloU+7dFxLqDBO+UCvzXTnFfftCZOFKt5pycU7sZLeJMsrJguDRp9/BvJLNZcSqIjQw86Fvj5flvThRj/ixcDyIkfYIIfrSlpTPxA3L8XNpJYTJmkc5N4Ol5JSqFed2W7pB3uE9IIF3vxm7AZa6toddCin+v8R0NQFgbL73rVZSUY3mlVbUGF+zTG+D+l1fDo6lpLABjsFsuJcFCvuHwRMRoCVT83j5xVb32B/N7F9SO4flT8SNxE1TZ0FBCxiqeXgUNXkox1/vGlfK4gQLT4Pvuls653cvxZVFWQYGljbSW9szHl8hw==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=VCx2TjLg91oRVgFDblwno5uvnhwgvYjLZv9kxCpqwh0VLCxeDt3glslhVAko9n40fRYKk2MFILPqAnfreymJR4RkjrDx3vMUruQGDx0wl7mw2TQyT4XFDPzqpBE9/GBF2x34T36JXWbKO12HTqwKE7RHGBkE9mpHDiMmc4ck9aPpQVdyWS4nVU2A3cXOV1Dr43W0mQ2ulxpYpt3xAOXyURI1w0Cd7U8I16u0CmGAC38jcIlijeyY0SVmKMSfvQQAQn03bqKqA9RPvCJk24f7gOzTSK6VCJIm3rLB3KdmnvG5sGu88Sz4ElJ5uD2xHj4a3PoB/iwPRK39N0Z6+P/mZw==

Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=citrix.com;

Cc: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>

Delivery-date: Thu, 26 Oct 2023 13:25:05 +0000

Ironport-data: A9a23:C6/j76nCx5IYGD9aV0sOw1jo5gynJ0RdPkR7XQ2eYbSJt1+Wr1Gzt xIcDDuAPveDZ2KgL4p0O9nlo05S78KAzd5lTwQ5+y81RSMWpZLJC+rCIxarNUt+DCFhoGFPt JxCN4aafKjYaleG+39B55C49SEUOZmgH+e6UKicfHkpGWeIcQ954Tp7gek1n4V0ttawBgKJq LvartbWfVSowFaYCEpNg064gE0p5K+aVA8w5ARkPqkT5gGGzhH5MbpETU2PByqgKmVrNrbSq 9brlNmR4m7f9hExPdKp+p6TnpoiG+O60aCm0xK6aoD66vRwjnVaPpUTbZLwXXx/mTSR9+2d/ f0W3XCGpaXFCYWX8AgVe0Ew/yiTpsSq8pefSZS0mZT7I0Er7xIAahihZa07FdRwxwp5PY1B3 cMHFT0hSy2AveSnm6+ZDc8zpJgSNOC+aevzulk4pd3YJdAPZMmbBoD1v5pf1jp2gd1SF/HDY cZfcSBocBnLfxxIPBEQFY46m+CrwHL4dlW0qnrM/fZxvzeVkVE3ieC0WDbWUoXiqcF9hEGXq 3iA523kKhobKMae2XyO9XfEaurnxHmmA9tDTO3mnhJsqEPO7VIiGT05bwC2uvmZhXadV9tZF FNBr0LCqoB3riRHVOLVXRe1vXqFtR40QMdLHqsx7wTl4rrZ5UOVC3YJShZFacc6r4kmSDoyz FiLktj1Qzt1v9W9Vna15rqS6zSoNkAowXQqYCYFSU4A/IPlqYRq1hbXFI87Seiyk8H/Hiz2z 3aSti8iir4PjMkNkaKm4VTAhDHqrZ/MJuIo2jjqsquexlsRTOaYi0aAszA3Md4owF6lc2S8

Ironport-hdrordr: A9a23:IRo3qKlpoNhRN+RIkik8SYSxN7jpDfL23DAbv31ZSRFFG/Fw8P re+cjztCWE6gr5PUtLpTnuAtjifZqxz+8P3WAxB8bFYOCFghrTEGlihbGSuwEIcheWnoU86U 4JSclD4bbLfD9HZKjBkW2F+hUbrOVvMprEuQ4T9RhQpHpRGthdBs5CZDqzFk1zSE1YCYEiFJ yaj/A32gadRQ==

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On Thu, Oct 26, 2023 at 11:03:42AM +0200, Jan Beulich wrote: > On 26.10.2023 10:34, Roger Pau Monné wrote: > > On Thu, May 11, 2023 at 02:06:46PM +0200, Jan Beulich wrote: > >> ... in order to also deny Dom0 access through the alias ports. Without > >> this it is only giving the impression of denying access to both PICs. > >> Unlike for CMOS/RTC, do detection very early, to avoid disturbing normal > >> operation later on. > >> > >> Like for CMOS/RTC a fundamental assumption of the probing is that reads > >> from the probed alias port won't have side effects in case it does not > >> alias the respective PIC's one. > > > > I'm slightly concerned about this probing. > > > > Also I'm unsure we can fully isolate the hardware domain like this. > > Preventing access to the non-aliased ports is IMO helpful for domains > > to realize the PIT is not available, but in any case such accesses > > shouldn't happen in the first place, as dom0 must be modified to run > > in such mode. > > That's true for PV Dom0, but not necessarily for PVH. Plus by denying > access to the aliases we also guard against bugs in Dom0, if some > component thinks there's something else at those ports (as they > indeed were used for other purposes by various vendors). I think it would be safe to add a command line option to disable the probing, as we would at least like to avoid it in pvshim mode. Maybe ut would be interesting to make it a Kconfig option so that exclusive pvshim Kconfig can avoid all this? Otherwise it will just make booting the pvshim slower. > >> @@ -492,10 +492,17 @@ int __init dom0_setup_permissions(struct > >> > >> /* Modify I/O port access permissions. */ > >> > >> - /* Master Interrupt Controller (PIC). */ > >> - rc |= ioports_deny_access(d, 0x20, 0x21); > >> - /* Slave Interrupt Controller (PIC). */ > >> - rc |= ioports_deny_access(d, 0xA0, 0xA1); > >> + for ( offs = 0, i = pic_alias_mask & -pic_alias_mask ?: 2; > >> + offs <= pic_alias_mask; offs += i ) > > > > I'm a bit lost with this, specifically: > > > > i = pic_alias_mask & -pic_alias_mask ?: 2 > > > > Which is then used as the increment step in > > > > offs += i > > > > I could see the usage of pic_alias_mask & -pic_alias_mask in order to > > find the first offset, but afterwards don't you need to increment at > > single bit left shifts in order to test all possibly set bits in > > pic_alias_mask? > > No, the smallest sensible increment is the lowest bit set in > pic_alias_mask. There's specifically no shifting involved here (just > mentioning it because you use the word). E.g. if the aliasing was at > bits 2 and 3 (pic_alias_mask=0x0c), we'd need to deny access to 20/21, > 24/25, 28/29, and 2C/2D, i.e. at an increment of 4. Right, it took me a bit to realize. We assume that aliases are based on fused address pins, so for example we don't explicitly test for an alias at port 0x34, but expect one if there's an alias at port 0x30 and another one at port 0x24. Thanks, Roger.

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.