From patchwork Fri Mar 25 13:48:51 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Shannon Zhao <shannon.zhao@linaro.org>
X-Patchwork-Id: 8671661
Return-Path: <xen-devel-bounces@lists.xen.org>
X-Original-To: patchwork-xen-devel@patchwork.kernel.org
Delivered-To: patchwork-parsemail@patchwork1.web.kernel.org
Received: from mail.kernel.org (mail.kernel.org [198.145.29.136])
	by patchwork1.web.kernel.org (Postfix) with ESMTP id 39EDE9F36E
	for <patchwork-xen-devel@patchwork.kernel.org>;
	Fri, 25 Mar 2016 13:51:51 +0000 (UTC)
Received: from mail.kernel.org (localhost [127.0.0.1])
	by mail.kernel.org (Postfix) with ESMTP id 652BC2034A
	for <patchwork-xen-devel@patchwork.kernel.org>;
	Fri, 25 Mar 2016 13:51:50 +0000 (UTC)
Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120])
	(using TLSv1.2 with cipher AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by mail.kernel.org (Postfix) with ESMTPS id E6192202E9
	for <patchwork-xen-devel@patchwork.kernel.org>;
	Fri, 25 Mar 2016 13:51:48 +0000 (UTC)
Received: from localhost ([127.0.0.1] helo=lists.xenproject.org)
	by lists.xenproject.org with esmtp (Exim 4.84_2)
	(envelope-from <xen-devel-bounces@lists.xen.org>)
	id 1ajS8I-0002GP-Uw; Fri, 25 Mar 2016 13:50:34 +0000
Received: from mail6.bemta5.messagelabs.com ([195.245.231.135])
	by lists.xenproject.org with esmtp (Exim 4.84_2)
	(envelope-from <shannon.zhao@linaro.org>) id 1ajS8G-0002Dj-Si
	for xen-devel@lists.xen.org; Fri, 25 Mar 2016 13:50:32 +0000
Received: from [85.158.139.211] by server-15.bemta-5.messagelabs.com id
	25/10-06546-82245F65; Fri, 25 Mar 2016 13:50:32 +0000
X-Env-Sender: shannon.zhao@linaro.org
X-Msg-Ref: server-7.tower-206.messagelabs.com!1458913830!31155223!1
X-Originating-IP: [209.85.220.52]
X-SpamReason: No, hits=0.0 required=7.0 tests=
X-StarScan-Received: 
X-StarScan-Version: 8.11; banners=-,-,-
X-VirusChecked: Checked
Received: (qmail 41389 invoked from network); 25 Mar 2016 13:50:31 -0000
Received: from mail-pa0-f52.google.com (HELO mail-pa0-f52.google.com)
	(209.85.220.52)
	by server-7.tower-206.messagelabs.com with AES128-GCM-SHA256
	encrypted SMTP; 25 Mar 2016 13:50:31 -0000
Received: by mail-pa0-f52.google.com with SMTP id tt10so47136346pab.3
	for <xen-devel@lists.xen.org>; Fri, 25 Mar 2016 06:50:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google;
	h=from:to:cc:subject:date:message-id:in-reply-to:references;
	bh=XDoO9PY+1K5K4MW6G/MnBhdifAwkkxBANp0s4YpNhNs=;
	b=HmM8NSxKLS3gdKQkzhNScuhn7zSD53APsm40lITGFqndIqCeKz2yldQWztZJ2h517J
	oMoOW/VsmpzXWcazMg9pzh35MMQrkMyM7gul6TczmWsz7uh/KejLxDQfdEPOIisBw4ly
	1ovw7T51RBMzmI00iq8LVDGkrwJmmjcqtyx2U=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20130820;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references;
	bh=XDoO9PY+1K5K4MW6G/MnBhdifAwkkxBANp0s4YpNhNs=;
	b=fJxxIBGTS514MyPLJAxYAUlEOvfZLZVKbYkHPcM0CNuDxRtsihtk8JFxf1vhWKvISu
	1KfH/k/zur5rBnWgnNRJwEIoRhpToiaKnF5DHGrGKuQl8gPDoFn23WNlAY8et7Mw5gLw
	lVBxZZvb4OTWYw0tvwsCCCJQMK+XgFug9oLUKn8i+LdRb2yZyk3vsTh11v1X64wK6RNR
	Sd+ieYozyWFXZdT+lA+K+svmRFQCVNqJQQUCKfCZfHPzmazye89cgZCw3NyzLJL4G4pA
	MeGQI9DXGcOVRagEANe4Hn54ZmDkcB1uPEeEd854r5j9D3brXYuR950/GdYfDdmF4q6Q
	K0PA==
X-Gm-Message-State: 
 AD7BkJLePKgQrEeQ9f9UOrpnr/wR+cjwXuuUPjB4OpSeECBLbrzBFTWpd/DoyHEtU14q+aDV
X-Received: by 10.66.62.131 with SMTP id y3mr21389339par.58.1458913830234;
	Fri, 25 Mar 2016 06:50:30 -0700 (PDT)
Received: from localhost.localdomain ([45.56.152.2])
	by smtp.gmail.com with ESMTPSA id
	w20sm16744178pfi.31.2016.03.25.06.50.25
	(version=TLSv1/SSLv3 cipher=OTHER);
	Fri, 25 Mar 2016 06:50:29 -0700 (PDT)
From: Shannon Zhao <shannon.zhao@linaro.org>
To: xen-devel@lists.xen.org
Date: Fri, 25 Mar 2016 21:48:51 +0800
Message-Id: <1458913735-2678-19-git-send-email-shannon.zhao@linaro.org>
X-Mailer: git-send-email 2.1.4
In-Reply-To: <1458913735-2678-1-git-send-email-shannon.zhao@linaro.org>
References: <1458913735-2678-1-git-send-email-shannon.zhao@linaro.org>
Cc: julien.grall@arm.com, shannon.zhao@linaro.org,
	stefano.stabellini@citrix.com, peter.huangpeng@huawei.com,
	zhaoshenglong@huawei.com
Subject: [Xen-devel] [PATCH v7 18/22] arm/acpi: Permit MMIO access of Xen
	unused devices for Dom0
X-BeenThere: xen-devel@lists.xen.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: Xen developer discussion <xen-devel.lists.xen.org>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
MIME-Version: 1.0
Errors-To: xen-devel-bounces@lists.xen.org
Sender: "Xen-devel" <xen-devel-bounces@lists.xen.org>
X-Spam-Status: No, score=-4.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	RCVD_IN_DNSWL_MED, T_DKIM_INVALID,
	UNPARSEABLE_RELAY autolearn=unavailable version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

Firstly it permits full MMIO capabilities for Dom0. Then deny MMIO
access of Xen used devices, such as UART, GIC, SMMU. Currently, it only
denies the MMIO access of UART and GIC regions. For other Xen used
devices it could be added later when they are supported.

Signed-off-by: Shannon Zhao <shannon.zhao@linaro.org>
Reviewed-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Acked-by: Julien Grall <julien.grall@arm.com>
---
 xen/arch/arm/domain_build.c | 36 ++++++++++++++++++++++++++++++++++++
 1 file changed, 36 insertions(+)

diff --git a/xen/arch/arm/domain_build.c b/xen/arch/arm/domain_build.c
index 28b85e5..f004d92 100644
--- a/xen/arch/arm/domain_build.c
+++ b/xen/arch/arm/domain_build.c
@@ -1359,6 +1359,38 @@ static int prepare_dtb(struct domain *d, struct kernel_info *kinfo)
 #ifdef CONFIG_ACPI
 #define ACPI_DOM0_FDT_MIN_SIZE 4096
 
+static int acpi_iomem_deny_access(struct domain *d)
+{
+    acpi_status status;
+    struct acpi_table_spcr *spcr = NULL;
+    unsigned long gfn;
+    int rc;
+
+    /* Firstly permit full MMIO capabilities. */
+    rc = iomem_permit_access(d, 0UL, ~0UL);
+    if ( rc )
+        return rc;
+
+    /* TODO: Deny MMIO access for SMMU, GIC ITS */
+    status = acpi_get_table(ACPI_SIG_SPCR, 0,
+                            (struct acpi_table_header **)&spcr);
+
+    if ( ACPI_FAILURE(status) )
+    {
+        printk("Failed to get SPCR table\n");
+        return -EINVAL;
+    }
+
+    gfn = spcr->serial_port.address >> PAGE_SHIFT;
+    /* Deny MMIO access for UART */
+    rc = iomem_deny_access(d, gfn, gfn + 1);
+    if ( rc )
+        return rc;
+
+    /* Deny MMIO access for GIC regions */
+    return gic_iomem_deny_access(d);
+}
+
 static int acpi_permit_spi_access(struct domain *d)
 {
     int i, res;
@@ -1919,6 +1951,10 @@ static int prepare_acpi(struct domain *d, struct kernel_info *kinfo)
     if ( rc != 0 )
         return rc;
 
+    rc = acpi_iomem_deny_access(d);
+    if ( rc != 0 )
+        return rc;
+
     return 0;
 }
 #else