From patchwork Fri Jul 29 16:28:57 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Roger_Pau_Monn=C3=A9?= X-Patchwork-Id: 9252691 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 726DE60757 for ; Fri, 29 Jul 2016 16:32:04 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 63852283E1 for ; Fri, 29 Jul 2016 16:32:04 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 58073283E3; Fri, 29 Jul 2016 16:32:04 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.2 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id D4F6A283E1 for ; Fri, 29 Jul 2016 16:32:03 +0000 (UTC) Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1bTAfR-0003hl-Q6; Fri, 29 Jul 2016 16:29:45 +0000 Received: from mail6.bemta5.messagelabs.com ([195.245.231.135]) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1bTAfQ-0003gM-1e for xen-devel@lists.xenproject.org; Fri, 29 Jul 2016 16:29:44 +0000 Received: from [85.158.139.211] by server-15.bemta-5.messagelabs.com id D2/96-12460-7748B975; Fri, 29 Jul 2016 16:29:43 +0000 X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFtrDIsWRWlGSWpSXmKPExsXitHRDpG5Zy+x wg4tnjS2+b5nM5MDocfjDFZYAxijWzLyk/IoE1ow7jzYyFjRZVHw8tICtgXGOZhcjJ4eEgL/E 0ytnWEBsNgEdiYtzd7J1MXJwiAioSNzeawBiMguUS8y4EQ9SISwQKrHl23FWEJtFQFXixJtFY DavgIvEmi9tLBATdSUenvvNCtLKKeAq8X9VNYgpBFTS0BQKUS0ocXLmE7BqZgFNidbtv9khbH mJ5q2zmUFsIQFFif55D8BukRDglvjbbT+BkX8Wku5ZSLpnIelewMi8ilGjOLWoLLVI19BYL6k oMz2jJDcxM0fX0MBULze1uDgxPTUnMalYLzk/dxMjMPQYgGAH479tnocYJTmYlER5F6yYFS7E l5SfUpmRWJwRX1Sak1p8iFGDg0Ng89rVFxilWPLy81KVJHhvN80OFxIsSk1PrUjLzAFGB0ypB AePkgjvlkagNG9xQWJucWY6ROoUoy7HlgU31jIJgc2QEufVbwYqEgApyijNgxsBi9RLjLJSwr yMQAcK8RSkFuVmlqDKv2IU52BUEuZlBpnCk5lXArfpFdARTEBHFMfOADmiJBEhJdXAuOh9afp +JZUTcW+mhESuVU7g3hffWDGHL9YoyHvp7NiEr3PyKn0zmBf/dkjfG+ram9yfsCdAuaBnws4d 1TNeL3uZp3f1lCSL2L7bIRuYrsbfE/fKEviUkdL57rvO3KtxZ4sOcORrfTycF/T/85OC+D9RG amT1y+RnrzG4I8Y84J7PVmv4qNKlFiKMxINtZiLihMBlP0CeM8CAAA= X-Env-Sender: prvs=011b0443a=roger.pau@citrix.com X-Msg-Ref: server-12.tower-206.messagelabs.com!1469809781!15677055!1 X-Originating-IP: [66.165.176.89] X-SpamReason: No, hits=0.0 required=7.0 tests=sa_preprocessor: VHJ1c3RlZCBJUDogNjYuMTY1LjE3Ni44OSA9PiAyMDMwMDc=\n, received_headers: No Received headers X-StarScan-Received: X-StarScan-Version: 8.77; banners=-,-,- X-VirusChecked: Checked Received: (qmail 3977 invoked from network); 29 Jul 2016 16:29:42 -0000 Received: from smtp.citrix.com (HELO SMTP.CITRIX.COM) (66.165.176.89) by server-12.tower-206.messagelabs.com with RC4-SHA encrypted SMTP; 29 Jul 2016 16:29:42 -0000 X-IronPort-AV: E=Sophos;i="5.28,440,1464652800"; d="scan'208";a="369281716" From: Roger Pau Monne To: Date: Fri, 29 Jul 2016 18:28:57 +0200 Message-ID: <1469809747-11176-3-git-send-email-roger.pau@citrix.com> X-Mailer: git-send-email 2.7.4 (Apple Git-66) In-Reply-To: <1469809747-11176-1-git-send-email-roger.pau@citrix.com> References: <1469809747-11176-1-git-send-email-roger.pau@citrix.com> MIME-Version: 1.0 X-DLP: MIA1 Cc: Andrew Cooper , Jan Beulich , Roger Pau Monne Subject: [Xen-devel] [PATCH RFC 02/12] xen/x86: split the setup of Dom0 permissions to a function X-BeenThere: xen-devel@lists.xen.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xen.org Sender: "Xen-devel" X-Virus-Scanned: ClamAV using ClamSMTP So that it can also be used by the PVH-specific domain builder. This is just code motion, it should not introduce any functional change. Signed-off-by: Roger Pau Monné --- Cc: Jan Beulich Cc: Andrew Cooper --- xen/arch/x86/domain_build.c | 164 +++++++++++++++++++++++--------------------- 1 file changed, 86 insertions(+), 78 deletions(-) diff --git a/xen/arch/x86/domain_build.c b/xen/arch/x86/domain_build.c index d7d4afc..09d79be 100644 --- a/xen/arch/x86/domain_build.c +++ b/xen/arch/x86/domain_build.c @@ -869,6 +869,89 @@ static __init void setup_pv_physmap(struct domain *d, unsigned long pgtbl_pfn, unmap_domain_page(l4start); } +static int __init setup_permissions(struct domain *d) +{ + unsigned long mfn; + int i, rc = 0; + + /* The hardware domain is initially permitted full I/O capabilities. */ + rc |= ioports_permit_access(d, 0, 0xFFFF); + rc |= iomem_permit_access(d, 0UL, (1UL << (paddr_bits - PAGE_SHIFT)) - 1); + rc |= irqs_permit_access(d, 1, nr_irqs_gsi - 1); + + /* + * Modify I/O port access permissions. + */ + /* Master Interrupt Controller (PIC). */ + rc |= ioports_deny_access(d, 0x20, 0x21); + /* Slave Interrupt Controller (PIC). */ + rc |= ioports_deny_access(d, 0xA0, 0xA1); + /* Interval Timer (PIT). */ + rc |= ioports_deny_access(d, 0x40, 0x43); + /* PIT Channel 2 / PC Speaker Control. */ + rc |= ioports_deny_access(d, 0x61, 0x61); + /* ACPI PM Timer. */ + if ( pmtmr_ioport ) + rc |= ioports_deny_access(d, pmtmr_ioport, pmtmr_ioport + 3); + /* PCI configuration space (NB. 0xcf8 has special treatment). */ + rc |= ioports_deny_access(d, 0xcfc, 0xcff); + /* Command-line I/O ranges. */ + process_dom0_ioports_disable(d); + + /* + * Modify I/O memory access permissions. + */ + /* Local APIC. */ + if ( mp_lapic_addr != 0 ) + { + mfn = paddr_to_pfn(mp_lapic_addr); + rc |= iomem_deny_access(d, mfn, mfn); + } + /* I/O APICs. */ + for ( i = 0; i < nr_ioapics; i++ ) + { + mfn = paddr_to_pfn(mp_ioapics[i].mpc_apicaddr); + if ( !rangeset_contains_singleton(mmio_ro_ranges, mfn) ) + rc |= iomem_deny_access(d, mfn, mfn); + } + /* MSI range. */ + rc |= iomem_deny_access(d, paddr_to_pfn(MSI_ADDR_BASE_LO), + paddr_to_pfn(MSI_ADDR_BASE_LO + + MSI_ADDR_DEST_ID_MASK)); + /* HyperTransport range. */ + if ( boot_cpu_data.x86_vendor == X86_VENDOR_AMD ) + rc |= iomem_deny_access(d, paddr_to_pfn(0xfdULL << 32), + paddr_to_pfn((1ULL << 40) - 1)); + + /* Remove access to E820_UNUSABLE I/O regions above 1MB. */ + for ( i = 0; i < e820.nr_map; i++ ) + { + unsigned long sfn, efn; + sfn = max_t(unsigned long, paddr_to_pfn(e820.map[i].addr), 0x100ul); + efn = paddr_to_pfn(e820.map[i].addr + e820.map[i].size - 1); + if ( (e820.map[i].type == E820_UNUSABLE) && + (e820.map[i].size != 0) && + (sfn <= efn) ) + rc |= iomem_deny_access(d, sfn, efn); + } + + /* Prevent access to HPET */ + if ( hpet_address ) + { + u8 prot_flags = hpet_flags & ACPI_HPET_PAGE_PROTECT_MASK; + + mfn = paddr_to_pfn(hpet_address); + if ( prot_flags == ACPI_HPET_PAGE_PROTECT4 ) + rc |= iomem_deny_access(d, mfn, mfn); + else if ( prot_flags == ACPI_HPET_PAGE_PROTECT64 ) + rc |= iomem_deny_access(d, mfn, mfn + 15); + else if ( ro_hpet ) + rc |= rangeset_add_singleton(mmio_ro_ranges, mfn); + } + + return rc; +} + int __init construct_dom0( struct domain *d, const module_t *image, unsigned long image_headroom, @@ -1529,84 +1612,9 @@ int __init construct_dom0( if ( test_bit(XENFEAT_supervisor_mode_kernel, parms.f_required) ) panic("Dom0 requires supervisor-mode execution"); - rc = 0; - - /* The hardware domain is initially permitted full I/O capabilities. */ - rc |= ioports_permit_access(d, 0, 0xFFFF); - rc |= iomem_permit_access(d, 0UL, (1UL << (paddr_bits - PAGE_SHIFT)) - 1); - rc |= irqs_permit_access(d, 1, nr_irqs_gsi - 1); - - /* - * Modify I/O port access permissions. - */ - /* Master Interrupt Controller (PIC). */ - rc |= ioports_deny_access(d, 0x20, 0x21); - /* Slave Interrupt Controller (PIC). */ - rc |= ioports_deny_access(d, 0xA0, 0xA1); - /* Interval Timer (PIT). */ - rc |= ioports_deny_access(d, 0x40, 0x43); - /* PIT Channel 2 / PC Speaker Control. */ - rc |= ioports_deny_access(d, 0x61, 0x61); - /* ACPI PM Timer. */ - if ( pmtmr_ioport ) - rc |= ioports_deny_access(d, pmtmr_ioport, pmtmr_ioport + 3); - /* PCI configuration space (NB. 0xcf8 has special treatment). */ - rc |= ioports_deny_access(d, 0xcfc, 0xcff); - /* Command-line I/O ranges. */ - process_dom0_ioports_disable(d); - - /* - * Modify I/O memory access permissions. - */ - /* Local APIC. */ - if ( mp_lapic_addr != 0 ) - { - mfn = paddr_to_pfn(mp_lapic_addr); - rc |= iomem_deny_access(d, mfn, mfn); - } - /* I/O APICs. */ - for ( i = 0; i < nr_ioapics; i++ ) - { - mfn = paddr_to_pfn(mp_ioapics[i].mpc_apicaddr); - if ( !rangeset_contains_singleton(mmio_ro_ranges, mfn) ) - rc |= iomem_deny_access(d, mfn, mfn); - } - /* MSI range. */ - rc |= iomem_deny_access(d, paddr_to_pfn(MSI_ADDR_BASE_LO), - paddr_to_pfn(MSI_ADDR_BASE_LO + - MSI_ADDR_DEST_ID_MASK)); - /* HyperTransport range. */ - if ( boot_cpu_data.x86_vendor == X86_VENDOR_AMD ) - rc |= iomem_deny_access(d, paddr_to_pfn(0xfdULL << 32), - paddr_to_pfn((1ULL << 40) - 1)); - - /* Remove access to E820_UNUSABLE I/O regions above 1MB. */ - for ( i = 0; i < e820.nr_map; i++ ) - { - unsigned long sfn, efn; - sfn = max_t(unsigned long, paddr_to_pfn(e820.map[i].addr), 0x100ul); - efn = paddr_to_pfn(e820.map[i].addr + e820.map[i].size - 1); - if ( (e820.map[i].type == E820_UNUSABLE) && - (e820.map[i].size != 0) && - (sfn <= efn) ) - rc |= iomem_deny_access(d, sfn, efn); - } - - /* Prevent access to HPET */ - if ( hpet_address ) - { - u8 prot_flags = hpet_flags & ACPI_HPET_PAGE_PROTECT_MASK; - - mfn = paddr_to_pfn(hpet_address); - if ( prot_flags == ACPI_HPET_PAGE_PROTECT4 ) - rc |= iomem_deny_access(d, mfn, mfn); - else if ( prot_flags == ACPI_HPET_PAGE_PROTECT64 ) - rc |= iomem_deny_access(d, mfn, mfn + 15); - else if ( ro_hpet ) - rc |= rangeset_add_singleton(mmio_ro_ranges, mfn); - } - - BUG_ON(rc != 0); + rc = setup_permissions(d); + if ( rc != 0 ) + panic("Failed to setup Dom0 permissions"); if ( elf_check_broken(&elf) ) printk(" Xen warning: dom0 kernel broken ELF: %s\n",