From patchwork Tue Sep 27 15:57:02 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Roger_Pau_Monn=C3=A9?= X-Patchwork-Id: 9352161 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 1646C60757 for ; Tue, 27 Sep 2016 16:00:15 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 0642A29242 for ; Tue, 27 Sep 2016 16:00:15 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id EEDFB29286; Tue, 27 Sep 2016 16:00:14 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.2 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 706B029242 for ; Tue, 27 Sep 2016 16:00:14 +0000 (UTC) Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1boulj-0007OR-HT; Tue, 27 Sep 2016 15:58:07 +0000 Received: from mail6.bemta6.messagelabs.com ([193.109.254.103]) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1bouli-0007LM-7i for xen-devel@lists.xenproject.org; Tue, 27 Sep 2016 15:58:06 +0000 Received: from [85.158.143.35] by server-1.bemta-6.messagelabs.com id B6/24-01767-E079AE75; Tue, 27 Sep 2016 15:58:06 +0000 X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFjrIIsWRWlGSWpSXmKPExsXitHRDpC7v9Ff hBnv2Slp83zKZyYHR4/CHKywBjFGsmXlJ+RUJrBmbJq9nKmiyqDj4+iJ7A+MczS5GTg4JAX+J GVNamEBsNgEdiYtzd7J1MXJwiAioSNzea9DFyMXBLLCBUWL649usIDXCAiESkzY2s4PYLAKqE n/3PATr5RVwkdj/ex4LxExdiYfnfoPVcwq4SvS2LQCrEQKquTvzIytEvaDEyZlPwOqZBTQlWr f/Zoew5SWat85mhqhXlOif94ANYia3xO3TU5knMPLPQtI+C0n7LCTtCxiZVzFqFKcWlaUW6Ro Z6yUVZaZnlOQmZuboGhqY6eWmFhcnpqfmJCYV6yXn525iBAYhAxDsYPwzP/AQoyQHk5Ior0b7 q3AhvqT8lMqMxOKM+KLSnNTiQ4waHBwCm9euvsAoxZKXn5eqJMHrMRWoTrAoNT21Ii0zBxgnM KUSHDxKIrycIGne4oLE3OLMdIjUKUZdji0LbqxlEgKbISXO2wBSJABSlFGaBzcCFrOXGGWlhH kZgQ4U4ilILcrNLEGVf8UozsGoJMwrAjKFJzOvBG7TK6AjmICOWHriBcgRJYkIKakGRv3oae7 ufaod8VM0lt+eXK5w8vNWAaX+Z1/Wrvn0OL/heofyxE+nTl9zcblrEKqud/7WtZbVi5hskjtC dmjMT1n24KPLERb/mDqLaVd1hKLPyWVsE+mTm5we9S0u6PbLuc+OO/plL5T9uPavtm3uq5cR/ 8OW9egceNa5dubkp1vaxK7x/U+R1VNiKc5INNRiLipOBADZ5Xwp1AIAAA== X-Env-Sender: prvs=071b8e69e=roger.pau@citrix.com X-Msg-Ref: server-4.tower-21.messagelabs.com!1474991877!29175510!4 X-Originating-IP: [66.165.176.89] X-SpamReason: No, hits=0.0 required=7.0 tests=sa_preprocessor: VHJ1c3RlZCBJUDogNjYuMTY1LjE3Ni44OSA9PiAyMDMwMDc=\n, received_headers: No Received headers X-StarScan-Received: X-StarScan-Version: 8.84; banners=-,-,- X-VirusChecked: Checked Received: (qmail 14928 invoked from network); 27 Sep 2016 15:58:04 -0000 Received: from smtp.citrix.com (HELO SMTP.CITRIX.COM) (66.165.176.89) by server-4.tower-21.messagelabs.com with RC4-SHA encrypted SMTP; 27 Sep 2016 15:58:04 -0000 X-IronPort-AV: E=Sophos;i="5.30,405,1470700800"; d="scan'208";a="380934275" From: Roger Pau Monne To: Date: Tue, 27 Sep 2016 17:57:02 +0200 Message-ID: <1474991845-27962-8-git-send-email-roger.pau@citrix.com> X-Mailer: git-send-email 2.7.4 (Apple Git-66) In-Reply-To: <1474991845-27962-1-git-send-email-roger.pau@citrix.com> References: <1474991845-27962-1-git-send-email-roger.pau@citrix.com> MIME-Version: 1.0 X-DLP: MIA2 Cc: Andrew Cooper , boris.ostrovsky@oracle.com, Roger Pau Monne , Jan Beulich Subject: [Xen-devel] [PATCH v2 07/30] xen/x86: split the setup of Dom0 permissions to a function X-BeenThere: xen-devel@lists.xen.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xen.org Sender: "Xen-devel" X-Virus-Scanned: ClamAV using ClamSMTP So that it can also be used by the PVH-specific domain builder. This is just code motion, it should not introduce any functional change. Signed-off-by: Roger Pau Monné --- Cc: Jan Beulich Cc: Andrew Cooper --- xen/arch/x86/domain_build.c | 164 +++++++++++++++++++++++--------------------- 1 file changed, 86 insertions(+), 78 deletions(-) diff --git a/xen/arch/x86/domain_build.c b/xen/arch/x86/domain_build.c index 04d6cb0..ffd0521 100644 --- a/xen/arch/x86/domain_build.c +++ b/xen/arch/x86/domain_build.c @@ -869,6 +869,89 @@ static __init void setup_pv_physmap(struct domain *d, unsigned long pgtbl_pfn, unmap_domain_page(l4start); } +static int __init setup_permissions(struct domain *d) +{ + unsigned long mfn; + int i, rc = 0; + + /* The hardware domain is initially permitted full I/O capabilities. */ + rc |= ioports_permit_access(d, 0, 0xFFFF); + rc |= iomem_permit_access(d, 0UL, (1UL << (paddr_bits - PAGE_SHIFT)) - 1); + rc |= irqs_permit_access(d, 1, nr_irqs_gsi - 1); + + /* + * Modify I/O port access permissions. + */ + /* Master Interrupt Controller (PIC). */ + rc |= ioports_deny_access(d, 0x20, 0x21); + /* Slave Interrupt Controller (PIC). */ + rc |= ioports_deny_access(d, 0xA0, 0xA1); + /* Interval Timer (PIT). */ + rc |= ioports_deny_access(d, 0x40, 0x43); + /* PIT Channel 2 / PC Speaker Control. */ + rc |= ioports_deny_access(d, 0x61, 0x61); + /* ACPI PM Timer. */ + if ( pmtmr_ioport ) + rc |= ioports_deny_access(d, pmtmr_ioport, pmtmr_ioport + 3); + /* PCI configuration space (NB. 0xcf8 has special treatment). */ + rc |= ioports_deny_access(d, 0xcfc, 0xcff); + /* Command-line I/O ranges. */ + process_dom0_ioports_disable(d); + + /* + * Modify I/O memory access permissions. + */ + /* Local APIC. */ + if ( mp_lapic_addr != 0 ) + { + mfn = paddr_to_pfn(mp_lapic_addr); + rc |= iomem_deny_access(d, mfn, mfn); + } + /* I/O APICs. */ + for ( i = 0; i < nr_ioapics; i++ ) + { + mfn = paddr_to_pfn(mp_ioapics[i].mpc_apicaddr); + if ( !rangeset_contains_singleton(mmio_ro_ranges, mfn) ) + rc |= iomem_deny_access(d, mfn, mfn); + } + /* MSI range. */ + rc |= iomem_deny_access(d, paddr_to_pfn(MSI_ADDR_BASE_LO), + paddr_to_pfn(MSI_ADDR_BASE_LO + + MSI_ADDR_DEST_ID_MASK)); + /* HyperTransport range. */ + if ( boot_cpu_data.x86_vendor == X86_VENDOR_AMD ) + rc |= iomem_deny_access(d, paddr_to_pfn(0xfdULL << 32), + paddr_to_pfn((1ULL << 40) - 1)); + + /* Remove access to E820_UNUSABLE I/O regions above 1MB. */ + for ( i = 0; i < e820.nr_map; i++ ) + { + unsigned long sfn, efn; + sfn = max_t(unsigned long, paddr_to_pfn(e820.map[i].addr), 0x100ul); + efn = paddr_to_pfn(e820.map[i].addr + e820.map[i].size - 1); + if ( (e820.map[i].type == E820_UNUSABLE) && + (e820.map[i].size != 0) && + (sfn <= efn) ) + rc |= iomem_deny_access(d, sfn, efn); + } + + /* Prevent access to HPET */ + if ( hpet_address ) + { + u8 prot_flags = hpet_flags & ACPI_HPET_PAGE_PROTECT_MASK; + + mfn = paddr_to_pfn(hpet_address); + if ( prot_flags == ACPI_HPET_PAGE_PROTECT4 ) + rc |= iomem_deny_access(d, mfn, mfn); + else if ( prot_flags == ACPI_HPET_PAGE_PROTECT64 ) + rc |= iomem_deny_access(d, mfn, mfn + 15); + else if ( ro_hpet ) + rc |= rangeset_add_singleton(mmio_ro_ranges, mfn); + } + + return rc; +} + int __init construct_dom0( struct domain *d, const module_t *image, unsigned long image_headroom, @@ -1539,84 +1622,9 @@ int __init construct_dom0( if ( test_bit(XENFEAT_supervisor_mode_kernel, parms.f_required) ) panic("Dom0 requires supervisor-mode execution"); - rc = 0; - - /* The hardware domain is initially permitted full I/O capabilities. */ - rc |= ioports_permit_access(d, 0, 0xFFFF); - rc |= iomem_permit_access(d, 0UL, (1UL << (paddr_bits - PAGE_SHIFT)) - 1); - rc |= irqs_permit_access(d, 1, nr_irqs_gsi - 1); - - /* - * Modify I/O port access permissions. - */ - /* Master Interrupt Controller (PIC). */ - rc |= ioports_deny_access(d, 0x20, 0x21); - /* Slave Interrupt Controller (PIC). */ - rc |= ioports_deny_access(d, 0xA0, 0xA1); - /* Interval Timer (PIT). */ - rc |= ioports_deny_access(d, 0x40, 0x43); - /* PIT Channel 2 / PC Speaker Control. */ - rc |= ioports_deny_access(d, 0x61, 0x61); - /* ACPI PM Timer. */ - if ( pmtmr_ioport ) - rc |= ioports_deny_access(d, pmtmr_ioport, pmtmr_ioport + 3); - /* PCI configuration space (NB. 0xcf8 has special treatment). */ - rc |= ioports_deny_access(d, 0xcfc, 0xcff); - /* Command-line I/O ranges. */ - process_dom0_ioports_disable(d); - - /* - * Modify I/O memory access permissions. - */ - /* Local APIC. */ - if ( mp_lapic_addr != 0 ) - { - mfn = paddr_to_pfn(mp_lapic_addr); - rc |= iomem_deny_access(d, mfn, mfn); - } - /* I/O APICs. */ - for ( i = 0; i < nr_ioapics; i++ ) - { - mfn = paddr_to_pfn(mp_ioapics[i].mpc_apicaddr); - if ( !rangeset_contains_singleton(mmio_ro_ranges, mfn) ) - rc |= iomem_deny_access(d, mfn, mfn); - } - /* MSI range. */ - rc |= iomem_deny_access(d, paddr_to_pfn(MSI_ADDR_BASE_LO), - paddr_to_pfn(MSI_ADDR_BASE_LO + - MSI_ADDR_DEST_ID_MASK)); - /* HyperTransport range. */ - if ( boot_cpu_data.x86_vendor == X86_VENDOR_AMD ) - rc |= iomem_deny_access(d, paddr_to_pfn(0xfdULL << 32), - paddr_to_pfn((1ULL << 40) - 1)); - - /* Remove access to E820_UNUSABLE I/O regions above 1MB. */ - for ( i = 0; i < e820.nr_map; i++ ) - { - unsigned long sfn, efn; - sfn = max_t(unsigned long, paddr_to_pfn(e820.map[i].addr), 0x100ul); - efn = paddr_to_pfn(e820.map[i].addr + e820.map[i].size - 1); - if ( (e820.map[i].type == E820_UNUSABLE) && - (e820.map[i].size != 0) && - (sfn <= efn) ) - rc |= iomem_deny_access(d, sfn, efn); - } - - /* Prevent access to HPET */ - if ( hpet_address ) - { - u8 prot_flags = hpet_flags & ACPI_HPET_PAGE_PROTECT_MASK; - - mfn = paddr_to_pfn(hpet_address); - if ( prot_flags == ACPI_HPET_PAGE_PROTECT4 ) - rc |= iomem_deny_access(d, mfn, mfn); - else if ( prot_flags == ACPI_HPET_PAGE_PROTECT64 ) - rc |= iomem_deny_access(d, mfn, mfn + 15); - else if ( ro_hpet ) - rc |= rangeset_add_singleton(mmio_ro_ranges, mfn); - } - - BUG_ON(rc != 0); + rc = setup_permissions(d); + if ( rc != 0 ) + panic("Failed to setup Dom0 permissions"); if ( elf_check_broken(&elf) ) printk(" Xen warning: dom0 kernel broken ELF: %s\n",