From patchwork Fri Aug 11 16:43:17 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: =?utf-8?q?Roger_Pau_Monn=C3=A9?= <roger.pau@citrix.com>
X-Patchwork-Id: 9896309
Return-Path: <xen-devel-bounces@lists.xen.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	AD929602DA for <patchwork-xen-devel@patchwork.kernel.org>;
	Fri, 11 Aug 2017 16:47:00 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 9F53F28C58
	for <patchwork-xen-devel@patchwork.kernel.org>;
	Fri, 11 Aug 2017 16:47:00 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 9412928C6B; Fri, 11 Aug 2017 16:47:00 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.2 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_MED
	autolearn=ham version=3.3.1
Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120])
	(using TLSv1.2 with cipher AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 604C128C6C
	for <patchwork-xen-devel@patchwork.kernel.org>;
	Fri, 11 Aug 2017 16:46:57 +0000 (UTC)
Received: from localhost ([127.0.0.1] helo=lists.xenproject.org)
	by lists.xenproject.org with esmtp (Exim 4.84_2)
	(envelope-from <xen-devel-bounces@lists.xen.org>)
	id 1dgD20-0003HI-S3; Fri, 11 Aug 2017 16:43:28 +0000
Received: from mail6.bemta5.messagelabs.com ([195.245.231.135])
	by lists.xenproject.org with esmtp (Exim 4.84_2)
	(envelope-from <prvs=389849213=roger.pau@citrix.com>)
	id 1dgD1z-0003Gp-Um
	for xen-devel@lists.xenproject.org; Fri, 11 Aug 2017 16:43:28 +0000
Received: from [85.158.139.211] by server-17.bemta-5.messagelabs.com id
	65/EF-18997-FAEDD895; Fri, 11 Aug 2017 16:43:27 +0000
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFlrPIsWRWlGSWpSXmKPExsXitHSDve66e72
	RBqt7dCy+b5nM5MDocfjDFZYAxijWzLyk/IoE1oydp+0LtolWHOlZyNrAOF+wi5GTQ0LAX2JW
	Wy8jiM0moCNxce5Oti5GDg4RARWJ23sNQExmgXKJGTfiQUxhAR+JE6syQUwWAVWJ08d0QPp4B
	SwlDn/ZzwwxT0/i7cQXYPM4BawkmqY+BLOFgGp6Z19hh6gXlDg58wkLiM0soCnRuv03O4QtL9
	G8dTYzRL2iRP+8B2wTGPlmIWmZhaRlFpKWBYzMqxjVi1OLylKLdI31kooy0zNKchMzc3QNDUz
	1clOLixPTU3MSk4r1kvNzNzECA4wBCHYw7v3ndIhRkoNJSZQ3wac3UogvKT+lMiOxOCO+qDQn
	tfgQowYHh8DmtasvMEqx5OXnpSpJ8PbcBaoTLEpNT61Iy8wBxgBMqQQHj5II7wSQNG9xQWJuc
	WY6ROoUoy7Hqwn/vzEJgc2QEuc9CFIkAFKUUZoHNwIWj5cYZaWEeRmBDhTiKUgtys0sQZV/xS
	jOwagkzDsDZApPZl4J3KZXQEcwAR3R5wN2REkiQkqqgXHeMaX3pxaYBnVoFnkoiLhP2pwTKO7
	HWfV8ynSpelWmtspT3VO2ql6t6LL6bHCr+unq+53xyxr0gjp2+kzxPN8pK9b/MKRCju3MIrYV
	s9bMdAl4dFx90nyWP9NusW3O+nTn/BoTpz1tx/bPfnBn6Saxw97mzTmTr+euMBArPSDafiXrW
	k2TDq8SS3FGoqEWc1FxIgDvvR6MwgIAAA==
X-Env-Sender: prvs=389849213=roger.pau@citrix.com
X-Msg-Ref: server-3.tower-206.messagelabs.com!1502469804!103317144!2
X-Originating-IP: [66.165.176.63]
X-SpamReason: No, hits=0.0 required=7.0 tests=sa_preprocessor:
	VHJ1c3RlZCBJUDogNjYuMTY1LjE3Ni42MyA9PiAzMDYwNDg=\n,
	received_headers: No Received headers
X-StarScan-Received: 
X-StarScan-Version: 9.4.45; banners=-,-,-
X-VirusChecked: Checked
Received: (qmail 18684 invoked from network); 11 Aug 2017 16:43:26 -0000
Received: from smtp02.citrix.com (HELO SMTP02.CITRIX.COM) (66.165.176.63)
	by server-3.tower-206.messagelabs.com with RC4-SHA encrypted SMTP;
	11 Aug 2017 16:43:26 -0000
X-IronPort-AV: E=Sophos;i="5.41,358,1498521600"; d="scan'208";a="443501826"
From: Roger Pau Monne <roger.pau@citrix.com>
To: <xen-devel@lists.xenproject.org>
Date: Fri, 11 Aug 2017 17:43:17 +0100
Message-ID: <20170811164320.92899-2-roger.pau@citrix.com>
X-Mailer: git-send-email 2.11.0 (Apple Git-81)
In-Reply-To: <20170811164320.92899-1-roger.pau@citrix.com>
References: <20170811164320.92899-1-roger.pau@citrix.com>
MIME-Version: 1.0
Cc: Andrew Cooper <andrew.cooper3@citrix.com>,
	Jan Beulich <jbeulich@suse.com>, Roger Pau Monne <roger.pau@citrix.com>
Subject: [Xen-devel] [PATCH v2 1/4] x86/dom0: prevent access to MMCFG areas
	for PVH Dom0
X-BeenThere: xen-devel@lists.xen.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: Xen developer discussion <xen-devel.lists.xen.org>
List-Unsubscribe: <https://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <https://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Errors-To: xen-devel-bounces@lists.xen.org
Sender: "Xen-devel" <xen-devel-bounces@lists.xen.org>
X-Virus-Scanned: ClamAV using ClamSMTP

They are emulated by Xen, so they must not be mapped into Dom0 p2m.
Introduce a helper function to add the MMCFG areas to the list of
denied iomem regions for PVH Dom0.

Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>
---
Cc: Jan Beulich <jbeulich@suse.com>
Cc: Andrew Cooper <andrew.cooper3@citrix.com>
---
Changes since RFC:
 - Introduce as helper instead of exposing the internal mmcfg
   variables to the Dom0 builder.
---
 xen/arch/x86/dom0_build.c         |  4 ++++
 xen/arch/x86/x86_64/mmconfig_64.c | 21 +++++++++++++++++++++
 xen/include/xen/pci.h             |  2 ++
 3 files changed, 27 insertions(+)

diff --git a/xen/arch/x86/dom0_build.c b/xen/arch/x86/dom0_build.c
index 0c125e61eb..3e0910d779 100644
--- a/xen/arch/x86/dom0_build.c
+++ b/xen/arch/x86/dom0_build.c
@@ -440,6 +440,10 @@ int __init dom0_setup_permissions(struct domain *d)
             rc |= rangeset_add_singleton(mmio_ro_ranges, mfn);
     }
 
+    /* For PVH prevent access to the MMCFG areas. */
+    if ( dom0_pvh )
+        rc |= pci_mmcfg_set_domain_permissions(d);
+
     return rc;
 }
 
diff --git a/xen/arch/x86/x86_64/mmconfig_64.c b/xen/arch/x86/x86_64/mmconfig_64.c
index e84a67dfc4..271fad407f 100644
--- a/xen/arch/x86/x86_64/mmconfig_64.c
+++ b/xen/arch/x86/x86_64/mmconfig_64.c
@@ -15,6 +15,8 @@
 #include <xen/pci_regs.h>
 #include <xen/iommu.h>
 #include <xen/rangeset.h>
+#include <xen/sched.h>
+#include <xen/iocap.h>
 
 #include "mmconfig.h"
 
@@ -175,6 +177,25 @@ void pci_mmcfg_arch_disable(unsigned int idx)
            cfg->pci_segment, cfg->start_bus_number, cfg->end_bus_number);
 }
 
+int pci_mmcfg_set_domain_permissions(struct domain *d)
+{
+    unsigned int idx;
+    int rc = 0;
+
+    for ( idx = 0; idx < pci_mmcfg_config_num; idx++ )
+    {
+        const struct acpi_mcfg_allocation *cfg = pci_mmcfg_virt[idx].cfg;
+        unsigned long start = PFN_DOWN(cfg->address) +
+                              PCI_BDF(cfg->start_bus_number, 0, 0);
+        unsigned long end = PFN_DOWN(cfg->address) +
+                            PCI_BDF(cfg->end_bus_number, ~0, ~0);
+
+        rc |= iomem_deny_access(d, start, end);
+    }
+
+    return rc;
+}
+
 bool_t pci_mmcfg_decode(unsigned long mfn, unsigned int *seg,
                         unsigned int *bdf)
 {
diff --git a/xen/include/xen/pci.h b/xen/include/xen/pci.h
index 59b6e8a81c..ea6a66b248 100644
--- a/xen/include/xen/pci.h
+++ b/xen/include/xen/pci.h
@@ -170,4 +170,6 @@ int msixtbl_pt_register(struct domain *, struct pirq *, uint64_t gtable);
 void msixtbl_pt_unregister(struct domain *, struct pirq *);
 void msixtbl_pt_cleanup(struct domain *d);
 
+int pci_mmcfg_set_domain_permissions(struct domain *d);
+
 #endif /* __XEN_PCI_H__ */