From patchwork Mon Sep 11 04:37:49 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Haozhong Zhang <haozhong.zhang@intel.com>
X-Patchwork-Id: 9946599
Return-Path: <xen-devel-bounces@lists.xen.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	7CA28603F4 for <patchwork-xen-devel@patchwork.kernel.org>;
	Mon, 11 Sep 2017 04:42:00 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 6FE7928ABE
	for <patchwork-xen-devel@patchwork.kernel.org>;
	Mon, 11 Sep 2017 04:42:00 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 61DAD28AD7; Mon, 11 Sep 2017 04:42:00 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.2 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_MED
	autolearn=ham version=3.3.1
Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120])
	(using TLSv1.2 with cipher AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id D88FA28ABE
	for <patchwork-xen-devel@patchwork.kernel.org>;
	Mon, 11 Sep 2017 04:41:59 +0000 (UTC)
Received: from localhost ([127.0.0.1] helo=lists.xenproject.org)
	by lists.xenproject.org with esmtp (Exim 4.84_2)
	(envelope-from <xen-devel-bounces@lists.xen.org>)
	id 1drGUx-0001G1-IM; Mon, 11 Sep 2017 04:39:03 +0000
Received: from mail6.bemta6.messagelabs.com ([193.109.254.103])
	by lists.xenproject.org with esmtp (Exim 4.84_2)
	(envelope-from <haozhong.zhang@intel.com>) id 1drGUw-0001Ep-Dp
	for xen-devel@lists.xen.org; Mon, 11 Sep 2017 04:39:02 +0000
Received: from [193.109.254.147] by server-11.bemta-6.messagelabs.com id
	1F/B0-03616-56316B95; Mon, 11 Sep 2017 04:39:01 +0000
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFuphkeJIrShJLcpLzFFi42Jpa+sQ0U0R3hZ
	pcOWkjcWSj4tZHBg9ju7+zRTAGMWamZeUX5HAmtH3v5WtoNWgYunR1ywNjBvUuxi5OIQEpjNK
	XH/aw9LFyMkhIcArcWTZDFYIO0DiQt96RoiiXkaJ8zfuM4Ek2AT0JVY8PghWJCIgLXHt82WwI
	maBI0wSexeeAJrEwSEsEC7R9lYExGQRUJVY3SoJUs4rYCux7fISRoj58hK72i6CjeEUsJM4+P
	IdM4gtBFSz4PQC1gmMvAsYGVYxahSnFpWlFukameslFWWmZ5TkJmbm6BoamOnlphYXJ6an5iQ
	mFesl5+duYgSGAwMQ7GBcvDbwEKMkB5OSKO+741sihfiS8lMqMxKLM+KLSnNSiw8xanBwCGxe
	u/oCoxRLXn5eqpIE7xnBbZFCgkWp6akVaZk5wICFKZXg4FES4V0EkuYtLkjMLc5Mh0idYjTm+
	DHpyh8mjo6bd/8wCYFNkhLn3QxSKgBSmlGaBzcIFkmXGGWlhHkZgc4U4ilILcrNLEGVf8Uozs
	GoJMwrIwQ0hSczrwRu3yugU5iATuG5tAXklJJEhJRUA2PEnflcSptWPdgsyRr6YYqQwcrrduY
	/uH56/729pE3itpvplR0ai5drLDy09IyXrYJAc+rlHSkit+bGyjRbfzjVdsR+i8nHoOJ1jCce
	uLXaTU9X5PHLSDLoeMi4/frnOvbCA2tibnKt47qZFqQR/SVMvMqLy6Hdiy1q54OLjKFGZ0IvR
	VtFOSuxFGckGmoxFxUnAgBK0aYAnwIAAA==
X-Env-Sender: haozhong.zhang@intel.com
X-Msg-Ref: server-2.tower-27.messagelabs.com!1505104735!56506342!3
X-Originating-IP: [134.134.136.20]
X-SpamReason: No, hits=0.0 required=7.0 tests=sa_preprocessor:
	VHJ1c3RlZCBJUDogMTM0LjEzNC4xMzYuMjAgPT4gMzU1MzU4\n
X-StarScan-Received: 
X-StarScan-Version: 9.4.45; banners=-,-,-
X-VirusChecked: Checked
Received: (qmail 47689 invoked from network); 11 Sep 2017 04:39:00 -0000
Received: from mga02.intel.com (HELO mga02.intel.com) (134.134.136.20)
	by server-2.tower-27.messagelabs.com with DHE-RSA-AES256-GCM-SHA384
	encrypted SMTP; 11 Sep 2017 04:39:00 -0000
Received: from fmsmga002.fm.intel.com ([10.253.24.26])
	by orsmga101.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
	10 Sep 2017 21:39:00 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos; i="5.42,376,1500966000"; d="scan'208";
	a="1217078310"
Received: from hz-desktop.sh.intel.com (HELO localhost) ([10.239.159.142])
	by fmsmga002.fm.intel.com with ESMTP; 10 Sep 2017 21:38:58 -0700
From: Haozhong Zhang <haozhong.zhang@intel.com>
To: xen-devel@lists.xen.org
Date: Mon, 11 Sep 2017 12:37:49 +0800
Message-Id: <20170911043820.14617-9-haozhong.zhang@intel.com>
X-Mailer: git-send-email 2.11.0
In-Reply-To: <20170911043820.14617-1-haozhong.zhang@intel.com>
References: <20170911043820.14617-1-haozhong.zhang@intel.com>
Cc: Haozhong Zhang <haozhong.zhang@intel.com>,
	Andrew Cooper <andrew.cooper3@citrix.com>,
	Jan Beulich <jbeulich@suse.com>, Shane Wang <shane.wang@intel.com>,
	Chao Peng <chao.p.peng@linux.intel.com>,
	Dan Williams <dan.j.williams@intel.com>, Gang Wei <gang.wei@intel.com>
Subject: [Xen-devel] [RFC XEN PATCH v3 08/39] xen/pmem: hide NFIT and deny
	access to PMEM from Dom0
X-BeenThere: xen-devel@lists.xen.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: Xen developer discussion <xen-devel.lists.xen.org>
List-Unsubscribe: <https://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <https://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
MIME-Version: 1.0
Errors-To: xen-devel-bounces@lists.xen.org
Sender: "Xen-devel" <xen-devel-bounces@lists.xen.org>
X-Virus-Scanned: ClamAV using ClamSMTP

... to avoid the inference with the PMEM driver and management
utilities in Dom0.

Signed-off-by: Haozhong Zhang <haozhong.zhang@intel.com>
---
Cc: Jan Beulich <jbeulich@suse.com>
Cc: Andrew Cooper <andrew.cooper3@citrix.com>
Cc: Gang Wei <gang.wei@intel.com>
Cc: Shane Wang <shane.wang@intel.com>
---
 xen/arch/x86/acpi/power.c |  7 +++++++
 xen/arch/x86/dom0_build.c |  5 +++++
 xen/arch/x86/shutdown.c   |  3 +++
 xen/arch/x86/tboot.c      |  4 ++++
 xen/common/kexec.c        |  3 +++
 xen/common/pmem.c         | 21 +++++++++++++++++++++
 xen/drivers/acpi/nfit.c   | 21 +++++++++++++++++++++
 xen/include/xen/acpi.h    |  2 ++
 xen/include/xen/pmem.h    | 13 +++++++++++++
 9 files changed, 79 insertions(+)

diff --git a/xen/arch/x86/acpi/power.c b/xen/arch/x86/acpi/power.c
index 1e4e5680a7..d135715a49 100644
--- a/xen/arch/x86/acpi/power.c
+++ b/xen/arch/x86/acpi/power.c
@@ -178,6 +178,10 @@ static int enter_state(u32 state)
 
     freeze_domains();
 
+#ifdef CONFIG_NVDIMM_PMEM
+    acpi_nfit_reinstate();
+#endif
+
     acpi_dmar_reinstate();
 
     if ( (error = disable_nonboot_cpus()) )
@@ -260,6 +264,9 @@ static int enter_state(u32 state)
     mtrr_aps_sync_end();
     adjust_vtd_irq_affinities();
     acpi_dmar_zap();
+#ifdef CONFIG_NVDIMM_PMEM
+    acpi_nfit_zap();
+#endif
     thaw_domains();
     system_state = SYS_STATE_active;
     spin_unlock(&pm_lock);
diff --git a/xen/arch/x86/dom0_build.c b/xen/arch/x86/dom0_build.c
index f616b99ddc..10741e865a 100644
--- a/xen/arch/x86/dom0_build.c
+++ b/xen/arch/x86/dom0_build.c
@@ -8,6 +8,7 @@
 #include <xen/iocap.h>
 #include <xen/libelf.h>
 #include <xen/pfn.h>
+#include <xen/pmem.h>
 #include <xen/sched.h>
 #include <xen/sched-if.h>
 #include <xen/softirq.h>
@@ -452,6 +453,10 @@ int __init dom0_setup_permissions(struct domain *d)
             rc |= rangeset_add_singleton(mmio_ro_ranges, mfn);
     }
 
+#ifdef CONFIG_NVDIMM_PMEM
+    rc |= pmem_dom0_setup_permission(d);
+#endif
+
     return rc;
 }
 
diff --git a/xen/arch/x86/shutdown.c b/xen/arch/x86/shutdown.c
index a87aa60add..1902dfe73e 100644
--- a/xen/arch/x86/shutdown.c
+++ b/xen/arch/x86/shutdown.c
@@ -550,6 +550,9 @@ void machine_restart(unsigned int delay_millisecs)
 
     if ( tboot_in_measured_env() )
     {
+#ifdef CONFIG_NVDIMM_PMEM
+        acpi_nfit_reinstate();
+#endif
         acpi_dmar_reinstate();
         tboot_shutdown(TB_SHUTDOWN_REBOOT);
     }
diff --git a/xen/arch/x86/tboot.c b/xen/arch/x86/tboot.c
index 59d7c477f4..24e3b81ff1 100644
--- a/xen/arch/x86/tboot.c
+++ b/xen/arch/x86/tboot.c
@@ -488,6 +488,10 @@ int __init tboot_parse_dmar_table(acpi_table_handler dmar_handler)
     /* but dom0 will read real table, so must zap it there too */
     acpi_dmar_zap();
 
+#ifdef CONFIG_NVDIMM_PMEM
+    acpi_nfit_zap();
+#endif
+
     return rc;
 }
 
diff --git a/xen/common/kexec.c b/xen/common/kexec.c
index fcc68bd4d8..c8c6138e71 100644
--- a/xen/common/kexec.c
+++ b/xen/common/kexec.c
@@ -366,6 +366,9 @@ static int kexec_common_shutdown(void)
     watchdog_disable();
     console_start_sync();
     spin_debug_disable();
+#ifdef CONFIG_NVDIMM_PMEM
+    acpi_nfit_reinstate();
+#endif
     acpi_dmar_reinstate();
 
     return 0;
diff --git a/xen/common/pmem.c b/xen/common/pmem.c
index 49648222a6..c9f5f6e904 100644
--- a/xen/common/pmem.c
+++ b/xen/common/pmem.c
@@ -18,6 +18,8 @@
 
 #include <xen/errno.h>
 #include <xen/list.h>
+#include <xen/iocap.h>
+#include <xen/paging.h>
 #include <xen/pmem.h>
 
 /*
@@ -128,3 +130,22 @@ int pmem_register(unsigned long smfn, unsigned long emfn, unsigned int pxm)
 
     return rc;
 }
+
+#ifdef CONFIG_X86
+
+int __init pmem_dom0_setup_permission(struct domain *d)
+{
+    struct list_head *cur;
+    struct pmem *pmem;
+    int rc = 0;
+
+    list_for_each(cur, &pmem_raw_regions)
+    {
+        pmem = list_entry(cur, struct pmem, link);
+        rc |= iomem_deny_access(d, pmem->smfn, pmem->emfn - 1);
+    }
+
+    return rc;
+}
+
+#endif /* CONFIG_X86 */
diff --git a/xen/drivers/acpi/nfit.c b/xen/drivers/acpi/nfit.c
index 68750c2edc..5f34cf2464 100644
--- a/xen/drivers/acpi/nfit.c
+++ b/xen/drivers/acpi/nfit.c
@@ -179,6 +179,24 @@ static void __init acpi_nfit_register_pmem(struct acpi_nfit_desc *desc)
     }
 }
 
+void acpi_nfit_zap(void)
+{
+    uint32_t sig = 0x4e494654; /* "TFIN" */
+
+    if ( nfit_desc.acpi_table )
+        write_atomic((uint32_t *)&nfit_desc.acpi_table->header.signature[0],
+                     sig);
+}
+
+void acpi_nfit_reinstate(void)
+{
+    uint32_t sig = 0x5449464e; /* "NFIT" */
+
+    if ( nfit_desc.acpi_table )
+        write_atomic((uint32_t *)&nfit_desc.acpi_table->header.signature[0],
+                     sig);
+}
+
 void __init acpi_nfit_boot_init(void)
 {
     acpi_status status;
@@ -193,6 +211,9 @@ void __init acpi_nfit_boot_init(void)
     map_pages_to_xen((unsigned long)nfit_desc.acpi_table, PFN_DOWN(nfit_addr),
                      PFN_UP(nfit_addr + nfit_len) - PFN_DOWN(nfit_addr),
                      PAGE_HYPERVISOR);
+
+    /* Hide NFIT from Dom0. */
+    acpi_nfit_zap();
 }
 
 void __init acpi_nfit_init(void)
diff --git a/xen/include/xen/acpi.h b/xen/include/xen/acpi.h
index 088f01255d..77188193d0 100644
--- a/xen/include/xen/acpi.h
+++ b/xen/include/xen/acpi.h
@@ -186,6 +186,8 @@ bool acpi_nfit_boot_search_pmem(unsigned long smfn, unsigned long emfn,
                                 unsigned long *ret_smfn,
                                 unsigned long *ret_emfn);
 void acpi_nfit_init(void);
+void acpi_nfit_zap(void);
+void acpi_nfit_reinstate(void);
 #endif /* CONFIG_NVDIMM_PMEM */
 
 #endif /*_LINUX_ACPI_H*/
diff --git a/xen/include/xen/pmem.h b/xen/include/xen/pmem.h
index 41cb9bb04f..d5bd54ff19 100644
--- a/xen/include/xen/pmem.h
+++ b/xen/include/xen/pmem.h
@@ -24,5 +24,18 @@
 
 int pmem_register(unsigned long smfn, unsigned long emfn, unsigned int pxm);
 
+#ifdef CONFIG_X86
+
+int pmem_dom0_setup_permission(struct domain *d);
+
+#else /* !CONFIG_X86 */
+
+static inline int pmem_dom0_setup_permission(...)
+{
+    return -ENOSYS;
+}
+
+#endif /* CONFIG_X86 */
+
 #endif /* CONFIG_NVDIMM_PMEM */
 #endif /* __XEN_PMEM_H__ */