From patchwork Mon Jul 18 21:15:42 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Volodymyr Babchuk X-Patchwork-Id: 12921787 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id C35F5CCA479 for ; Mon, 18 Jul 2022 21:16:13 +0000 (UTC) Received: from list by lists.xenproject.org with outflank-mailman.370121.601771 (Exim 4.92) (envelope-from ) id 1oDY5q-0003xh-Al; Mon, 18 Jul 2022 21:15:54 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 370121.601771; Mon, 18 Jul 2022 21:15:54 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oDY5q-0003xa-6k; Mon, 18 Jul 2022 21:15:54 +0000 Received: by outflank-mailman (input) for mailman id 370121; Mon, 18 Jul 2022 21:15:53 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1oDY5o-0003xU-UL for xen-devel@lists.xenproject.org; Mon, 18 Jul 2022 21:15:53 +0000 Received: from mx0b-0039f301.pphosted.com (mx0b-0039f301.pphosted.com [148.163.137.242]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id cc83e0d7-06de-11ed-924f-1f966e50362f; Mon, 18 Jul 2022 23:15:51 +0200 (CEST) Received: from pps.filterd (m0174680.ppops.net [127.0.0.1]) by mx0b-0039f301.pphosted.com (8.17.1.5/8.17.1.5) with ESMTP id 26IImA9Q005163; Mon, 18 Jul 2022 21:15:45 GMT Received: from eur03-ve1-obe.outbound.protection.outlook.com (mail-ve1eur03lp2051.outbound.protection.outlook.com [104.47.9.51]) by mx0b-0039f301.pphosted.com (PPS) with ESMTPS id 3hcrm7v72d-2 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 18 Jul 2022 21:15:45 +0000 Received: from VI1PR03MB3710.eurprd03.prod.outlook.com (2603:10a6:803:31::18) by VI1PR03MB6288.eurprd03.prod.outlook.com (2603:10a6:800:134::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5438.23; Mon, 18 Jul 2022 21:15:42 +0000 Received: from VI1PR03MB3710.eurprd03.prod.outlook.com ([fe80::3db3:dad:7bd7:4488]) by VI1PR03MB3710.eurprd03.prod.outlook.com ([fe80::3db3:dad:7bd7:4488%7]) with mapi id 15.20.5417.035; Mon, 18 Jul 2022 21:15:42 +0000 X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: cc83e0d7-06de-11ed-924f-1f966e50362f ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=lOBvARjaHrV3kFe71EpnIPF63BTk02OQMSqRhEm/9mhND9KUnKZVyLrDfe+Qx48F53fZVI7qWgVjW6kEHLKalHeqhsWoSzWBQh3zoYBbXNBtjmV08r8TuII4DA/bLOM7J5ahL7SwNdOCmP1DLv8AUtPSF/0NH6SBY3wkoK/h3WhWiFBQ0B6kCoA6NcFPs41Ig02J7d+A64sqEoKdjI13zn0UXm516VNKsRttcaxV09bfNfhU3aOxJsRdfeBEE0MI1J4E9c0PAOq8EhPUExXhRZclXXDZzo2aVdzGSh5woMBCaA6bIHvHRfF0lIOj0QFY0xguM4w/K7tCFleGPYLAFA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=T4aVJIa9/bhaGhacjrCd+o+XlsceCPV6UM3umTjKOTc=; b=n8qkOFGJQmMVVy6/LZvbhb0O+57XTg7pVSb57KZJWjUAJEUViTphNQpaAdw/y7iMqYR7U1fDtTEBi8fxB4zDF5REXYReMoIIu1OiDgjwInmXYM7gJ6RWpYRR3U2Cx3UqEiSUlAYSslEzRXuoogQHs9ON1hweC0MtyE0C7yc2xrA9JGHFWf/WqbIl9E0+N2rYO8ZvcczDrly8foiO65IQFHoXRYPgPmX10X+ThKHKUuaagKXqbbA9DVj6JbHDqisObYcXBphNwXXlyneNLlGuzciIXAEeXrCOQCqzPqCAmPJ/cMTf2lqa02knDcMlfCH7+/W2I5eR11kkZOxLXkSSBA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=epam.com; dmarc=pass action=none header.from=epam.com; dkim=pass header.d=epam.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=epam.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=T4aVJIa9/bhaGhacjrCd+o+XlsceCPV6UM3umTjKOTc=; b=pLuqQgdYNZhHAHmIRlXCWNS3CQQBS5nHJxJz1tEUUk603gilKpLuCU4/X89r2H790gU+kBNmV72+OgNgfxo+vXFPJIZDFF5v2aAw/BffzXDgb/FR90iPUlJI+w9JVdVvCmPKfviNiTKi2+5ZUO9KqVRrCPANGR733SJ4fqr1rrao+pY21paHEcloIE7X70hZPVkL9EgArIcePZsMAnnmRDc2wp3OhgHeBJYv+21EfIIBu31lFgNR7+w3LnqQ2CArVWdL+HQeLd1I0biTuUUm7FM7anHkHkuDNXAgq69OCD1G7mpd0jYIeY9PVGyAus5vjfeh+SMhZ8pOGpN++XVWGQ== From: Volodymyr Babchuk To: "xen-devel@lists.xenproject.org" CC: Oleksandr Andrushchenko , =?utf-8?q?Ro?= =?utf-8?q?ger_Pau_Monn=C3=A9?= Subject: [PATCH v2 2/4] vpci: restrict unhandled read/write operations for guests Thread-Topic: [PATCH v2 2/4] vpci: restrict unhandled read/write operations for guests Thread-Index: AQHYmuuJ9rK3Yz1P9ESDEYkc1v52zw== Date: Mon, 18 Jul 2022 21:15:42 +0000 Message-ID: <20220718211521.664729-3-volodymyr_babchuk@epam.com> References: <20220718211521.664729-1-volodymyr_babchuk@epam.com> In-Reply-To: <20220718211521.664729-1-volodymyr_babchuk@epam.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-mailer: git-send-email 2.36.1 x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 7c438cfa-7cae-43d5-c2c9-08da6902ac28 x-ms-traffictypediagnostic: VI1PR03MB6288:EE_ x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: 0aRk/lKutfhDcHfnwhIMWg7jFqWqRhnFnjh8ea1V//kZgSesLkPYXPaAFBeqH+NreOmciL1gjH0ImHZ1LgssGVeBbAVL/hJj/20H0JHtxf1SZMXFOFMiysF3EU3CiPWLuZs5uyZjSINvDMylanO2z2zdHcNBAWvdnV1CR96Npwi3zYwZsVgmwD/OIJ9+8+KwCrtCYeSgy/xMjPHAooGiXUTedAr53LmuMGoEWyJ38/VzS0wUEdFPEoiho7VazuRQ6u3Q2gpVANGREsWdYF4e5JlW26IEttNoE4bMTQaaY47Q6unhWhZP6oBjekNnZCQN4RTCxMBqOkkR0ReMpzsvAiMXXtTIo5BOISzzla8V1Qt2vWL3i/0KcCZo5nDxnY9NgRKEXZmjZdrsii6e7jwrrdgXkaigF91CSG+SwaD70ZGCDkQuhvzE/PTKs9BYbTF7wVPYsr1iHw0328JX5bfqzO5enEZhzcRojU+bZgsT+UGnxXEHSxsPApMIa5t37LPxyjY1fJzEzf6xhFXGjbtA2urf9BXqgeHReaMo8aWcofgr8U/uMqp8mhDjtlwA4k7ZIqJlWZZYWw5v17qfKpOFBNq2IUwhXu50DLCikY18JFXjXeXEmhsRYzOTzS2RvY+JACw57YWJZnPxiI0hbEY+RGJ6dAV5wS5sUnH/bK6Z10x/aNjepzmwCs7gALZQumpawLGfMZadooQ5fkRET1IbkVErf8at6t+aSwTYMBCMdscbB3H69/zmNgHcVye9/LTY+VXQQhBYQZdihs9Owrb1s0TsUUeIN1KMdWrtoloYHFzzu+IJUrjj9/z2IO4E2bDL x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:VI1PR03MB3710.eurprd03.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230016)(4636009)(396003)(136003)(346002)(39860400002)(366004)(376002)(2906002)(5660300002)(8936002)(36756003)(186003)(4326008)(86362001)(91956017)(64756008)(66946007)(66556008)(8676002)(66446008)(66476007)(76116006)(122000001)(6506007)(478600001)(316002)(2616005)(6512007)(6916009)(26005)(54906003)(6486002)(55236004)(1076003)(41300700001)(38070700005)(83380400001)(38100700002)(71200400001);DIR:OUT;SFP:1101; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?utf-8?q?EZMDCXNj5d2pPOlvkbC/bJB67wOI?= =?utf-8?q?m6IEnPiiV3Ut3Zu6FN/kyuHEuppS+3eOoDcOnyldBB1GhrKJY/vnbYPbm96HkY65C?= =?utf-8?q?OP+yELuaH2XTLM8RuuHG7JcJXiALsTg+CiN/mzJ+fiUfRcW7TKBNC5mQSnrM8KYoH?= =?utf-8?q?3AoA3I64uj1QIqb5uLkT8ikJP9zn5Dj67Flg5zvfDkv3392NIePaM/at4ToiMrAAE?= =?utf-8?q?dN1z4HJDuvTxZ8+0IWd/IVme11n5lGicpTf3KcNO/aOEBNpp3HYKjdPjBVVXPSWp4?= =?utf-8?q?r90lzr7JVOtr8zk4fkkPeQDcfFkq85CxfjJqyyZFgxsoG0XNf5o5a3oS6Mt1IQfwk?= =?utf-8?q?MipPvAzhgnZv1Ut8kMgo9ilZtJrWRCD5FmqBG52ZjglTUtXEernfBKsg2/7ORUTMg?= =?utf-8?q?I4yd4mfBdzkIXwhZI5X941PRWFYkPbzfIhb8Jb7Br8ORFsg+4/4BvFuB4GgpkKyLT?= =?utf-8?q?NuWlzFdLCkwwwrPY+moncCm8xU4VcEkAdbCGkhBCoRkBYAubEEyr3JB43zTp1r1Xu?= =?utf-8?q?Sz7gx+TdRT0RQC7RPm157Xa6ErvhM510+1CPcO6BMnLpRmKUdaUx9eP6035Vl0giQ?= =?utf-8?q?j+DK6BU/30YM6p0T2aU1G35V8Irr2TkXnpCgC3eUIw8MJs5rbRgIoQRALvAx1PRA7?= =?utf-8?q?eXKfDTbRcHmFbH5B/Lkl5MaUVRzRrQgrk8Jzo8cDWX/0b6jJqSDIBu9AlqDqEcnRY?= =?utf-8?q?hx2202v9xMjl29ChsQ9NQ1KdEv0mitccOXhJ6VSKkLuAmomIgLJn0wa4ve8BPwbQX?= =?utf-8?q?9/8kl6hdnLCJJQZl9SE/w1F7BtG1dwmI+pll4wsVtxKB6ul+QNTW3lR4Eu91G0rDJ?= =?utf-8?q?NnbkeiEvReUe2Pi0t9eQ2fEs68kwtRXaJGAxTvfUETtXi4ZlTkxNigHUNn7+jssYd?= =?utf-8?q?HNdCOGV5tKfyOA9UHpZVeb1Ry7bmMVjwLc72MK7blG/JvO7Hdm2KzvfD27k66ZANx?= =?utf-8?q?9rCW4Mzh9dHL26h3EVqWeegBSbaNLQXl16g+S1q9OFWinb0Q+W4BxkYtc5OkKq3Ia?= =?utf-8?q?Xc/oIsgDwq+aoZiBsYDSay235bUE8224A9UH5jsROz7R82JMUtkjRMw7/w6jk/hRR?= =?utf-8?q?NjtBHCJaxfvzLKwypoTw+DfRevknB/SBX2ckMWivhQ9dUjct0YXI5cEk+gZW6LcuU?= =?utf-8?q?LMoOhnhG+Kihg+JiV+CQA+3Wy2W3P6j5b2ky7WjuWn+FJitvBYr/z1P7m+e9qwXaG?= =?utf-8?q?hD64h5SkFCvGFPiBg3A5fkFF0BWl1gRWyDFT2yWK0R4KNiv3NxS2/x3p5FFQVjxOs?= =?utf-8?q?JiU1luN633BYDZl+hm1RjYJyoEnwoBQ2A6wtGOfAkSbU3ZkS53y8W5fZnBwhI0c91?= =?utf-8?q?1G6KPpEtlpcFKhKsvN1b+7lsnN1dwTszNWhg56zCwiplVLmdKeDkuCRjTULVpOh2U?= =?utf-8?q?bEP+wDTbO8D9gWsJ2F0Egx4+jceYyRPkqLmlDVTtgYTOSQuqQYdSS9x/pOKHo5A1x?= =?utf-8?q?TuNTDWd9SRWzYIA+NvBlEn5tV3TpTEpS3OdEmsX3hF2wkbjzn0YiuzoGgz4ZnLMs+?= =?utf-8?q?vn88dElOuTK8HP4xZxh/lFOphju6bX+nuA=3D=3D?= Content-ID: <1D95F0D67B20544C809C0743122493D2@eurprd03.prod.outlook.com> MIME-Version: 1.0 X-OriginatorOrg: epam.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: VI1PR03MB3710.eurprd03.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 7c438cfa-7cae-43d5-c2c9-08da6902ac28 X-MS-Exchange-CrossTenant-originalarrivaltime: 18 Jul 2022 21:15:42.4925 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: b41b72d0-4e9f-4c26-8a69-f949f367c91d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: N04M2wFrNwB4re/zwa2o9dMddffbO+wlqVD1+mOHiqUwdTrhK7RtLS1z5KJp8UGlfi15Ib+Ve6tUZkJaE206t4KHIsO75qXdfDqgMkadR2Q= X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR03MB6288 X-Proofpoint-GUID: zhFlXhG--pwUbkfipFwlwnGzJ__2JklR X-Proofpoint-ORIG-GUID: zhFlXhG--pwUbkfipFwlwnGzJ__2JklR X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.883,Hydra:6.0.517,FMLib:17.11.122.1 definitions=2022-07-18_20,2022-07-18_01,2022-06-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 malwarescore=0 phishscore=0 lowpriorityscore=0 mlxscore=0 bulkscore=0 impostorscore=0 priorityscore=1501 adultscore=0 spamscore=0 mlxlogscore=999 suspectscore=0 clxscore=1015 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2206140000 definitions=main-2207180089 From: Oleksandr Andrushchenko A guest would be able to read and write those registers which are not emulated and have no respective vPCI handlers, so it will be possible for it to access the hardware directly. In order to prevent a guest from reads and writes from/to the unhandled registers make sure only hardware domain can access the hardware directly and restrict guests from doing so. Suggested-by: Roger Pau Monné Signed-off-by: Oleksandr Andrushchenko --- Since v6: - do not use is_hwdom parameter for vpci_{read|write}_hw and use current->domain internally - update commit message New in v6 Moved into another series --- xen/drivers/vpci/vpci.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/xen/drivers/vpci/vpci.c b/xen/drivers/vpci/vpci.c index 9fb3c05b2b..c7a40a2f41 100644 --- a/xen/drivers/vpci/vpci.c +++ b/xen/drivers/vpci/vpci.c @@ -215,6 +215,10 @@ static uint32_t vpci_read_hw(pci_sbdf_t sbdf, unsigned int reg, { uint32_t data; + /* Guest domains are not allowed to read real hardware. */ + if ( !is_hardware_domain(current->domain) ) + return ~(uint32_t)0; + switch ( size ) { case 4: @@ -255,9 +259,13 @@ static uint32_t vpci_read_hw(pci_sbdf_t sbdf, unsigned int reg, return data; } -static void vpci_write_hw(pci_sbdf_t sbdf, unsigned int reg, unsigned int size, - uint32_t data) +static void vpci_write_hw(pci_sbdf_t sbdf, unsigned int reg, + unsigned int size, uint32_t data) { + /* Guest domains are not allowed to write real hardware. */ + if ( !is_hardware_domain(current->domain) ) + return; + switch ( size ) { case 4: