From patchwork Tue Jun 13 10:32:27 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Volodymyr Babchuk X-Patchwork-Id: 13278332 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 6B7E4C88CB4 for ; Tue, 13 Jun 2023 10:33:14 +0000 (UTC) Received: from list by lists.xenproject.org with outflank-mailman.547996.855705 (Exim 4.92) (envelope-from ) id 1q91KM-0001jG-DM; Tue, 13 Jun 2023 10:32:42 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 547996.855705; Tue, 13 Jun 2023 10:32:42 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1q91KM-0001j9-Am; Tue, 13 Jun 2023 10:32:42 +0000 Received: by outflank-mailman (input) for mailman id 547996; Tue, 13 Jun 2023 10:32:41 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1q91KK-0001il-Ve for xen-devel@lists.xenproject.org; Tue, 13 Jun 2023 10:32:41 +0000 Received: from mx0b-0039f301.pphosted.com (mx0b-0039f301.pphosted.com [148.163.137.242]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id 9d71503e-09d5-11ee-8611-37d641c3527e; Tue, 13 Jun 2023 12:32:37 +0200 (CEST) Received: from pps.filterd (m0174683.ppops.net [127.0.0.1]) by mx0b-0039f301.pphosted.com (8.17.1.5/8.17.1.5) with ESMTP id 35DAO5KY019280; Tue, 13 Jun 2023 10:32:33 GMT Received: from eur05-am6-obe.outbound.protection.outlook.com (mail-am6eur05lp2106.outbound.protection.outlook.com [104.47.18.106]) by mx0b-0039f301.pphosted.com (PPS) with ESMTPS id 3r5yahmgn9-2 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 13 Jun 2023 10:32:33 +0000 Received: from VI1PR03MB3710.eurprd03.prod.outlook.com (2603:10a6:803:31::18) by DU0PR03MB9706.eurprd03.prod.outlook.com (2603:10a6:10:44e::5) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6455.33; Tue, 13 Jun 2023 10:32:30 +0000 Received: from VI1PR03MB3710.eurprd03.prod.outlook.com ([fe80::6fa2:d7b8:9bd4:1a51]) by VI1PR03MB3710.eurprd03.prod.outlook.com ([fe80::6fa2:d7b8:9bd4:1a51%5]) with mapi id 15.20.6455.045; Tue, 13 Jun 2023 10:32:28 +0000 X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 9d71503e-09d5-11ee-8611-37d641c3527e ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ECFcuEJk+JKFmeKInrb/bLSRIwP5S9Bje6ypSBeNHyWg91GQqmm1SIPw/kecxdrr9xHXYNEmGW9vVDX2hikzwTj7xwppk3L7xdeWYkjATDGieq3o3BLyafw8Hld2ALoPoGgThDyUNwVd1L1zwlEZldoDfwYpXuwKI7w0lsCUc79HjINkcFndjDzNQ0/4cUzYRJQEbSd2ifNq81HdQFMcnwIMRDaom1UQGOOjKrI9vN9sI+CJH+EpwYiSqgvdaPhry9cQQZOuZBerWCdWMRUc3CpBaKRP8q/CGG13S6QarTHzV2Lw4OEcgwFlZeTy0DtdPNwFwjN9l0nsEmxB8o9PMw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=pzQgHIvh4Yevy8ekMSaMLkJ3eNO1G8Dye2joimf+kvw=; b=Ra0yTTHywEBTBOL9yYWVFWcjIYwm/FS9zCVQu5wsMinN78qaZSQfO/UOLntd+eSXPWOTAhd/KVHA/XcYjt0yvlYmA6TsoazOZOSw87Po6bLd5klACbfs0aJgxgQGB1ILYDiRrTNyqWlI7obG/QX1875Xx6IU1mIEhtLS7d54Lhh6S8KXlGmGgrwnajH6KlM9bXJMykWAs8INsiC2j+nBUqUHY/8MHq2Fxhh8xJ0pKbFxKXphSRBdUYbsHolzt7RY9xJfu0XmnxQAbhSjVtM68FhHwKomdzJdOw9xmDgo5Mg/OjHbs1NHvDhVSpLM6AUCx7xsa1bgQJbpaGb/eLrEtQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=epam.com; dmarc=pass action=none header.from=epam.com; dkim=pass header.d=epam.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=epam.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=pzQgHIvh4Yevy8ekMSaMLkJ3eNO1G8Dye2joimf+kvw=; b=YAkov4b/MnMMcd6PeiCvlKiTspNK4CZIy4Z4WA1i7B8W+tFvTo9YMYU0c4adTFqLR9OXatLQ7Mnd0S1/EP2i7tpoeij/ZaZbKhqcjYQTsofh2WdZIhmC2Bn6dmOg6OG5AbQEj46IsgXHjBPlvldNpUblYMdkRksppCXX059CusZvDq3sE6fDJYL8EALqRSbvOUbYV3L3DJVev227vFSFrIBYmLF3YY6hwVTC+TNuUQgsW4JoZCE5a3rfOtjgqw1f8eEFz8HxiRBd8sjYjp+6ylwAnA7fG8rCTeOSAOyjayevF1+95cZzPAuZRYOycqqY4p31Uk+JV+h7BLOzysFNow== From: Volodymyr Babchuk To: "xen-devel@lists.xenproject.org" CC: Oleksandr Andrushchenko , =?utf-8?q?Ro?= =?utf-8?q?ger_Pau_Monn=C3=A9?= Subject: [PATCH v7 02/12] vpci: restrict unhandled read/write operations for guests Thread-Topic: [PATCH v7 02/12] vpci: restrict unhandled read/write operations for guests Thread-Index: AQHZneJZ4Y/QK9l300mPh5Vy/DhSyA== Date: Tue, 13 Jun 2023 10:32:27 +0000 Message-ID: <20230613103159.524763-3-volodymyr_babchuk@epam.com> References: <20230613103159.524763-1-volodymyr_babchuk@epam.com> In-Reply-To: <20230613103159.524763-1-volodymyr_babchuk@epam.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-mailer: git-send-email 2.40.1 x-ms-publictraffictype: Email x-ms-traffictypediagnostic: VI1PR03MB3710:EE_|DU0PR03MB9706:EE_ x-ms-office365-filtering-correlation-id: 79d0447c-84d2-47f5-9546-08db6bf97c63 x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: O2noGJvs/dXZu12yDA5fO3BXQvQbkhuceF/ZQPIFteTvrQDGkIYsxp/ZKrDi29YjuE1YirCXKqI6oE+IbMKsCNep0apkdGDWazvtNVQWe+hHtNbTm7vQ4yXtduQNuXQC592C6//bxNM4LNhFYxT5qiNLCpoj9KXbPwktgYy4qwwJJxVwMYhuKpzdDNSmYh9rh1EZXG24rQ/kGJx11CRszrXdd90sUOFAY0k/vRL3Cnu+ukJ1K+DwOMDX8kRI+ESc1wBf3fxFGiAaoQ2QaeSzRtJn7RIPa4eglLOwHVShUfx4oqOhEnaBS8Dskn0U7tPUlijxEA9ttNLqAODTkOM+OCypCTPPeE8QRK7Bma79Z+YwOnzBRvnPYmlORbSDI2XU7VbCjHV6Np4mvNeDi3aU1ptP+K04mHuB2S2xe5aJygu8B5fYde7OEzpI6b3dC5tkURSd/Pw5oFb0EEesHUEj/ifXStjUOpshjTsllLOc0Irip5QCRMb68XbEqABl58QYrZbnBLZDN3Jn+f8iUlDhMPEzNty8ZONRInNmMYtvHP9eEkNNGw4SUaqDxwGg9ZkmDRXQQdQdjAkfkRZz00Ozl0p+pTdL3P1fGbXOcyr+18KPdQa5d7q2bq61hgeOPLT4 x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:VI1PR03MB3710.eurprd03.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230028)(4636009)(39860400002)(396003)(376002)(136003)(346002)(366004)(451199021)(91956017)(64756008)(76116006)(66556008)(66446008)(4326008)(6916009)(66476007)(71200400001)(5660300002)(66946007)(41300700001)(8936002)(8676002)(316002)(36756003)(54906003)(83380400001)(478600001)(2906002)(6486002)(38100700002)(186003)(6506007)(26005)(1076003)(6512007)(86362001)(55236004)(38070700005)(2616005)(122000001);DIR:OUT;SFP:1101; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?utf-8?q?oyrf2bprg6k4M/f77/RMKXWNmYrS?= =?utf-8?q?DHVP+q/hBA//fkcAB8rcEhzMhiamz3kLfWvt+VGrqE80X7HT0rdFuusOaccCotp6q?= =?utf-8?q?LlIe1P5go6sxNqxi+kAtjvEfwW1VevklJ1Dqk4TSblXo5Yz/Ggpc0l0+9um+YscnY?= =?utf-8?q?UxyN0/+5ek3YTS6oAwHEUIuXPZtgCPk3k239UmWaw3FQXIwnK9ids+quXOX50BoId?= =?utf-8?q?OPdSEY4g5x0vXBVXioTM7f0e331SY9u7Easg564CNmZDAUruFzVCSBMho5ZtA4L4c?= =?utf-8?q?IS8i/dZeqGEZKtQi14+aWMfA8+/IRcaZzJYHlVbienLLbH4cyrLDOr39QZEgnLKq1?= =?utf-8?q?Vj3VAXqeSFOO5uH5UA29LTVXSjpZTUOH+J3oHt5SeLHl/anH8DJGGratd4YRhCv7h?= =?utf-8?q?Y/UxMSYiRRYS9+V6dfXI1o3tOEmwWe/iJUNupRK3x6XS00FPZam3j6CY+V8+qc7X0?= =?utf-8?q?OwruD9bGzTk0QAMvFd1ZgpG70MRmYvUbLRoMtugZoxpoTiJGlUbszSpSaBrImGuNM?= =?utf-8?q?wj9qrv4aFeXuANKZHm7wfPs9hAgDP2GEQAn4dZPdD7AFGV5Cfuk7TWH7J1i8a0e1s?= =?utf-8?q?QJ0MayTNr52rBvuXUEzLzDJT7SQtssF7y89qXu5XadCIzkSNEjUD7JU02O6nwRR2n?= =?utf-8?q?cM0WbgGZrlFvr7dyfk3dB8HT9Yj31d7MJa2ITwvOGsWFnx5PGy34YqATppc/ZCgf6?= =?utf-8?q?x9z/PaInwFRWWWm6tfcxY5Tj2xalsDa1zJIp9fzgIpKzds8YxPVcHcpO+VmxZM7/W?= =?utf-8?q?1Y1kf4TI3eLQ8qnwIa13jp/mEZ+WQUEOG2FxhjjQUb+aIbAdza211cxoAMYmyqSy9?= =?utf-8?q?xPvEaUs3GSN+UWwUrKLi3pIwPSYp2UdZBV89bkxyDejVuAOXUFe1uxCNBFerdQriK?= =?utf-8?q?nVb/IrB2T36QbMuIMDWpvBYPubSBJTu0ok+jxWWV4gaVqT6cLhJQMxSqrYsSr5erR?= =?utf-8?q?Afs6Jj7pMyD9jY9MsK9xmbUeJj1m2x07V4FEkiY2koMy8X1RaI+Tmon33bswjwOCJ?= =?utf-8?q?mFfWOTlJj3u6jBH01d7DmhiELt+oxslgNq35LYa5vaTXsWUwRU79KP1JCaYVDiBd3?= =?utf-8?q?VCzYEyhF+44uqExh3bR3knvH6eVEcbvfQd/DC8/kaDUpdf7CU/GHa/9Wb7PBHHREh?= =?utf-8?q?xYv4rTafTpDIPtYjpJK/+EY6sTVbpaN9kIL1Q4UQinuH/GQLamkCQIryPXZflxSX9?= =?utf-8?q?fA/uuD5QVYqa9C2du0lsJbWRDfwuP3NsHUfomm1qazPCdDQEpgDwUA/NikA2Nj/5G?= =?utf-8?q?I2lZsRvFOkMg291uZ8hXJZk/UlgAt2riw3HsndF+1+px4r5/9fU1y1aty4/omBljq?= =?utf-8?q?ZI5s5rESL8DUrH3LgxKoGoC4sEF0Nz81jdv/XJOhee2vLOjv1CXYjMSWs8pV0oYWl?= =?utf-8?q?dknaFB0OzGuKZqQi3OM593cI+YPEff94maYC7YyNM2ZxXzBJs1c+zifmGBWWDk8EW?= =?utf-8?q?aemAisTsfQIl+rqDbpdDIYr9IMyuaZFOiu1nxNjkcofaE2z3FB4w/xzrDPTCRziw/?= =?utf-8?q?R4QFfR2p1sGoQtwq8gaBbSxSIY/bsOxs8Q=3D=3D?= Content-ID: MIME-Version: 1.0 X-OriginatorOrg: epam.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: VI1PR03MB3710.eurprd03.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 79d0447c-84d2-47f5-9546-08db6bf97c63 X-MS-Exchange-CrossTenant-originalarrivaltime: 13 Jun 2023 10:32:27.2488 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: b41b72d0-4e9f-4c26-8a69-f949f367c91d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: E1YiMFiGL5YgB7NpFXpmEEm/3vvfLOZJrWb6NR3UXzGjLmcfPzg3WF3KY5VcojL4e7okg4LkPVeb8QxWUTGyNpQS/2tw8ZWPEfXUdwRO6BQ= X-MS-Exchange-Transport-CrossTenantHeadersStamped: DU0PR03MB9706 X-Proofpoint-GUID: R15PgsG3ft5Sxe8Pli3J6NwUJ4UZDr0z X-Proofpoint-ORIG-GUID: R15PgsG3ft5Sxe8Pli3J6NwUJ4UZDr0z X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.254,Aquarius:18.0.957,Hydra:6.0.573,FMLib:17.11.176.26 definitions=2023-06-13_04,2023-06-12_02,2023-05-22_02 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 mlxscore=0 suspectscore=0 mlxlogscore=999 spamscore=0 malwarescore=0 clxscore=1015 lowpriorityscore=0 bulkscore=0 priorityscore=1501 phishscore=0 impostorscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2305260000 definitions=main-2306130093 From: Oleksandr Andrushchenko A guest would be able to read and write those registers which are not emulated and have no respective vPCI handlers, so it will be possible for it to access the hardware directly. In order to prevent a guest from reads and writes from/to the unhandled registers make sure only hardware domain can access the hardware directly and restrict guests from doing so. Suggested-by: Roger Pau Monné Signed-off-by: Oleksandr Andrushchenko --- Since v6: - do not use is_hwdom parameter for vpci_{read|write}_hw and use current->domain internally - update commit message New in v6 --- xen/drivers/vpci/vpci.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/xen/drivers/vpci/vpci.c b/xen/drivers/vpci/vpci.c index 1270174e78..0b11d9c3f8 100644 --- a/xen/drivers/vpci/vpci.c +++ b/xen/drivers/vpci/vpci.c @@ -235,6 +235,10 @@ static uint32_t vpci_read_hw(pci_sbdf_t sbdf, unsigned int reg, { uint32_t data; + /* Guest domains are not allowed to read real hardware. */ + if ( !is_hardware_domain(current->domain) ) + return ~(uint32_t)0; + switch ( size ) { case 4: @@ -275,9 +279,13 @@ static uint32_t vpci_read_hw(pci_sbdf_t sbdf, unsigned int reg, return data; } -static void vpci_write_hw(pci_sbdf_t sbdf, unsigned int reg, unsigned int size, - uint32_t data) +static void vpci_write_hw(pci_sbdf_t sbdf, unsigned int reg, + unsigned int size, uint32_t data) { + /* Guest domains are not allowed to write real hardware. */ + if ( !is_hardware_domain(current->domain) ) + return; + switch ( size ) { case 4: