From patchwork Thu Jul 20 00:32:31 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Volodymyr Babchuk X-Patchwork-Id: 13319662 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 2FB8AC3DA40 for ; Thu, 20 Jul 2023 00:33:10 +0000 (UTC) Received: from list by lists.xenproject.org with outflank-mailman.566254.884838 (Exim 4.92) (envelope-from ) id 1qMHb2-0001Yj-R3; Thu, 20 Jul 2023 00:32:44 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 566254.884838; Thu, 20 Jul 2023 00:32:44 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1qMHb2-0001Yc-NX; Thu, 20 Jul 2023 00:32:44 +0000 Received: by outflank-mailman (input) for mailman id 566254; Thu, 20 Jul 2023 00:32:42 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1qMHb0-0001JN-Ok for xen-devel@lists.xenproject.org; Thu, 20 Jul 2023 00:32:42 +0000 Received: from mx0a-0039f301.pphosted.com (mx0a-0039f301.pphosted.com [148.163.133.242]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id ed2a2834-2694-11ee-8611-37d641c3527e; Thu, 20 Jul 2023 02:32:38 +0200 (CEST) Received: from pps.filterd (m0174678.ppops.net [127.0.0.1]) by mx0a-0039f301.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 36JMeiB3017190; Thu, 20 Jul 2023 00:32:36 GMT Received: from eur04-he1-obe.outbound.protection.outlook.com (mail-he1eur04lp2057.outbound.protection.outlook.com [104.47.13.57]) by mx0a-0039f301.pphosted.com (PPS) with ESMTPS id 3rxgyx9k43-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 20 Jul 2023 00:32:36 +0000 Received: from VI1PR03MB3710.eurprd03.prod.outlook.com (2603:10a6:803:31::18) by AS8PR03MB7783.eurprd03.prod.outlook.com (2603:10a6:20b:407::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6588.33; Thu, 20 Jul 2023 00:32:32 +0000 Received: from VI1PR03MB3710.eurprd03.prod.outlook.com ([fe80::68d2:d90f:ac32:7c85]) by VI1PR03MB3710.eurprd03.prod.outlook.com ([fe80::68d2:d90f:ac32:7c85%3]) with mapi id 15.20.6588.035; Thu, 20 Jul 2023 00:32:32 +0000 X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: ed2a2834-2694-11ee-8611-37d641c3527e ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=geA3nPDtFETcaj7QB62wA2L8PvdYFtir95WHhhHCjM2J8p1+pIz7CEx4pAHjtCP2X1O1eXAyMevTYCAk2iA+05YMXCKfMKbDQK5gTExYv4+xw79J4Lx22UdlUx3cjy6AKUqzEQ+hC5ByBkLKAFSXv9OmmIE4PjnWsZL3ZE7Iwy0Dk1bpE1Td8X6o13pE8y3YCK7s6LsumslZhvwmXtN6HbKYz5eGSR+3t5IAY1XeZn2NjtisBj85dOGZbXIjMigYiNXfidY6BhNRvCKkaMImeD/iUCwiGxY4pNzRzByitZARRdo/2aSfxLLK4Ub5laqqfOdeidQRn69ma493hpPU8Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Unt8egmRvwPUu0glZoccRX4BB5aszaqAV25MRw9Jz1w=; b=RFFhrRn6a0MspLZ82RZVpuMhd3S+pTc/hUCtnOqx3xLsMExRhWIcS7AekH6O/djArhQodEMx7GEs84A1EN8Z/sYQP0XmVjU2exzsoaZu2+alXB2DYboZ66kPFiKbeU+QgvxqhSDtFDlp749HF+mY1OBHNWeYhs/VdiiNAE5l+E1w+Ttz2hPluvn61J3ISVW76WOFSYXQmnaYvvoMRPbnbrogCg5eCPI908sgzEa8J62BQaG0YB4vpRvvGq43nqg0BO0GsTJRsBzNRh+XMB0AjGezTjKGOzIIaHPPycdhuKAvp/taEh9MqriuluwvZwSqZY/iZox/cbZhvcecagU/Yw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=epam.com; dmarc=pass action=none header.from=epam.com; dkim=pass header.d=epam.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=epam.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Unt8egmRvwPUu0glZoccRX4BB5aszaqAV25MRw9Jz1w=; b=TmJVbu0/5GJJnLw579OMEjN4V8+nQAmdstF96gdQFjdLHX/U4XQu8wBviwSZoWFx3BDARylSDcokkIXbr9ohQZ/VVBgzeaZdv29I5xUHBPw2KbXorQ63kp6geKoSdbULs0lZSzWAvOgZJx09DDH0pcazW7PHcYeDmstt52VeoDCQjVpCEgbR1DYOPa6nIPexiGaoZWIeaNA5GfMULb7LbeGg/3YHhsTBtnJ7VEFlQ0RZy87t7UpLbjOod6BGmGCAFJN0/LiT+FRrCTdpNTLlvMDoq+gijiP3S8T3kjbM+VuOz+Rfys0ceKl9GK2IEK5qNAaDHuIt/2rKqVDQp37eeA== From: Volodymyr Babchuk To: "xen-devel@lists.xenproject.org" CC: Oleksandr Andrushchenko , =?utf-8?q?Ro?= =?utf-8?q?ger_Pau_Monn=C3=A9?= Subject: [PATCH v8 03/13] vpci: restrict unhandled read/write operations for guests Thread-Topic: [PATCH v8 03/13] vpci: restrict unhandled read/write operations for guests Thread-Index: AQHZuqGrmAJWEwjbUkyUjUzRXQkJ0A== Date: Thu, 20 Jul 2023 00:32:31 +0000 Message-ID: <20230720003205.1828537-4-volodymyr_babchuk@epam.com> References: <20230720003205.1828537-1-volodymyr_babchuk@epam.com> In-Reply-To: <20230720003205.1828537-1-volodymyr_babchuk@epam.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-mailer: git-send-email 2.41.0 x-ms-publictraffictype: Email x-ms-traffictypediagnostic: VI1PR03MB3710:EE_|AS8PR03MB7783:EE_ x-ms-office365-filtering-correlation-id: 079fc536-4bd1-462a-cae4-08db88b8cec1 x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: YliDazfML/9kzzPYPHo1POb0eObPftuP504X69jE80TnIcyZBqPsLmGon9O1mf+8ZX6q8luDZqtKuQzNfTSRmqbGnnkQvaoUqC87UBfr0ZBfoLYavFPJJao4curMIVYnwJs8xpVkmZ/RzU8LXzhyrXhyklq1LVqpN5il7cwIs2BOcwVASlCIybe6LXzd8xynvhOWFZmF58lThOHiKZZJV8gqj1UoiSJJaIjSv7cIukpX/GqEqZQYAR8V9UoDpsQts3bDNwbayWVINnIfIUHXzquuKBFN6dcYWdrFC5hWHYr0idhNFrWqIhbZsnqWM8LlenhZfcdWh58DORMMiXOMw2BGs5t/sguk2AkRGNZZxAE8c9Ta0AJjuFwd2ipnvxeeAauv1U8Q4ZOUyUXN/GvDvksmfcJv1xJVsFHIdpTSQEXX5LQ5828U6KrEfyh8Mnq1R3uAg0sNCGavWsgkD6zCTk6pqc1xWag/ESubdhNy3UjnE1xVtULlRYN6rZJuufSvfMKfDFbtM0LOg7lOYApXLH25IN5wuHwu0XsAHexnzjS0TZHzKMv2pPln17VM4N9coE/bQX+ess93q+LHXglTUnfRPYbrl2D4sejR3Ajnx/zWfvOVyjnKIS7Zjm9HmE7q x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:VI1PR03MB3710.eurprd03.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230028)(4636009)(136003)(39860400002)(346002)(366004)(396003)(376002)(451199021)(55236004)(26005)(1076003)(6506007)(41300700001)(316002)(83380400001)(2616005)(186003)(6512007)(6486002)(122000001)(478600001)(66946007)(54906003)(71200400001)(4326008)(64756008)(38070700005)(66556008)(76116006)(66476007)(91956017)(6916009)(38100700002)(86362001)(5660300002)(66446008)(8936002)(8676002)(36756003)(2906002);DIR:OUT;SFP:1101; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?utf-8?q?PYGyBQogR38dbDsjRIQk2fBpZN5C?= =?utf-8?q?B3bmc3l7JPU6xr9Z5bu/QNx+Oy4NQUPtwVMxzODRXU5Wq+aG12uhHY+xAbnWnIA/X?= =?utf-8?q?Yg+iO/TKBx5+tl+T05LHbEwfncxaWscx9XVxS1Fdx6Ti87yrHLAzOUTMAhzAyd2YD?= =?utf-8?q?VJXTvm7tTYY9pHqwyyiS7Z47Rfz0Rv9qDt35RkiB9QOER9xdNX0jhz1GlWnHIigvc?= =?utf-8?q?FtISNe6iGZ0aGR9UVAR9bTZiEXHln3zpH/1TMyLNxUm78no07R37FB4q0hQA+NiDG?= =?utf-8?q?mx4Hy90vJUahfab+lYInr820ltTMcwtrZyWlEHZ4yYsGg66diqzZ5p7ndj8pEkFqq?= =?utf-8?q?uKmz+til3j8+nwB/0KTAZhdzJY1ogcFROVgX/kVrh2UTD1Hunwbn3UuUxE+kz779y?= =?utf-8?q?0eCWqDcCkh7NwuarrpZSw9C7powIPgcl4roRz/VkVwSYvE5wRfNKjP+EKbkTRjrZU?= =?utf-8?q?AGOqiXHtISQJKPhqTH2ceNrPl5XV/qc6R0NutjfMpiyIKXsqYOvOMoEgdLkg5S8at?= =?utf-8?q?bShaduAmlPSMz1P+AhGgFPNpMywGkc8pXin8IeM7euGwGJgmYvdZgEYY30pIsEstf?= =?utf-8?q?7bZSRrLbMX7+24OO1/HMjjZeYE3Qr6wOK5TM5OqaI2pYMOYpkaCG1rT8KuMUoxbeH?= =?utf-8?q?VSkHDEdtM/kqsXdjZ7KblN7RGMIFrdyNflbgemOEg9iaOU437U2rRLlaa/177c0w1?= =?utf-8?q?I7D6VZ4vFcHNmsW+Al/kQDCKTQqJI+AmvjxtDpB18HqaEYReQEzZqBzeUFQXBK7BN?= =?utf-8?q?qVoi8qlzElUuFxWXK68MHkWzjCo5OIuIyb8LYFpdFBhulQ3QlZRZcZMB5aQL14iqi?= =?utf-8?q?pdr+q+ZN+cIkgv8O8RMweJWK1LT2NyU0VA4x61l6vjcpzxkKiJHVeu9n8vdbilZPX?= =?utf-8?q?kewqE5P2lGqZEpX+sBHNWUvojIE0g3N8gMortJD8nMTG6XOF9AgTKgwjqMrOmK/bp?= =?utf-8?q?yjo6igz5MftJ/CJqC4wDRsxwHEaq4m3CyP80TmoC1JxO6p/l7sGTYJVYnzmHeylsV?= =?utf-8?q?23LC19S0RgtELT9o3nnGkWYb19ITFA21RPCrN82nCofcyiWj1Apmdj6uptKr9hxkF?= =?utf-8?q?fEAcESEM53xdtCfrjzYlWOr14xMUf4JkUWb2uLIcwIFD+OummTJxAcGwzDD1TpfWn?= =?utf-8?q?2qpDNJ9WW3qbBKhYbh1wVS6pEiPpEz1Y7bJMoFx+EkzN0eWJojYFEb+sClClHp787?= =?utf-8?q?dPUk6/G8D1eRXG3ALWvYMC8oViKfpDZigemleb+sHtRnPxa4ffrzb5X5zFcFs2w+/?= =?utf-8?q?rvYCgKHC1L6X45yd3ofMXbrcLVfmhAobp2jjrcc+VDD1Q7yAE7PnAZDgvC1E3X/A7?= =?utf-8?q?A9LyNyaGeeDDMXOoghUMMsE1mBUKHwcV21xoHDBw6ZDhcyTxfurl6nXyoXX2sf085?= =?utf-8?q?qzrLxptVh5xjCd1keOLxtMsb/TNeRLmByIRCgd1Dtggl8huF8BUbiT8R3NKVxJnzt?= =?utf-8?q?M27hXmz8fhdLkyrkIhSCDZFWsncbgDRTc90ZoyLbyKYiPqgkC51tvfoI4Jl3nTz7n?= =?utf-8?q?iHNK53ULBi8bOQ2OhM1vAaBI3W+OsWItUg=3D=3D?= Content-ID: <513FB179A8D41C4180D34D81C8EA2D34@eurprd03.prod.outlook.com> MIME-Version: 1.0 X-OriginatorOrg: epam.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: VI1PR03MB3710.eurprd03.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 079fc536-4bd1-462a-cae4-08db88b8cec1 X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Jul 2023 00:32:31.6418 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: b41b72d0-4e9f-4c26-8a69-f949f367c91d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: PMfP3jj2zbhu2X3oFr26LYJtxUYAs6EFDgJAURJWY2iAk93qvuH8CrFJU99K8IQAExkucqwW+DjgOAhjQLyPCABVWZg7KRFTSUGHJ2Cykc0= X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS8PR03MB7783 X-Proofpoint-ORIG-GUID: 1Ip4MEnJV-84fShS-NmeYKZyp_1jFr8g X-Proofpoint-GUID: 1Ip4MEnJV-84fShS-NmeYKZyp_1jFr8g X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.254,Aquarius:18.0.957,Hydra:6.0.591,FMLib:17.11.176.26 definitions=2023-07-19_16,2023-07-19_01,2023-05-22_02 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 mlxscore=0 impostorscore=0 priorityscore=1501 bulkscore=0 spamscore=0 adultscore=0 clxscore=1015 suspectscore=0 phishscore=0 mlxlogscore=999 malwarescore=0 lowpriorityscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2306200000 definitions=main-2307200002 From: Oleksandr Andrushchenko A guest would be able to read and write those registers which are not emulated and have no respective vPCI handlers, so it will be possible for it to access the hardware directly. In order to prevent a guest from reads and writes from/to the unhandled registers make sure only hardware domain can access the hardware directly and restrict guests from doing so. Suggested-by: Roger Pau Monné Signed-off-by: Oleksandr Andrushchenko Reviewed-by: Roger Pau Monné --- Since v6: - do not use is_hwdom parameter for vpci_{read|write}_hw and use current->domain internally - update commit message New in v6 --- xen/drivers/vpci/vpci.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/xen/drivers/vpci/vpci.c b/xen/drivers/vpci/vpci.c index f22cbf2112..a6d2cf8660 100644 --- a/xen/drivers/vpci/vpci.c +++ b/xen/drivers/vpci/vpci.c @@ -233,6 +233,10 @@ static uint32_t vpci_read_hw(pci_sbdf_t sbdf, unsigned int reg, { uint32_t data; + /* Guest domains are not allowed to read real hardware. */ + if ( !is_hardware_domain(current->domain) ) + return ~(uint32_t)0; + switch ( size ) { case 4: @@ -273,9 +277,13 @@ static uint32_t vpci_read_hw(pci_sbdf_t sbdf, unsigned int reg, return data; } -static void vpci_write_hw(pci_sbdf_t sbdf, unsigned int reg, unsigned int size, - uint32_t data) +static void vpci_write_hw(pci_sbdf_t sbdf, unsigned int reg, + unsigned int size, uint32_t data) { + /* Guest domains are not allowed to write real hardware. */ + if ( !is_hardware_domain(current->domain) ) + return; + switch ( size ) { case 4: