|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-changelog] Disallow domain 0 access to certain I/O port ranges
# HG changeset patch
# User kaf24@xxxxxxxxxxxxxxxxxxxx
# Node ID a51e78a2a01a7012b64de7f5c1a1bc2610b3fd5b
# Parent d6752f193ffa85b9eaa449ff854a6aac986cf821
Disallow domain 0 access to certain I/O port ranges
(Master/Slave PICs, PIT, Speaker Control). Modifying
these can seriously harm Xen's health.
Signed-off-by: Keir Fraser <keir@xxxxxxxxxxxxx>
diff -r d6752f193ffa -r a51e78a2a01a xen/arch/x86/domain_build.c
--- a/xen/arch/x86/domain_build.c Wed Aug 31 10:39:53 2005
+++ b/xen/arch/x86/domain_build.c Wed Aug 31 12:56:42 2005
@@ -20,6 +20,7 @@
#include <asm/processor.h>
#include <asm/desc.h>
#include <asm/i387.h>
+#include <asm/physdev.h>
#include <asm/shadow.h>
static long dom0_nrpages;
@@ -707,6 +708,18 @@
printk("dom0: shadow setup done\n");
}
+ /*
+ * Modify I/O port access permissions.
+ */
+ /* Master Interrupt Controller (PIC). */
+ physdev_modify_ioport_access_range(dom0, 0, 0x20, 2);
+ /* Slave Interrupt Controller (PIC). */
+ physdev_modify_ioport_access_range(dom0, 0, 0xA0, 2);
+ /* Interval Timer (PIT). */
+ physdev_modify_ioport_access_range(dom0, 0, 0x40, 4);
+ /* PIT Channel 2 / PC Speaker Control. */
+ physdev_modify_ioport_access_range(dom0, 0, 0x61, 1);
+
return 0;
}
_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |