|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [xen master] vpci: add permission checks to map_range()
commit baa6ea7003868d1a339d06b17fd32d41b851d571
Author: Roger Pau Monné <roger.pau@xxxxxxxxxx>
AuthorDate: Thu Jul 27 09:49:25 2023 +0200
Commit: Jan Beulich <jbeulich@xxxxxxxx>
CommitDate: Thu Jul 27 09:49:25 2023 +0200
vpci: add permission checks to map_range()
Just like it's done for the XEN_DOMCTL_memory_mapping hypercall, add
the permissions checks to vPCI map_range(), which is used to map the
BARs into the domain p2m.
Adding those checks requires that for x86 PVH hardware domain builder
the permissions are set before initializing the IOMMU, or else
attempts to initialize vPCI done as part of IOMMU device setup will
fail due to missing permissions to create the BAR mappings.
While moving the call to dom0_setup_permissions() convert the panic()
used for error handling to a printk, the caller will already panic if
required.
Fixes: 9c244fdef7e7 ('vpci: add header handlers')
Signed-off-by: Roger Pau Monné <roger.pau@xxxxxxxxxx>
Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx>
Reviewed-by: Rahul Singh <rahul.singh@xxxxxxx>
Tested-by: Rahul Singh <rahul.singh@xxxxxxx>
---
xen/arch/x86/hvm/dom0_build.c | 21 ++++++++++++++-------
xen/drivers/vpci/header.c | 20 ++++++++++++++++++++
2 files changed, 34 insertions(+), 7 deletions(-)
diff --git a/xen/arch/x86/hvm/dom0_build.c b/xen/arch/x86/hvm/dom0_build.c
index a7ae9c3b04..bc0e290db6 100644
--- a/xen/arch/x86/hvm/dom0_build.c
+++ b/xen/arch/x86/hvm/dom0_build.c
@@ -715,13 +715,6 @@ static int __init pvh_setup_cpus(struct domain *d, paddr_t
entry,
return rc;
}
- rc = dom0_setup_permissions(d);
- if ( rc )
- {
- panic("Unable to setup Dom0 permissions: %d\n", rc);
- return rc;
- }
-
update_domain_wallclock_time(d);
v->is_initialised = 1;
@@ -1184,6 +1177,20 @@ int __init dom0_construct_pvh(struct domain *d, const
module_t *image,
printk(XENLOG_INFO "*** Building a PVH Dom%d ***\n", d->domain_id);
+ if ( is_hardware_domain(d) )
+ {
+ /*
+ * Setup permissions early so that calls to add MMIO regions to the
+ * p2m as part of vPCI setup don't fail due to permission checks.
+ */
+ rc = dom0_setup_permissions(d);
+ if ( rc )
+ {
+ printk("%pd unable to setup permissions: %d\n", d, rc);
+ return rc;
+ }
+ }
+
/*
* NB: MMCFG initialization needs to be performed before iommu
* initialization so the iommu code can fetch the MMCFG regions used by the
diff --git a/xen/drivers/vpci/header.c b/xen/drivers/vpci/header.c
index b41556d007..60f7049e34 100644
--- a/xen/drivers/vpci/header.c
+++ b/xen/drivers/vpci/header.c
@@ -17,10 +17,13 @@
* License along with this program; If not, see <http://www.gnu.org/licenses/>.
*/
+#include <xen/iocap.h>
#include <xen/sched.h>
#include <xen/softirq.h>
#include <xen/vpci.h>
+#include <xsm/xsm.h>
+
#include <asm/event.h>
#include <asm/p2m.h>
@@ -43,6 +46,23 @@ static int cf_check map_range(
{
unsigned long size = e - s + 1;
+ if ( !iomem_access_permitted(map->d, s, e) )
+ {
+ printk(XENLOG_G_WARNING
+ "%pd denied access to MMIO range [%#lx, %#lx]\n",
+ map->d, s, e);
+ return -EPERM;
+ }
+
+ rc = xsm_iomem_mapping(XSM_HOOK, map->d, s, e, map->map);
+ if ( rc )
+ {
+ printk(XENLOG_G_WARNING
+ "%pd XSM denied access to MMIO range [%#lx, %#lx]: %d\n",
+ map->d, s, e, rc);
+ return rc;
+ }
+
/*
* ARM TODOs:
* - On ARM whether the memory is prefetchable or not should be passed
--
generated by git-patchbot for /home/xen/git/xen.git#master
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |