|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [xen master] x86: don't allow Dom0 access to port CF9
commit ee3bcf907ac39aed099d6fca41ab3769180d03f0
Author: Jan Beulich <jbeulich@xxxxxxxx>
AuthorDate: Thu Nov 2 10:43:29 2023 +0100
Commit: Jan Beulich <jbeulich@xxxxxxxx>
CommitDate: Thu Nov 2 10:43:29 2023 +0100
x86: don't allow Dom0 access to port CF9
This allows to initiate machine reset, which we don't want to permit
Dom0 to invoke that way.
While there insert blank lines and convert the sibling PCI config space
port numbers to upper case, matching style earlier in the function.
Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
Acked-by: Roger Pau Monné <roger.pau@xxxxxxxxxx>
---
xen/arch/x86/dom0_build.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/xen/arch/x86/dom0_build.c b/xen/arch/x86/dom0_build.c
index 09fb8b063a..5dc5872e38 100644
--- a/xen/arch/x86/dom0_build.c
+++ b/xen/arch/x86/dom0_build.c
@@ -491,8 +491,13 @@ int __init dom0_setup_permissions(struct domain *d)
/* ACPI PM Timer. */
if ( pmtmr_ioport )
rc |= ioports_deny_access(d, pmtmr_ioport, pmtmr_ioport + 3);
- /* PCI configuration space (NB. 0xcf8 has special treatment). */
- rc |= ioports_deny_access(d, 0xcfc, 0xcff);
+
+ /* Reset control. */
+ rc |= ioports_deny_access(d, 0xCF9, 0xCF9);
+
+ /* PCI configuration space (NB. 0xCF8 has special treatment). */
+ rc |= ioports_deny_access(d, 0xCFC, 0xCFF);
+
#ifdef CONFIG_HVM
if ( is_hvm_domain(d) )
{
--
generated by git-patchbot for /home/xen/git/xen.git#master
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |