|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [xen master] x86/PVH: deny Dom0 access to the ISA DMA controller
commit 306e3dc919211f1b24b6261f767e2436a98ab818
Author: Jan Beulich <jbeulich@xxxxxxxx>
AuthorDate: Thu Nov 2 10:44:46 2023 +0100
Commit: Jan Beulich <jbeulich@xxxxxxxx>
CommitDate: Thu Nov 2 10:44:46 2023 +0100
x86/PVH: deny Dom0 access to the ISA DMA controller
Unlike PV, a PVH Dom0 has no sensible way of driving the address and
page registers correctly, as it would need to translate guest physical
addresses to host ones. Rather than allowing data corruption to occur
from e.g. the use of a legacy floppy drive, disallow access altogether.
Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
Acked-by: Roger Pau Monné <roger.pau@xxxxxxxxxx>
---
xen/arch/x86/dom0_build.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/xen/arch/x86/dom0_build.c b/xen/arch/x86/dom0_build.c
index c31afc734f..640e666685 100644
--- a/xen/arch/x86/dom0_build.c
+++ b/xen/arch/x86/dom0_build.c
@@ -505,6 +505,13 @@ int __init dom0_setup_permissions(struct domain *d)
#ifdef CONFIG_HVM
if ( is_hvm_domain(d) )
{
+ /* ISA DMA controller, channels 0-3 (incl possible aliases). */
+ rc |= ioports_deny_access(d, 0x00, 0x1F);
+ /* ISA DMA controller, page registers (incl various reserved ones). */
+ rc |= ioports_deny_access(d, 0x80 + !!hvm_port80_allowed, 0x8F);
+ /* ISA DMA controller, channels 4-7 (incl usual aliases). */
+ rc |= ioports_deny_access(d, 0xC0, 0xDF);
+
/* HVM debug console IO port. */
rc |= ioports_deny_access(d, XEN_HVM_DEBUGCONS_IOPORT,
XEN_HVM_DEBUGCONS_IOPORT);
--
generated by git-patchbot for /home/xen/git/xen.git#master
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |