[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [RFC XEN PATCH v4 08/41] xen/pmem: hide NFIT and deny access to PMEM from Dom0

... to avoid the inference with the PMEM driver and management
utilities in Dom0.

Signed-off-by: Haozhong Zhang <haozhong.zhang@xxxxxxxxx>
---
Cc: Jan Beulich <jbeulich@xxxxxxxx>
Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
Cc: George Dunlap <George.Dunlap@xxxxxxxxxxxxx>
Cc: Ian Jackson <ian.jackson@xxxxxxxxxxxxx>
Cc: Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx>
Cc: Stefano Stabellini <sstabellini@xxxxxxxxxx>
Cc: Tim Deegan <tim@xxxxxxx>
Cc: Wei Liu <wei.liu2@xxxxxxxxxx>
Cc: Gang Wei <gang.wei@xxxxxxxxx>
Cc: Shane Wang <shane.wang@xxxxxxxxx>
---
 xen/arch/x86/acpi/power.c |  7 +++++++
 xen/arch/x86/dom0_build.c |  5 +++++
 xen/arch/x86/shutdown.c   |  3 +++
 xen/arch/x86/tboot.c      |  4 ++++
 xen/common/kexec.c        |  3 +++
 xen/common/pmem.c         | 21 +++++++++++++++++++++
 xen/drivers/acpi/nfit.c   | 21 +++++++++++++++++++++
 xen/include/xen/acpi.h    |  2 ++
 xen/include/xen/pmem.h    | 13 +++++++++++++
 9 files changed, 79 insertions(+)

diff --git a/xen/arch/x86/acpi/power.c b/xen/arch/x86/acpi/power.c
index 1e4e5680a7..d135715a49 100644
--- a/xen/arch/x86/acpi/power.c
+++ b/xen/arch/x86/acpi/power.c
@@ -178,6 +178,10 @@ static int enter_state(u32 state)
 
     freeze_domains();
 
+#ifdef CONFIG_NVDIMM_PMEM
+    acpi_nfit_reinstate();
+#endif
+
     acpi_dmar_reinstate();
 
     if ( (error = disable_nonboot_cpus()) )
@@ -260,6 +264,9 @@ static int enter_state(u32 state)
     mtrr_aps_sync_end();
     adjust_vtd_irq_affinities();
     acpi_dmar_zap();
+#ifdef CONFIG_NVDIMM_PMEM
+    acpi_nfit_zap();
+#endif
     thaw_domains();
     system_state = SYS_STATE_active;
     spin_unlock(&pm_lock);
diff --git a/xen/arch/x86/dom0_build.c b/xen/arch/x86/dom0_build.c
index bf992fef6d..3e4be7c571 100644
--- a/xen/arch/x86/dom0_build.c
+++ b/xen/arch/x86/dom0_build.c
@@ -8,6 +8,7 @@
 #include <xen/iocap.h>
 #include <xen/libelf.h>
 #include <xen/pfn.h>
+#include <xen/pmem.h>
 #include <xen/sched.h>
 #include <xen/sched-if.h>
 #include <xen/softirq.h>
@@ -458,6 +459,10 @@ int __init dom0_setup_permissions(struct domain *d)
             rc |= rangeset_add_singleton(mmio_ro_ranges, mfn);
     }
 
+#ifdef CONFIG_NVDIMM_PMEM
+    rc |= pmem_dom0_setup_permission(d);
+#endif
+
     return rc;
 }
 
diff --git a/xen/arch/x86/shutdown.c b/xen/arch/x86/shutdown.c
index a87aa60add..1902dfe73e 100644
--- a/xen/arch/x86/shutdown.c
+++ b/xen/arch/x86/shutdown.c
@@ -550,6 +550,9 @@ void machine_restart(unsigned int delay_millisecs)
 
     if ( tboot_in_measured_env() )
     {
+#ifdef CONFIG_NVDIMM_PMEM
+        acpi_nfit_reinstate();
+#endif
         acpi_dmar_reinstate();
         tboot_shutdown(TB_SHUTDOWN_REBOOT);
     }
diff --git a/xen/arch/x86/tboot.c b/xen/arch/x86/tboot.c
index 59d7c477f4..24e3b81ff1 100644
--- a/xen/arch/x86/tboot.c
+++ b/xen/arch/x86/tboot.c
@@ -488,6 +488,10 @@ int __init tboot_parse_dmar_table(acpi_table_handler 
dmar_handler)
     /* but dom0 will read real table, so must zap it there too */
     acpi_dmar_zap();
 
+#ifdef CONFIG_NVDIMM_PMEM
+    acpi_nfit_zap();
+#endif
+
     return rc;
 }
 
diff --git a/xen/common/kexec.c b/xen/common/kexec.c
index c14cbb2b9c..8e9ea131e3 100644
--- a/xen/common/kexec.c
+++ b/xen/common/kexec.c
@@ -366,6 +366,9 @@ static int kexec_common_shutdown(void)
     watchdog_disable();
     console_start_sync();
     spin_debug_disable();
+#ifdef CONFIG_NVDIMM_PMEM
+    acpi_nfit_reinstate();
+#endif
     acpi_dmar_reinstate();
 
     return 0;
diff --git a/xen/common/pmem.c b/xen/common/pmem.c
index aa0a1d166d..699f8a3322 100644
--- a/xen/common/pmem.c
+++ b/xen/common/pmem.c
@@ -18,6 +18,8 @@
 
 #include <xen/errno.h>
 #include <xen/list.h>
+#include <xen/iocap.h>
+#include <xen/paging.h>
 #include <xen/pmem.h>
 
 /*
@@ -120,3 +122,22 @@ int pmem_register(unsigned long smfn, unsigned long emfn, 
unsigned int pxm)
 
     return rc;
 }
+
+#ifdef CONFIG_X86
+
+int __init pmem_dom0_setup_permission(struct domain *d)
+{
+    struct list_head *cur;
+    struct pmem *pmem;
+    int rc = 0;
+
+    list_for_each(cur, &pmem_raw_regions)
+    {
+        pmem = list_entry(cur, struct pmem, link);
+        rc |= iomem_deny_access(d, pmem->smfn, pmem->emfn - 1);
+    }
+
+    return rc;
+}
+
+#endif /* CONFIG_X86 */
diff --git a/xen/drivers/acpi/nfit.c b/xen/drivers/acpi/nfit.c
index 6f85d4d911..e15d47b352 100644
--- a/xen/drivers/acpi/nfit.c
+++ b/xen/drivers/acpi/nfit.c
@@ -202,6 +202,24 @@ static void __init acpi_nfit_register_pmem(struct 
acpi_nfit_desc *desc)
     }
 }
 
+void acpi_nfit_zap(void)
+{
+    uint32_t sig = 0x4e494654; /* "TFIN" */
+
+    if ( nfit_desc.acpi_table )
+        write_atomic((uint32_t *)&nfit_desc.acpi_table->header.signature[0],
+                     sig);
+}
+
+void acpi_nfit_reinstate(void)
+{
+    uint32_t sig = 0x5449464e; /* "NFIT" */
+
+    if ( nfit_desc.acpi_table )
+        write_atomic((uint32_t *)&nfit_desc.acpi_table->header.signature[0],
+                     sig);
+}
+
 void __init acpi_nfit_boot_init(void)
 {
     acpi_status status;
@@ -216,6 +234,9 @@ void __init acpi_nfit_boot_init(void)
     map_pages_to_xen((unsigned long)nfit_desc.acpi_table, PFN_DOWN(nfit_addr),
                      PFN_UP(nfit_addr + nfit_len) - PFN_DOWN(nfit_addr),
                      PAGE_HYPERVISOR);
+
+    /* Hide NFIT from Dom0. */
+    acpi_nfit_zap();
 }
 
 void __init acpi_nfit_init(void)
diff --git a/xen/include/xen/acpi.h b/xen/include/xen/acpi.h
index 088f01255d..77188193d0 100644
--- a/xen/include/xen/acpi.h
+++ b/xen/include/xen/acpi.h
@@ -186,6 +186,8 @@ bool acpi_nfit_boot_search_pmem(unsigned long smfn, 
unsigned long emfn,
                                 unsigned long *ret_smfn,
                                 unsigned long *ret_emfn);
 void acpi_nfit_init(void);
+void acpi_nfit_zap(void);
+void acpi_nfit_reinstate(void);
 #endif /* CONFIG_NVDIMM_PMEM */
 
 #endif /*_LINUX_ACPI_H*/
diff --git a/xen/include/xen/pmem.h b/xen/include/xen/pmem.h
index 41cb9bb04f..d5bd54ff19 100644
--- a/xen/include/xen/pmem.h
+++ b/xen/include/xen/pmem.h
@@ -24,5 +24,18 @@
 
 int pmem_register(unsigned long smfn, unsigned long emfn, unsigned int pxm);
 
+#ifdef CONFIG_X86
+
+int pmem_dom0_setup_permission(struct domain *d);
+
+#else /* !CONFIG_X86 */
+
+static inline int pmem_dom0_setup_permission(...)
+{
+    return -ENOSYS;
+}
+
+#endif /* CONFIG_X86 */
+
 #endif /* CONFIG_NVDIMM_PMEM */
 #endif /* __XEN_PMEM_H__ */
-- 
2.15.1


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.