[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH v2 1/6] x86/P2M: relax guarding of MMIO entries


  • To: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • From: Jan Beulich <jbeulich@xxxxxxxx>
  • Date: Thu, 2 Sep 2021 10:32:10 +0200
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=FuErrn7dPOKk18p14Eqqw0Ug5qQHJVZRhPNfvjkAXCc=; b=QqHhhd6RNunR/gm9IEcERf6hsRrZ91u49seIlwSyduy/tgvlyY9L98qBJVFOaKS2JIEkvEVJiHfmWBnqArM4yK+Er4Ub9eTn/0mjgKStW7AHEhberdHR3XraM6cmUPuPDDY5LA60qLszeodZqMhtpmwxNc3jxslCrWbMBOcthES5KwTbsp0FasEx46tvfPRR98w98OITl+F8utSupwpVPSU0F16swNPILpDJANAg4OWbzi3nyGUDGTmnTRj6f/4DYl/OHhXBaZ9cX9F8MEePiYiaDxRbw7anKMMu+X2BXdGq2b+RyJpR65p9rzVg551Kinho6UJrzSn8V71iiDGL6w==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=esop9D2vOOSfKjxkqZ2QTy/dXVlj+3dCmsXtOrdkgM9Xd04dHZP1kfcLV5luhYvDUSA5pF8SG+oBfVk/uAmFTICChATsNPEZKNpCCALNnzQYiGYIOyWeMAYGoWFE77PGivScaWBk2vEil2SkqeE/wKZh+7T732+gtWPwfT/zkQwWVmxAP/CYHtsN/br42smHMGCieMO85HTfiReerk8mqA0rDKxSpDeO0khv8QJC0OcUk6K4gJtr+iQboeXhNsRb4ua2vggiPVpcmnx4vMnkw1CwRGbuQy+Mf1kWvp9r5Nvbp8Orom/+IDXPWSg3I5ySyqza17cEG5VAW3EQxqFlDw==
  • Authentication-results: citrix.com; dkim=none (message not signed) header.d=none;citrix.com; dmarc=none action=none header.from=suse.com;
  • Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>
  • Delivery-date: Thu, 02 Sep 2021 08:32:20 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

One of the changes comprising the fixes for XSA-378 disallows replacing
MMIO mappings by code paths not intended for this purpose. At least in
the case of PVH Dom0 hitting an RMRR covered by an E820 ACPI region,
this is too strict. Generally short-circuit requests establishing the
same kind of mapping that's already in place, while otherwise adjusting
permissions without - as before - allowing MFN or type to change.

While there, also add a log message to the other domain_crash()
invocation that did prevent PVH Dom0 from coming up after the XSA-378
changes.

Fixes: 753cb68e6530 ("x86/p2m: guard (in particular) identity mapping entries")
Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
---
I may have gone too far by allowing "access" to change for all special
types now.
---
v2: Format string and comment adjustments. Split off access
    accumulation.

--- a/xen/arch/x86/mm/p2m.c
+++ b/xen/arch/x86/mm/p2m.c
@@ -958,9 +958,13 @@ guest_physmap_add_entry(struct domain *d
         if ( p2m_is_special(ot) )
         {
             /* Don't permit unmapping grant/foreign/direct-MMIO this way. */
-            domain_crash(d);
             p2m_unlock(p2m);
-            
+            printk(XENLOG_G_ERR
+                   "%pd: GFN %#lx (%#lx,%u,%u) -> (%#lx,%u,%u) not 
permitted\n",
+                   d, gfn_x(gfn) + i,
+                   mfn_x(omfn), ot, a,
+                   mfn_x(mfn) + i, t, p2m->default_access);
+            domain_crash(d);
             return -EPERM;
         }
         else if ( p2m_is_ram(ot) && !p2m_is_paged(ot) )
@@ -1302,9 +1306,24 @@ static int set_typed_p2m_entry(struct do
     }
     if ( p2m_is_special(ot) )
     {
-        gfn_unlock(p2m, gfn, order);
-        domain_crash(d);
-        return -EPERM;
+        /* Special-case (almost) identical mappings. */
+        if ( !mfn_eq(mfn, omfn) || gfn_p2mt != ot )
+        {
+            gfn_unlock(p2m, gfn, order);
+            printk(XENLOG_G_ERR
+                   "%pd: GFN %#lx (%#lx,%u,%u,%u) -> (%#lx,%u,%u,%u) not 
permitted\n",
+                   d, gfn_l,
+                   mfn_x(omfn), cur_order, ot, a,
+                   mfn_x(mfn), order, gfn_p2mt, access);
+            domain_crash(d);
+            return -EPERM;
+        }
+
+        if ( access == a )
+        {
+            gfn_unlock(p2m, gfn, order);
+            return 0;
+        }
     }
     else if ( p2m_is_ram(ot) )
     {




 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.