[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v2 2/6] x86/P2M: relax permissions of PVH Dom0's MMIO entries
- To: Jan Beulich <jbeulich@xxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>
- From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
- Date: Mon, 6 Sep 2021 16:48:07 +0100
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=vLg9oQJLQc4EgCHbSr6T90rQDY6+Gti+7IBwBOjZGbY=; b=SJbpy3EgCZ8UXkgwW3Dhq/zC7VIU5ttzfDwL5Rk5sFJNx3jJcEEOYGAjBxH09hU8kYok5IO3D+glN3oHKtw2p31DIBPf3f17bFL+5QSRs81JwYyLtwfPUtONwUs93pOTKTsXo4ri3YivfpbdqdytfSzHzIaIoEgj/eYqHB/V+SLETTsqIhvOKwDFHf+o4UHyB3gSWb+CSWmpHY3ksGdXr9tarJyQqqz9jK5udCOPzyGWHmCzuAk93Wh6Cj1TykKZcl2ZRxe8z03HQ3tP5jnRZ+ONjZdEp5q391/XsLhD2QU7oi5+dohlZkfcvZnemXBjK6NoS8PiXt7esxY89O6j2Q==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=P4ahkLnBPGH/J6zIrsH2R47SfkgSH3cyayht7Is/8Wt6EdzxP5+9LRaQ6dStqADi2qSZMFYKSLF5vZ8L8ZUDJd6aoAehMDZsGLhNuL2oVum+5Xp7HWx9H38QWW3aQV/rTVe0dMimydRql1+F/tEEnsqSdmoCb7ep6s6SG9oSPDcHkxlH/krBhvbIrDIRp8p97hsp6xWlaf7/cnYSh7WjvN677xbebI3Lj0/bZYtWIgdENNyrJv0QmbYY23nnW18oRoBenfJP0689txVaky24DoZODKc08siJuPq/RRvNLTtCs/Ihux3xykeuok0JRwlozlq2MD4TyBjyMvRAxjrwXw==
- Authentication-results: esa5.hc3370-68.iphmx.com; dkim=pass (signature verified) header.i=@citrix.onmicrosoft.com
- Cc: Wei Liu <wl@xxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>
- Delivery-date: Mon, 06 Sep 2021 15:48:28 +0000
- Ironport-hdrordr: A9a23:j2H4TK5mw9yxhWnR3APXwD7XdLJyesId70hD6qkQc3FomwKj9/ xG/c5rsyMc7Qx6ZJhOo7+90cW7L080sKQFg7X5Xo3SOzUO2lHYT72KhLGKq1Hd8m/Fh4tgPM 9bGJSWY+eAaWSS4/ya3OG5eexQv+Vu8sqT9JnjJ6EGd3AaV0lihT0JejpyCidNNXB77QJSLu vg2iJAzQDQAUg/X4CAKVQuefPMnNHPnIKOW297O/Z2gDP+9g9B8dTBYmKl4is=
- Ironport-sdr: szFn5Rx2CcSuwwNQSgdCA4V9pzjhPGxgwYXW4zhWAc8u8kbqhc0/avN1YHIM9EPT+q6qH/K2Xy amKg1jbA77nB6bRwsS7Bw0UL83AJcFIMGRTC177pmGimOmEEjayrapbqPDf6v6wOwp1l09fCUh V9PTFDsiaoXw+wivSubxBvA835Z1c+UE+mBe/G+H23rZyi1zgx89ifsPCsW+2G280kzzYElELp 2Bi23k1lajzKsYwON8W0RXQZU1+968rUpNlqrfVdhMyoASlObHkkg3kLdvSSD7wkeku3/n3ax6 Dt3q/SRhRog2nMUsqBjjNkQ+
- List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 02/09/2021 09:33, Jan Beulich wrote:
> To become independent of the sequence of mapping operations, permit
> "access" to accumulate for Dom0, noting that there's not going to be an
> introspection agent for it which this might interfere with. While e.g.
> ideally only ROM regions would get mapped with X set, getting there is
> quite a bit of work.
?
That's literally the opposite of what needs to happen to fix this bug.
Introspection is the only interface which should be restricting X
permissions.
> Plus the use of p2m_access_* here is abusive in the
> first place.
>
> Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
> ---
> v2: Split off from original patch.
>
> --- a/xen/arch/x86/mm/p2m.c
> +++ b/xen/arch/x86/mm/p2m.c
> @@ -1319,6 +1319,18 @@ static int set_typed_p2m_entry(struct do
> return -EPERM;
> }
>
> + /*
> + * Gross bodge, to go away again rather sooner than later:
> + *
> + * For MMIO allow access permissions to accumulate, but only for
> Dom0.
> + * Since set_identity_p2m_entry() and set_mmio_p2m_entry() differ in
> + * the way they specify "access", this will allow the ultimate result
> + * be independent of the sequence of operations.
"result to be"
~Andrew
> + */
> + if ( is_hardware_domain(d) && gfn_p2mt == p2m_mmio_direct &&
> + access <= p2m_access_rwx && a <= p2m_access_rwx )
> + access |= a;
> +
> if ( access == a )
> {
> gfn_unlock(p2m, gfn, order);
>
>
|
