Xen project Mailing List

Re: [PATCH v6 04/13] vpci: restrict unhandled read/write operations for guests

From: Oleksandr Andrushchenko <Oleksandr_Andrushchenko@xxxxxxxx>

Date: Fri, 4 Feb 2022 14:24:02 +0000

Accept-language: en-US

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=9VOvhtcv7FhQ67RS/6IdCg/8um4grepF7cuEjXpc9HY=; b=drgEkhHrEQYFD66hpikVmX4rBc5pCdtIupP+LG96LAInFi5/mpzfVJ657Sev1I7D4/wqebKKpdU5SQHbxBh4ckFY5Ppx9cpL3VG4CAdWEVKRZ4DWXEatMd5rQcMnMh30V4m97GxtuAf5MR9ORjagNhxPxRYgBgJF++w6H9NkQyhk2WVMcbQgkgw58JGBSsf5VruwbE2PpKBCY22tUgpzKbnKpasiBRfHEM47SOydMwAWBSIkOmhZowgkOU4yENuP4Y8xMnJxN1tUlzNfSS0WId3UqL5u3eQzJnfQSdHR748g/bQJQfF8fE/BPOd5N9qn9MItDWhCEEKnaCTi/fGO4A==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=UBGvwVQ00on9FXtRQUSLoI8kTDs1+6SmnEt5JfWi00QRcGUtFVp9Mb+DhyxIGuBNbgm5iWprXteHFb7WRsD1ZM73ShYdCrGmzxR+Lp5Onu7Cgg1PVtbVMOplejcGloTlQ2zYXLxNndSCA1uFdR56nrYITlP7+KWgQ1BrWuRM63PenYoVlwth4ILmOAVlCWSuxPjQfJgdOCvNj7ufcYX7ombWdn4qvJGZh/bbs4P5sqECvcuBS+KRpthydKlJwC6g53Rs74pVq6GPVuGnr0JF+wQNX+6Jkgw1iw+S1DyJ7v6h4yCTQz7YNzYyGPNQSBN3VIzcB2xaJKVNNSEWfBEE8g==

Cc: "julien@xxxxxxx" <julien@xxxxxxx>, "sstabellini@xxxxxxxxxx" <sstabellini@xxxxxxxxxx>, Oleksandr Tyshchenko <Oleksandr_Tyshchenko@xxxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>, Artem Mygaiev <Artem_Mygaiev@xxxxxxxx>, "roger.pau@xxxxxxxxxx" <roger.pau@xxxxxxxxxx>, "andrew.cooper3@xxxxxxxxxx" <andrew.cooper3@xxxxxxxxxx>, "george.dunlap@xxxxxxxxxx" <george.dunlap@xxxxxxxxxx>, "paul@xxxxxxx" <paul@xxxxxxx>, Bertrand Marquis <bertrand.marquis@xxxxxxx>, Rahul Singh <rahul.singh@xxxxxxx>, Oleksandr Andrushchenko <Oleksandr_Andrushchenko@xxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>

Delivery-date: Fri, 04 Feb 2022 14:24:20 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Thread-index: AQHYGZFbf8/6pUr0mUKzbmboCx8QkqyDbvWAgAADnYA=

Thread-topic: [PATCH v6 04/13] vpci: restrict unhandled read/write operations for guests

On 04.02.22 16:11, Jan Beulich wrote: > On 04.02.2022 07:34, Oleksandr Andrushchenko wrote: >> A guest can read and write those registers which are not emulated and >> have no respective vPCI handlers, so it can access the HW directly. > I don't think this describes the present situation. Or did I miss where > devices can actually be exposed to guests already, despite much of the > support logic still missing? No, they are not exposed yet and you know that. I will update the commit message > >> In order to prevent a guest from reads and writes from/to the unhandled >> registers make sure only hardware domain can access HW directly and restrict >> guests from doing so. > Tangential question: Going over the titles of the remaining patches I > notice patch 6 is going to deal with BAR accesses. But (going just > from the titles) I can't spot anywhere that vendor and device IDs > would be exposed to guests. Yet that's the first thing guests will need > in order to actually recognize devices. As said before, allowing guests > access to such r/o fields is quite likely going to be fine. Agree, I was thinking about adding such a patch to allow IDs, but finally decided not to add more to this series. Again, the whole thing is not working yet and for the development this patch can/needs to be reverted. So, either we implement IDs or not this doesn't change anything with this respect > >> --- a/xen/drivers/vpci/vpci.c >> +++ b/xen/drivers/vpci/vpci.c >> @@ -215,11 +215,15 @@ int vpci_remove_register(struct vpci *vpci, unsigned >> int offset, >> } >> >> /* Wrappers for performing reads/writes to the underlying hardware. */ >> -static uint32_t vpci_read_hw(pci_sbdf_t sbdf, unsigned int reg, >> +static uint32_t vpci_read_hw(bool is_hwdom, pci_sbdf_t sbdf, unsigned int >> reg, >> unsigned int size) > Was the passing around of a boolean the consensus which was reached? Was this patch committed yet? > Personally I'd fine it more natural if the two functions checked > current->domain themselves. This is also possible, but I would like to hear Roger's view on this as well I am fine either way > > Jan > Thank you, Oleksandr

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.