Xen project Mailing List

Re: [PATCH for-4.17 v2 4/5] pci: do not disable memory decoding for devices

To: Roger Pau Monne <roger.pau@xxxxxxxxxx>

Date: Wed, 26 Oct 2022 14:35:44 +0200

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=nD8Ce0/dRHbCANyucPc8SVsJyQwfDzrQc1UcfGfRc3k=; b=WsgPVDnDRglO1AjRlHXdPZfq3fRM+Skzs/yDZH0UunEN4FN4n9IpX6txtKklK72np+ldXklrRJjl3EyJP6QCij1NBDC0Vl5qvRd4dlJ2Za70O4kFk7O867+IwbJidBg8lPLuplnhSr2tCT5UrYCkorJXEfW5wXYJQoD/TtOzpe/OSTrMch1YzUHJaY6eKnFcIbd7aJSUoTfgFE58SCniCvVKuLHNneD5RP3dP8yRuGeuAlx4tUAz80T/lvYSUVVwqpI4vYD8BQKbCBFw03aDtI2R7dBdm6Nrk+pjYdZuF83yGi2gxnpC1O2zhXZ1a2EkOXKzdZxmZU5RZ/japMAFiA==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=XUTS0clZ+C0WCbhjkylh+bosqPCaX48bf+Yg68Lh01luC//nN1MdP+0R9NDvgUVdB5m0EFCMnRaOQw1Ms/syP5mbeS/OgzUjEzIYoyASiGrIuOqtubsL5BeK9/5BZMQc8Tpnpy430qQJD+J3TNqczcbuC6j112GMbUkzf9KBe6jeRNqcBeNjxOx0PKZjupGYIgVBHlm0Fgsv/oc3ajefpCjkLZ+EAHIGUFIkRX602PPCNCbKj9436AN40DsmQtKbBqETBBmEd1xvMBjaEcL8GDnPqcZ0JmDHbaawdp3piF/Ij+GPUYVOj5ce/x0G5HWzS0mvISrBkGVOt292RlWJGQ==

Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;

Cc: Henry.Wang@xxxxxxx, Paul Durrant <paul@xxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx

Delivery-date: Wed, 26 Oct 2022 12:36:05 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 25.10.2022 16:44, Roger Pau Monne wrote: > --- a/xen/drivers/vpci/header.c > +++ b/xen/drivers/vpci/header.c > @@ -121,7 +121,9 @@ static void modify_decoding(const struct pci_dev *pdev, > uint16_t cmd, > } > > if ( !rom_only && > - (bar->type != VPCI_BAR_ROM || header->rom_enabled) ) > + (bar->type != VPCI_BAR_ROM || header->rom_enabled) && > + pci_check_bar(pdev, _mfn(PFN_DOWN(bar->addr)), > + _mfn(PFN_DOWN(bar->addr + bar->size - 1))) ) > bar->enabled = map; > } What about the ROM handling immediately above from here? > @@ -234,9 +236,25 @@ static int modify_bars(const struct pci_dev *pdev, > uint16_t cmd, bool rom_only) > > if ( !MAPPABLE_BAR(bar) || > (rom_only ? bar->type != VPCI_BAR_ROM > - : (bar->type == VPCI_BAR_ROM && > !header->rom_enabled)) ) > + : (bar->type == VPCI_BAR_ROM && > !header->rom_enabled)) || > + /* Skip BARs already in the requested state. */ > + bar->enabled == !!(cmd & PCI_COMMAND_MEMORY) ) > continue; > > + /* > + * Only do BAR position checks for the hardware domain, for guests > it's > + * assumed that the hardware domain has changed the position of any > + * problematic BARs. > + */ > + if ( is_hardware_domain(pdev->domain) && > + !pci_check_bar(pdev, _mfn(start), _mfn(end)) ) > + { > + printk(XENLOG_G_WARNING > + "%pp: not mapping BAR [%lx, %lx] invalid position\n", > + &pdev->sbdf, start, end); > + continue; > + } I'm not convinced of it being appropriate to skip the check for DomU. I'd rather consider this a "fixme", as (perhaps somewhere else) we should return an error if a misconfigured device was passed. We cannot blindly leave the security of the system to tool stack + Dom0 kernel imo. And then, if this is Dom0-only, I think it wants to be XENLOG_WARNING, i.e. without the G infix. Jan

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.