[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v3 4/6] vpci: restrict unhandled read/write operations for guests
- To: Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>
- From: Roger Pau Monné <roger.pau@xxxxxxxxxx>
- Date: Fri, 17 Mar 2023 09:37:28 +0100
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=3FpPXZMCHVJOCib70klz0c/5VZXO7Wnp1cmr/VKjJuM=; b=QRrE4q40Wd0cTE0/E4s1ukURofB+fqkj+5inRiOn66fmROtrFRbGxBvQkL/PXZlIUiuCPR9NXuXqVdygQ1Rx6hRv8i1ufvOiQOQg+frA0UCQGxXiM4wnYbdTkeVbmZmRSesX38t8/9Y5IP4X8exCVHmkCsIQOmt+3L6TYYwk7i3yEyMxJO7Yytyn3BB2XLrTgGSlDhML86dI0k+qgEx2RrDPoCMB6fGcmilf+hJ3fQVnLMiIlfSunlosVtcrnY8jkCFJb83oMfVBUFdeo2H6fXzXZUK0H/WANROTEXV+JRa+v8BQ8a5JWmnnyJ8Jyk9dG/bq2wCyKqlPpO0HjH022w==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=T3YB8cR+vVT7YtyDOQdVtsoQlkOTpNJ7mSzBp9ngV1P1jnV6R43T05y92wFbYHzcNa5xFOXQn04mL7M2honowyGyzfeJnzTGIoYnGUIAB6hRrscETKJWP6PWpi1U4zJQILRXSxd3mgkUeF9tzPEZT0tfQISC08WzZbjHc20TnzwK2ciRa9SuX8gES3ElTwiLHYbxalVZEnUYf+jiE3hg9cuBZtiXUlcpWPifuyiVTMeK3jpOALFwAgmK/SVX6mKodmOdb6OCnD411GsYZvlXrCLsErv8pMctKqyw0RuGXj5nPuyYw/8rTl9ZvRlMS7EISRFgjYhTvvPVhprcOKqdzQ==
- Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=citrix.com;
- Cc: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Oleksandr Andrushchenko <Oleksandr_Andrushchenko@xxxxxxxx>
- Delivery-date: Fri, 17 Mar 2023 08:38:17 +0000
- Ironport-data: A9a23:WVeC7K0FqaN5Hep/vPbD5RRwkn2cJEfYwER7XKvMYLTBsI5bp2dTm zcZW2jXPviIYjGnLdp1Pdy/80kHsZ/cx4JkSVA4pC1hF35El5HIVI+TRqvS04F+DeWYFR46s J9OAjXkBJppJpMJjk71atANlVEliefTAOK6ULWeUsxIbVcMYD87jh5+kPIOjIdtgNyoayuAo tq3qMDEULOf82cc3lk8tuTS+HuDgNyo4GlD5gdnOqgS1LPjvyJ94Kw3dPnZw0TQGuG4LsbiL 87fwbew+H/u/htFIrtJRZ6iLyXm6paLVeS/oiI+t5qK23CulQRrukoPD9IOaF8/ttm8t4sZJ OOhF3CHYVxB0qXkwIzxWvTDes10FfUuFLTveRBTvSEPpqFvnrSFL/hGVSkL0YMkFulfKn9Xp KIUIgI3aRWu3bmc5b2ecrU2mZF2RCXrFNt3VnBI6xj8VaxjbbWYBqLA6JlfwSs6gd1IEbDGf c0FZDFzbRPGJRpSJlMQD5F4l+Ct7pX9W2QA9BTJ+uxqvS6PkWSd05C0WDbRUsaNSshP2F6Ru 0rN/njjAwFcP9uaodaA2iv03bGSwXOqAur+EpWGx/4xunCR41cKSycyfF+wm8Kdp0ihDoc3x 0s8v3BGQbIJ3HKsSt7xThipukmutxQXW8dTO+Ai4QTLwa3Riy6JC25BQjNfZdgOsM4tWSdsx lKPh8nuBzFkrPuSU3313pCQoDCpMC4ZN1grYyMeUBAF6NnupoI0ph/XR9MlG6mw5uAZAhn1y jGO6SQ73LMaiJZR073hpQyaxTWxupLOUwg5oB3NWX6o5R94Y4jjYJG07V/c7rBLK4PxokS9g UXoUvO2tIgmZaxhXgTRGo3hwJnBCy65DQDh
- Ironport-hdrordr: A9a23:XYg0ZaCUKqReGpzlHela55DYdb4zR+YMi2TDt3oddfWaSKylfq GV7ZImPHrP4gr5N0tOpTntAse9qDbnhPxICOoqTNCftWvdyQiVxehZhOOP/9SjIVyaygc078 xdmsNFebnN5DZB7PoT4GODYqkdKNvsytHXuQ8JpU0dPD2DaMtbnndE4h7wKDwOeOHfb6BJaa Z14KB81kKdUEVSVOuXLF8fUdPOotXa/aiWHSLvV3YcmXKzZSrD0s+BLySl
- List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On Tue, Mar 14, 2023 at 08:56:30PM +0000, Volodymyr Babchuk wrote:
> From: Oleksandr Andrushchenko <oleksandr_andrushchenko@xxxxxxxx>
>
> A guest would be able to read and write those registers which are not
> emulated and have no respective vPCI handlers, so it will be possible
> for it to access the hardware directly.
> In order to prevent a guest from reads and writes from/to the unhandled
> registers make sure only hardware domain can access the hardware directly
> and restrict guests from doing so.
>
> Suggested-by: Roger Pau Monné <roger.pau@xxxxxxxxxx>
> Signed-off-by: Oleksandr Andrushchenko <oleksandr_andrushchenko@xxxxxxxx>
>
> ---
>
> v3:
> - No changes
>
> Older comments from another series:
>
> Since v6:
> - do not use is_hwdom parameter for vpci_{read|write}_hw and use
> current->domain internally
> - update commit message
> New in v6
> Moved into another series
> ---
> xen/drivers/vpci/vpci.c | 12 ++++++++++--
> 1 file changed, 10 insertions(+), 2 deletions(-)
>
> diff --git a/xen/drivers/vpci/vpci.c b/xen/drivers/vpci/vpci.c
> index 5232f9605b..199ff55672 100644
> --- a/xen/drivers/vpci/vpci.c
> +++ b/xen/drivers/vpci/vpci.c
> @@ -220,6 +220,10 @@ static uint32_t vpci_read_hw(pci_sbdf_t sbdf, unsigned
> int reg,
> {
> uint32_t data;
>
> + /* Guest domains are not allowed to read real hardware. */
> + if ( !is_hardware_domain(current->domain) )
> + return ~(uint32_t)0;
> +
> switch ( size )
> {
> case 4:
> @@ -260,9 +264,13 @@ static uint32_t vpci_read_hw(pci_sbdf_t sbdf, unsigned
> int reg,
> return data;
> }
>
> -static void vpci_write_hw(pci_sbdf_t sbdf, unsigned int reg, unsigned int
> size,
> - uint32_t data)
> +static void vpci_write_hw(pci_sbdf_t sbdf, unsigned int reg,
> + unsigned int size, uint32_t data)
Unrelated change? The parameter list doesn't go over 80 characters so
this rearranging is not necessary, and in any case should be done in a
separate commit or at least mentioned in the commit log.
> {
> + /* Guest domains are not allowed to write real hardware. */
I would maybe write this as:
"Unprivileged domain are not allowed unhandled accesses to the config
space."
But that's mostly a nit, and would also apply to the comment in
vpci_read_hw().
Thanks, Roger.
|
