[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v4] x86: detect CMOS aliasing on ports other than 0x70/0x71
- To: Jan Beulich <jbeulich@xxxxxxxx>
- From: Roger Pau Monné <roger.pau@xxxxxxxxxx>
- Date: Thu, 23 Mar 2023 13:29:59 +0100
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=EPZNYpOHH6qEu/dMbY21FiK/fmLQ5FXTD27CeN+mPBw=; b=HbDU+Y/eNDMG2PT0BdjdT5RnQJ0ioMo6XneYMISPY7+paSZvr4ARH4bXWV3rH8gN01hgg9mjkRXHA6v4Rf9gxzxDM73APfi7k7Op7x3HTVXR5vw+P+L2m9yVJv8mAcGWiFoX8S4MSA1gQPu/AQr2NazeKV6go3vtlFKFvbVXlNjYdR3amKb7N0umaezuagkhclyl6YngCrflTdTEX9V0l4nT/6bqT6BEWPQK8RQ5DNuFZgBUKlC8Zkg6h8NSzLUMTk4+/VKxmXRyVj3ua1Gov9vdR+ral5FbfDX8eDJsMl6ZfB1i/c3yuVP+86Q3k6J2fziOKtDY1BuqYpKeH/2OJQ==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=YSH6RD9jfyAMxamk6VvjcYVLvCjwDvm3C7RsueDYd1nOjRk9NCxUHsg2iKC68oKDyglmav6z3hrJ09gLm4fZ7DWmb7JeTyDvmWd5dU2OqtEC0OVlHwDLxfsiqQk5X1fIUDHXmLcgY4SxjnEmofPPiJWrg+e8AeYR8StEqotEr4xOceBuKF2yriicpDfJYh252Y7CCo5VOTmQvPwzhojYVuus73p6q9xvToGW+ifrRBi6nda2kUaFEZ6OGP0qPhz9P25VjITl9ry3S74AdOPIV1M5lDJI0Nv90Dt81XoaXaQd/d4hTOaaKGfvdnSYC8GHGEKdLV+Od2QAdqPj+z3LPw==
- Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=citrix.com;
- Cc: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Paul Durrant <paul@xxxxxxx>, Wei Liu <wl@xxxxxxx>
- Delivery-date: Thu, 23 Mar 2023 12:30:47 +0000
- Ironport-data: A9a23:YyAyOKuMTozPoAp7TUkygbEeKOfnVGJfMUV32f8akzHdYApBsoF/q tZmKWmAPPnZZGP0c9wla9vn9BsOucfSn9VlSgRqpS5mQ3gR+JbJXdiXEBz9bniYRiHhoOCLz O1FM4Wdc5pkJpP4jk3wWlQ0hSAkjclkfpKlVKiffHg3HVQ+IMsYoUoLs/YjhYJ1isSODQqIu Nfjy+XSI1bg0DNvWo4uw/vrRChH4bKj6Fv0gnRkPaoQ5ASEzCFMZH4iDfrZw0XQE9E88tGSH 44v/JnhlkvF8hEkDM+Sk7qTWiXmlZaLYGBiIlIPM0STqkAqSh4ai87XB9JFAatjsB2bnsgZ9 Tl4ncfYpTHFnEH7sL91vxFwS0mSNEDdkVPNCSDXXce7lyUqf5ZwqhnH4Y5f0YAwo45K7W9yG fMwFW4pREiequiN+7+cV/FeiMsNFfH2M9ZK0p1g5Wmx4fcOZ7nmGv2PyfoGmTA6i4ZJAOrUY NcfZXx3dhPcbhZTO1ARTpUjgOOvgXq5eDpdwL6XjfNvvy6Pk0osgP60aIO9lt+iHK25mm6Co W3L5SLhCwwyP92D0zuVtHmrg4cjmAuiANpCTeHoraQCbFu7/2BKBUcmR0mBhPS3rBSDWst9d Q9E5X97xUQ13AnxJjXnZDW6qnOZuh8XW/JLDvY3rgqKz8L88wufQ2QJUDNFQNgnr9MtAywn0 EeTmNHkDiApt6eaIVqF/6qQhSO/P24SN2BqTTAAZRsI5Z/kuo5bs/7UZtNqEarwgtirHzj1m miOtHJn3+xVitMX3aKm+1yBmyirupXCUg8y4EPQQ36h6QR6IoWiYuRE9GTm0BqJF67BJnHpg ZTOs5L2ADwmZX1VqBGwfQ==
- Ironport-hdrordr: A9a23:RMluk66WH7dpFEv1mQPXwdWCI+orL9Y04lQ7vn2ZFiY5TiXIra qTdaogviMc6Ax/ZJjvo6H4BEDyewK6yXcT2/htAV7CZnidhILMFu1fBOTZsl7d8kHFh4tgPO JbAtND4b7LfCZHZKTBgDVQeuxIqLfnzEnrv5an854Ed3AUV0gK1XYcNu/0KDwReOALP+taKH LKjfA32wZINE5nJvhSQRI+Lpr+juyOsKijTQ8NBhYh5gXLpTS06ITiGxzd8gYCXyhJybIC93 GAtwDi/K2sv9yy1xeZjgbonthrseqk7uEGKN2Hi8ATJDmpogG0ZL55U7nHkCEprPqp4FMKls CJhxs7Jcx8517YY2nwixrw3AvL1ioo9hbZuBKlqEqmhfa8aCMxCsJHi44cWhzF63A4tNU59K 5QxWqWu7deEBuFxU3GlpL1fiAvsnDxjWspkOYVgXAaeYwCaIVJpYha2E9OCp8PEA/z9YhiOu hzC8P34upQbDqhHjvkl1gq5ObpcmU4Hx+ATERHksuJ0wJOlHQ89EcczNx3pAZ2yLsND71/o8 jUOKVhk79DCuUMa7hmOesHScyrTkTQXBPlKgupUBTaPZBCH0iIh4/84b0z6u3vUocP1oEOlJ PIV04dnXIuenjpFdaF0PRwg1HwqV2GLHbQI/xllt1EUuWWfsuuDcTDciFhryKYmYRdPiWBMM zDf66/AJfYXB/T8MhyrkvDsqJpWAojuf0uy6cGsm2107L2w63Rx5rmmaXoVfPQOAdhfF/DKV 0+exW2DPl8zymQKwrFaV7qKjzQRnA=
- List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On Wed, Mar 22, 2023 at 10:55:42AM +0100, Jan Beulich wrote:
> On 21.03.2023 15:12, Roger Pau Monné wrote:
> > On Mon, Mar 20, 2023 at 09:32:26AM +0100, Jan Beulich wrote:
> >> ... in order to also intercept Dom0 accesses through the alias ports.
> >
> > I'm trying to get some documentation about this aliasing, but so far I
> > haven't been able to find any. Do you have any references of where I
> > might be able to find it?
>
> I think several ICH datasheet documents mention this. Right now I'm
> looking at the ICH10 one (319973-003), section 13.6.1 ("I/O Register
> Address Map" under "Real Time Clock Registers").
Thanks, I had to fetch this from elsewhere as I haven't been able to
find it on the Intel documentation site, maybe it's too old?
> But such aliasing (really: lack of decoding) has been present on
> various of the low 1024 ports from the very early days of x86. So we
> may want to take care of such elsewhere as well, e.g. for the PIC
> (where aforementioned doc also explicitly mentions the aliases).
I wonder how relevant those aliases are for OSes, do we know of any OS
that uses them?
For example we don't seem to provide them to HVM guests at all, and we
seem to get away with it.
> >> Also stop intercepting accesses to the CMOS ports if we won't ourselves
> >> use the CMOS RTC.
> >
> > Could this create any concerns with the ability to disable NMIs if we
> > no longer filter accesses to the RTC?
>
> Hmm, that's a valid concern, but I'm not sure in how far we need to
> be worried about giving Dom0 this level of control. As long as we
> don't use it ourselves of course (I'm unaware of us using this
> anywhere). If we're worried, we could continue to intercept port
> 0x70 alone, just to mask off the top bit for writes.
I would be mostly worried about dom0 disabling NMI and thus causing
the Xen watchdog to trigger for example. I don't think we should
allow dom0 to disable NMIs at all.
Thanks, Roger.
|