[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH 1/7] x86: don't allow Dom0 access to port CF9

  • To: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • From: Jan Beulich <jbeulich@xxxxxxxx>
  • Date: Thu, 11 May 2023 14:05:11 +0200
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=85NF9wUGCDebSUIxy5wAPMqsl7IvRarqbL2JP+ygPsw=; b=j+0cOaR5AJb3eG1lhmEZkaEeZgLAIcFV1ppo8PGza5xmxMfMD29rSrdy1ER8Ld1DFeZGCpTYdlAWBsOlYjRvyAQkiOY/MREyy2xkWrj5d3MKlQhiCYBYTFYSvDV1O55jpXzeSAso/jFsoBt2NPjXdVyabN5YAnGK4iTnrRdvqwCdLD1dJ/7nsPt4oxyYTO9YngU18EuhIL3vVjTnAFPcWTC1U2209an7E69NMdpe6f4YZslKrCM+DtDlJ2ayErJ2KvZsYxAKWSqKBfMarEMNg/SlXowEJ5cLGXsgA1hsylJBnjFlWH3+GLgKJqFwl+xNRrdWDBg6yZSSZs7o7GmjYA==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=bwluglEoMsGa+5Na4A+t6A1cK3Y+AiZEPl820Patmrs4jup6/2ePmr1+ksOzNXMJ6PShqua9wlv1ctjKx69//JoABg/y5xozXmaDyezZfHulrDVzh6IOi52XWcFlXM8Rxu1ioW6dxPFfEvaNSWXWUrI2TgVQUmTnjuxZJ2eqUW7kgusKeWpi0Q/L3jF6IdnQ3/fdmL9IlKVffGmvQsiU6mo+LOFUc8bIZ+w3+RlMcMMY3QH60al+YK5mgrSxXaJCQ7ammbyMu9YT+ge1iLnX7K2Nc3BwuP4M959fr0E+H72vfbaMHuP+1A5gBTmaFotTs5i3HDO0ExpRV8Q+HH16pw==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;
  • Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>
  • Delivery-date: Thu, 11 May 2023 12:05:29 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
This allows to initiate machine reset, which we don't want to permit
Dom0 to invoke that way.

While there insert blank lines and convert the sibling PCI config space
port numbers to upper case, matching style earlier in the function.

Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>

--- a/xen/arch/x86/dom0_build.c
+++ b/xen/arch/x86/dom0_build.c
@@ -503,8 +503,13 @@ int __init dom0_setup_permissions(struct
     /* ACPI PM Timer. */
     if ( pmtmr_ioport )
         rc |= ioports_deny_access(d, pmtmr_ioport, pmtmr_ioport + 3);
-    /* PCI configuration space (NB. 0xcf8 has special treatment). */
-    rc |= ioports_deny_access(d, 0xcfc, 0xcff);
+
+    /* Reset control. */
+    rc |= ioports_deny_access(d, 0xCF9, 0xCF9);
+
+    /* PCI configuration space (NB. 0xCF8 has special treatment). */
+    rc |= ioports_deny_access(d, 0xCFC, 0xCFF);
+
 #ifdef CONFIG_HVM
     if ( is_hvm_domain(d) )
     {

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.