Xen project Mailing List

[PATCH 4/7] x86: detect PIC aliasing on ports other than 0x[2A][01]

To: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>

Date: Thu, 11 May 2023 14:06:46 +0200

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=rthJQS7crBKjl3ZFrOs6SFetUwu0mLQJ0JboEF0Txzg=; b=LKxZ3wFOrPdP/8LXdsJSK9EtYo9p3h03s44LSJFMXoSInx+Ts5c1pyR7eClW3+DN379bJpS5fZuxyZMZNb6GTcZwJ85Rq9P0TrB8+hlcsaWVLLBoBm0Rw2ypNqmxb3g4P3ipJDVCK8yeXNvl2OWy8aFhvCSZu8m7S6q0lCO8cKv+YxwRMpUVtKbkIlQI7Fw/r7c//7QZlEjGaR06keefI2OX+EfONJ8hzLFmt79Z0TedxSiQDi+I2rx5ccTm6KwsF3xvcEwqOCbH5WKVA8lbC7r+RnUm0iOn/BDERgROHZJKLjPD23yfmsvhb2UUQq8NPsqaNJ5I/hM6b+s8WdZNNQ==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=i5Wgd725Hb5qq7bRrYHcOI4VKkdQuVNrO+SV8QoMAL50eW87DCuI/gtADXKGo0bsTw+LFtDeAJixHJhdxmBjNN3mMPZ83McpxKmt1orn9F8TmSDZP6SuZqMIsIom+TfN9uLMtI2ernXBFv7b4jeIMdFAZwK3yYzDYA5CwmvCJ9mc2NjoiRD16Q70vUSyxvI8H8yS27/GjqKd4FncQN0upa/6FmIe3Y+kJ1h1iqbHCwC8HbTeFZ9QUh3KH2ZAVdl1bQFtSAiVX61BzYQv7rvyP6n/DSbItfsIhqjqxStjjB0SvUBsvhcqnm2uPYdSghO+n9dKey986et2h3uCn0nnSQ==

Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;

Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>

Delivery-date: Thu, 11 May 2023 12:07:03 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

... in order to also deny Dom0 access through the alias ports. Without this it is only giving the impression of denying access to both PICs. Unlike for CMOS/RTC, do detection very early, to avoid disturbing normal operation later on. Like for CMOS/RTC a fundamental assumption of the probing is that reads from the probed alias port won't have side effects in case it does not alias the respective PIC's one. Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx> --- a/xen/arch/x86/dom0_build.c +++ b/xen/arch/x86/dom0_build.c @@ -479,7 +479,7 @@ static void __init process_dom0_ioports_ int __init dom0_setup_permissions(struct domain *d) { unsigned long mfn; - unsigned int i; + unsigned int i, offs; int rc; if ( pv_shim ) @@ -492,10 +492,17 @@ int __init dom0_setup_permissions(struct /* Modify I/O port access permissions. */ - /* Master Interrupt Controller (PIC). */ - rc |= ioports_deny_access(d, 0x20, 0x21); - /* Slave Interrupt Controller (PIC). */ - rc |= ioports_deny_access(d, 0xA0, 0xA1); + for ( offs = 0, i = pic_alias_mask & -pic_alias_mask ?: 2; + offs <= pic_alias_mask; offs += i ) + { + if ( offs & ~pic_alias_mask ) + continue; + /* Master Interrupt Controller (PIC). */ + rc |= ioports_deny_access(d, 0x20 + offs, 0x21 + offs); + /* Slave Interrupt Controller (PIC). */ + rc |= ioports_deny_access(d, 0xA0 + offs, 0xA1 + offs); + } + /* Interval Timer (PIT). */ rc |= ioports_deny_access(d, 0x40, 0x43); /* PIT Channel 2 / PC Speaker Control. */ --- a/xen/arch/x86/i8259.c +++ b/xen/arch/x86/i8259.c @@ -19,6 +19,7 @@ #include <xen/delay.h> #include <asm/apic.h> #include <asm/asm_defns.h> +#include <asm/setup.h> #include <io_ports.h> #include <irq_vectors.h> @@ -332,6 +333,55 @@ void __init make_8259A_irq(unsigned int irq_to_desc(irq)->handler = &i8259A_irq_type; } +unsigned int __initdata pic_alias_mask; + +static void __init probe_pic_alias(void) +{ + unsigned int mask = 0x1e; + uint8_t val = 0; + + /* + * The only properly r/w register is OCW1. While keeping the master + * fully masked (thus also masking anything coming through the slave), + * write all possible 256 values to the slave's base port, and check + * whether the same value can then be read back through any of the + * possible alias ports. Probing just the slave of course builds on the + * assumption that aliasing is identical for master and slave. + */ + + outb(0xff, 0x21); /* Fully mask master. */ + + do { + unsigned int offs; + + outb(val, 0xa1); + + /* Try to make sure we're actually having a PIC here. */ + if ( inb(0xa1) != val ) + { + mask = 0; + break; + } + + for ( offs = mask & -mask; offs <= mask; offs <<= 1 ) + { + if ( !(mask & offs) ) + continue; + if ( inb(0xa1 + offs) != val ) + mask &= ~offs; + } + } while ( mask && (val += 0x0d) ); /* Arbitrary uneven number. */ + + outb(cached_A1, 0xa1); /* Restore slave IRQ mask. */ + outb(cached_21, 0x21); /* Restore master IRQ mask. */ + + if ( mask ) + { + dprintk(XENLOG_INFO, "PIC aliasing mask: %02x\n", mask); + pic_alias_mask = mask; + } +} + static struct irqaction __read_mostly cascade = { no_action, "cascade", NULL}; void __init init_IRQ(void) @@ -342,6 +392,8 @@ void __init init_IRQ(void) init_8259A(0); + probe_pic_alias(); + for (irq = 0; platform_legacy_irq(irq); irq++) { struct irq_desc *desc = irq_to_desc(irq); --- a/xen/arch/x86/include/asm/setup.h +++ b/xen/arch/x86/include/asm/setup.h @@ -52,6 +52,8 @@ extern uint8_t kbd_shift_flags; extern unsigned long highmem_start; #endif +extern unsigned int pic_alias_mask; + extern int8_t opt_smt; #ifdef CONFIG_SHADOW_PAGING

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.