[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH 7/7] x86: don't allow Dom0 access to ELCR ports
- To: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>
- From: Jan Beulich <jbeulich@xxxxxxxx>
- Date: Thu, 11 May 2023 14:08:09 +0200
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=G+zqZGPqfnT5MVrIi37WQFaIf6fuLMsYpLckidDxeS8=; b=j8PqPPaOhWr9n9lovQd0CVjd0QwrMmCRNxnOLj7+qF//i8k7Lj/923RH+TuGwzWNOHRcnHSDyAqr3N23gv1F9h5eoyE23VhESUvQMoCorGZv3HPzjI6O6dY558MvmJruEWC1v64IEyRcI3IQqa89EE7hikq0dwqAWKR6JW07yDktb3o3JIjMp7Dz0gcNhE0INtRJDwEdApiaxAuRfHxSuKJTLZs3E74THuK4qA3vE7UT1Q20t2fQmb/bk0D4I0goo+shSDkQSaItFwwLursLwDhxWvo7jEPGVjRByaJbZL6+Gv3t8hPDQlJHnICBcNXhirkf5nd3KHAQrnZXOubN8w==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=GRsdVBXLWggBdeJz9wDXs/c0bpNMEwVxqf8eD7b4kYCdKfyYjJWtNgah0v7RcR+bMpp0KdpJch5HhN2wEUtIxbfbdy1WoObqG2oCiPbCijkScVfqdjRrFUbtIcKYlNb0UeMulNIr7GGwP/omCd7VuhkSBbCqx0dWX3YdJStlIIJntzS/sp2GEtbXX0AUMaCcHqyhazEYU+BQ7rtBoKLjxwNyQV1iyoTzo/Jp4VUw/Lp1dNF/sVQNW4T4Trsa0EdA10DGCAFpF77VTwosQeNAKmGDuoU6K1mPkHlvWNeIQuU/SCr/YSuUwkZlg7vRtHQyKnqmwDayj4XPPbgXNnM96g==
- Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;
- Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>
- Delivery-date: Thu, 11 May 2023 12:08:16 +0000
- List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
Much like the other PIC ports, Dom0 has no business touching these. Even
our own uses are somewhat questionable, as the corresponding IO-APIC
code in Linux is enclosed in a CONFIG_EISA conditional; I don't think
there are any x86-64 EISA systems.
Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
---
RFC: For Linux'es (matching our) construct_default_ioirq_mptable() we
may need to permit read access at least for PVH, if such default
table construction is assumed to be sensible there in the first
place (we assume ACPI and no PIC for PVH Dom0, after all).
RFC: Linux further has ACPI boot code accessing ELCR
(acpi_pic_sci_set_trigger() and acpi_register_gsi_pic()), which we
have no equivalent of.
Taken together, perhaps the hiding needs to be limited to PVH Dom0?
--- a/xen/arch/x86/dom0_build.c
+++ b/xen/arch/x86/dom0_build.c
@@ -503,6 +503,9 @@ int __init dom0_setup_permissions(struct
rc |= ioports_deny_access(d, 0xA0 + offs, 0xA1 + offs);
}
+ /* ELCR of both PICs. */
+ rc |= ioports_deny_access(d, 0x4D0, 0x4D1);
+
/* Interval Timer (PIT). */
for ( offs = 0, i = pit_alias_mask & -pit_alias_mask ?: 4;
offs <= pit_alias_mask; offs += i )
|