[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH 6/7] x86: don't allow Dom0 (direct) access to port F0
- To: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>
- From: Jan Beulich <jbeulich@xxxxxxxx>
- Date: Thu, 11 May 2023 14:07:40 +0200
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=pPOmgpiaeBQetnN9zjEskScvUsHZmKmMjuVbnrq/H8U=; b=QNebT1VILMiZ1upECjHAstVW82bZNRgwiq/2YYYVu2apIz+AFXUc8yktsJVr9hHicne3Ruw90IEngXuQWnCzW+NFrXBVMo5qrRllmi+XSI2sded2C+HhjN3S7RkpKdUSt79/SA/EmBmISSnYUN7GXEb10SmYca01VlPMNRBNYvgQ0gNuyS30csDKtfhmuWHdeJ/XdvZn09p3BwX4r/liNlmKRwSr0MwqFv8vT8W67Sjt4QZP575ay0fooqre/sJCnadDHLoDn2vZ7+0HQVDK74G0SUu0nLCloSELv5dBEDhHVe2a/2IexvXZol3Ij+eVs7nnZosNgC4nBSSMwib2GA==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=GR2fCOrjH1EjhHyTGA87LAASim8ULatA4LHxlljV0dX7ipIPWvC0YsdEMKBNg5Gs09bk8qTdkl4jEHESRStGVNV/ZeYu8sDYv9rA+inKmq3TKuZp9ix8B13kf5GZldES8JwQLbTYzv+TWo25ujvss4Eeufaoxc64CaQbBn9QSDikw989VACNOgAVGHcmowEhmohpjf7okHGAWd1n9a90oiuo0W1Ru5iGEVs7JzbGoe6jr3LMmFYXBq9d9RulKnEI5xR/zRaxLmOWviNLVWKR2WvWW3nFwFdAjS4tjMejnnGebG/4keI6r0tBaNjz8lF4WqKqNtOmOPw2NE6agv6h0w==
- Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;
- Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>
- Delivery-date: Thu, 11 May 2023 12:17:49 +0000
- List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
This controls the driving of IGNNE# (if such emulation is enabled in
hardware), and hence would need proper handling in the hypervisor to be
safe to use by Dom0 (and fully emulating for PVH/HVM DomU-s).
Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
---
RFC: Really this disabling of access would want to be conditional upon
the functionality actually being enabled. For AMD this looks to be
uniformly HWCR[8], but for Intel this is chipset-specific.
Port F1 (and perhaps also further ones up to FF) ought to be applicable
to external coprocessors only, and hence are left alone here.
--- a/xen/arch/x86/dom0_build.c
+++ b/xen/arch/x86/dom0_build.c
@@ -515,6 +515,9 @@ int __init dom0_setup_permissions(struct
/* INIT# and alternative A20M# control. */
rc |= ioports_deny_access(d, 0x92, 0x92);
+ /* IGNNE# control. */
+ rc |= ioports_deny_access(d, 0xF0, 0xF0);
+
/* ACPI PM Timer. */
if ( pmtmr_ioport )
rc |= ioports_deny_access(d, pmtmr_ioport, pmtmr_ioport + 3);
|
