[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v8 03/13] vpci: restrict unhandled read/write operations for guests

  • To: Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>
  • From: Roger Pau Monné <roger.pau@xxxxxxxxxx>
  • Date: Thu, 20 Jul 2023 13:32:01 +0200
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=c653+j0zoweL4IRJptdfesKu5HCIHmQiVtweC4/qRXU=; b=aB7KUcvtrTNB2CMKDxbXPhJH57e7/Nlb8Y2v5zfyj6wuQ2RmX9SOrhwP60qgGVUzbVIrYrMasFQNhWHnNiwuo9A+EFo78RN6ytSxw0opmbJHIwogHaMNeGYibr0z1Noecz5vsvOCkouRHbp/3pnSyq5O0hehkvcgqq/TDK8RjVcR9IHYNJgVePiTLHsRZf1HRTTDRSVx/XTa4Lxj8iywQlGfpBCFVrT6hpi7zyRyZAOvGnSW70n33y/Gk73tolB1pmGSfUs6/IM6Yzhy+PI/lE/x+SubjdtKq731gwrJQx82vx3cSmfI37WJTOmzniYfHd3vtGbefdfySDpp60Wlew==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=KfWF3ELt+U8XYZ760YiU2MfQ+fW9xAc3BMgas1RFXXI6wiY6heupJ/oz9oHkbklIB4JFbzVCgvtip+KBGnEwKScouaSrn69ip3jBvOvnBkY4PVA1PQcWJjLTz8qpuYOqkpLd8z+i0DailaLRFn0+pJHUyzr/BO83ILvij2BlHCip9j3FkbkQfiI9yi4I9SZHoozFJnbCSaUcBo+vC0aaURvaIo8WjFyd7G/oZ1bT2dZUqPN4wHHrXI1fJ86SlV02LAThBynzMFDr6/U9lqE82Dc82A9cXJQ6CuK//dMoi+414zzMrjbMeaXR35f5R8VxBjJjW2EJY2P72N7+225B9A==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=citrix.com;
  • Cc: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Oleksandr Andrushchenko <Oleksandr_Andrushchenko@xxxxxxxx>
  • Delivery-date: Thu, 20 Jul 2023 11:32:38 +0000
  • Ironport-data: A9a23:Tcerla9m2UkRQ8nigBW4DrUDR3+TJUtcMsCJ2f8bNWPcYEJGY0x3y TAZXDuOO/jfM2vzfdEkYYy+9U8CuseBxodiQVRt/Cw8E34SpcT7XtnIdU2Y0wF+jCHgZBk+s 5hBMImowOQcFCK0SsKFa+C5xZVE/fjUAOG6UKicYXoZqTZMEE8JkQhkl/MynrlmiN24BxLlk d7pqojUNUTNNwRcawr40Ird7ks21BjOkGlA5AdmOqoT5Aa2e0Q9V/rzG4ngdxMUfaEMdgKKb 76r5K20+Grf4yAsBruN+losWhRXKlJ6FVHmZkt+A8BOsDAbzsAB+v9T2M4nQVVWk120c+VZk 72hg3ASpTABZcUgkMxFO/VR/roX0aduoNcrKlDn2SCfItGvn9IBDJyCAWlvVbD09NqbDklfq u0gbzc8SCuPis3rmJK2aPRUh/sKeZyD0IM34hmMzBn/JNN/GNXvZvuP4tVVmjAtmspJAPDSI dIDbiZiZwjBZBsJPUoLDJU5n6GjgXyXnz9w8QrJ4/ZopTWMilUujNABM/KMEjCObd9SkUuC4 HrP4kzyAw0ANczZwj2Amp6prraWwnmrB9lIRdVU8NZ4qVLOx1UxDiY5UHCR+vq+knKnBtNAf hl8Fi0G6PJaGFaQZuf6Wxq0sXuVpCk2UtBbE/A5wAyVw6+S6AGcbkAUQzgEZNE4ucseQT0xy kTPj97vHSZosrCeVTSa7Lj8hRS2NCsOJGkOfxgtSwcf/sLjq4E+iBHIZtt7GavzhdrwcQwc2 BiPpSk6wrkW08gC0vzi+Uid2m3w4J/UUgQy+wPbGHq/6R90b5KkYIru7kXH6fFHL8CSSVzpU GU4pvVyJdsmVfml/BFhis1XdF11z55p6AHhvGM=
  • Ironport-hdrordr: A9a23:P25i3qhfsbxq4GvEq9x68IetJnBQXtQji2hC6mlwRA09TyX4ra yTdZEgviMc5wx/ZJhNo7690cu7IU80hKQV3WB5B97LNmTbUQCTXeJfBOXZsljdMhy72ulB1b pxN4hSYeeAaWSSVPyKgjWFLw==
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On Thu, Jul 20, 2023 at 12:32:31AM +0000, Volodymyr Babchuk wrote:
> From: Oleksandr Andrushchenko <oleksandr_andrushchenko@xxxxxxxx>
> 
> A guest would be able to read and write those registers which are not
> emulated and have no respective vPCI handlers, so it will be possible
> for it to access the hardware directly.
> In order to prevent a guest from reads and writes from/to the unhandled
                                                            ^ extra 'the'
> registers make sure only hardware domain can access the hardware directly
> and restrict guests from doing so.
> 
> Suggested-by: Roger Pau Monné <roger.pau@xxxxxxxxxx>
> Signed-off-by: Oleksandr Andrushchenko <oleksandr_andrushchenko@xxxxxxxx>

Reviewed-by: Roger Pau Monné <roger.pau@xxxxxxxxxx>

With the stray change below removed.

> 
> ---
> Since v6:
> - do not use is_hwdom parameter for vpci_{read|write}_hw and use
>   current->domain internally
> - update commit message
> New in v6
> ---
>  xen/drivers/vpci/vpci.c | 12 ++++++++++--
>  1 file changed, 10 insertions(+), 2 deletions(-)
> 
> diff --git a/xen/drivers/vpci/vpci.c b/xen/drivers/vpci/vpci.c
> index f22cbf2112..a6d2cf8660 100644
> --- a/xen/drivers/vpci/vpci.c
> +++ b/xen/drivers/vpci/vpci.c
> @@ -233,6 +233,10 @@ static uint32_t vpci_read_hw(pci_sbdf_t sbdf, unsigned 
> int reg,
>  {
>      uint32_t data;
>  
> +    /* Guest domains are not allowed to read real hardware. */
> +    if ( !is_hardware_domain(current->domain) )
> +        return ~(uint32_t)0;
> +
>      switch ( size )
>      {
>      case 4:
> @@ -273,9 +277,13 @@ static uint32_t vpci_read_hw(pci_sbdf_t sbdf, unsigned 
> int reg,
>      return data;
>  }
>  
> -static void vpci_write_hw(pci_sbdf_t sbdf, unsigned int reg, unsigned int 
> size,
> -                          uint32_t data)
> +static void vpci_write_hw(pci_sbdf_t sbdf, unsigned int reg,
> +                          unsigned int size, uint32_t data)

Unrelated change?

Thanks, Roger.

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.