Xen project Mailing List

Re: [PATCH 2/7] x86: don't allow Dom0 access to port 92

From: Roger Pau Monné <roger.pau@xxxxxxxxxx>

Date: Wed, 25 Oct 2023 14:49:44 +0200

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Rx2xwEGyJsIQoToCUDP8k777pGJN135hsODubDyMVwU=; b=O2lLwVcA5guiNS2Vl4iL+XlSLx0RrcObrU2/zYS1ptyiRkODQKCpMiCXlJXXgx8J+TwmqSKNIT2C8/6n+ZyWqRxlW2Zbk3hyVidTUFIHdun5+TndWqdMcYOENrMHkwaFIXF7KuPISG+ft26Z12xSXqTwmsjGpk6eA+EWkTMXVlRiGMzUwFfDrNE3YBIsQmK8vaMIwMqIRI5y5fd/t9mYkptMF3MqIhPw1Bd3Lx4z9NaSOJX2t9/YUqfpS/zMjJP2o1GWEYsut1Rww9a/hr5yhDAOtw4K9OutRKlJuQBFgYLy18l84ORCLa7oWP36TWcRS+rpk5SdlPm4KMcZQ3y1Jg==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=nBxCxXaMX8gn9GjyKXsET+toLXIZqcSBRYc/P2BADBjaE5aJbZE954pcfYBRW/uvMzZU0J83EWVx5mGUp7Tf+p9EbKyGt1pfmVnJZyFh41G5DdQ4oMGJ7QjrPGVxPnjowfgD4WfXYXnYEZoUBQ1IhTIhW3w3ukUCFCuhmBmUDZ8iKjk/QDuMZRc/IoAMut1YH9D4FWkzsTtqCG8ATv/YJTRV5ToGlqi+WQCXgTseX/7oCnQJTEcvhD7q8o+suxHHTOQWPDBYFGb0Dp2A6SD9VNM79tYNZAPFHyFIEKZxWuYLxzmZF8C2UkGn1SwlqJWnqynt5DXPl0hjMtzPaUktzw==

Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=citrix.com;

Cc: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>

Delivery-date: Wed, 25 Oct 2023 12:50:06 +0000

Ironport-data: A9a23:FESKwKi/tKlrZsuSgsY0lO2mX161RhEKZh0ujC45NGQN5FlHY01je htvWzvTPfqLZ2T8LowiOom18EpS7J/Ry9BrHAQ++Hs8Hi0b9cadCdqndUqhZCn6wu8v7q5Ex 55HNoSfdpBcolv0/ErF3m3J9CEkvU2wbuOhTraCYmYoHVMMpB4J0XpLg/Q+jpNjne+3CgaMv cKai8DEMRqu1iUc3lg8sspvkzsx+qyp0N8klgZmP6sS5AWDzyB94K83fsldEVOpGuG4IcbiL wrz5OnR1n/U+R4rFuSknt7TGqHdauePVeQmoiM+t5mK2nCulARrukoIHKN0hXNsoyeIh7hMJ OBl7vRcf+uL0prkw4zxWzEAe8130DYvFLXveRBTuuTLp6HKnueFL1yDwyjaMKVBktubD12i+ tQYdS80VD/SvtuHzbmKU+NM1+cHEuz0adZ3VnFIlVk1DN4AaLWaGeDmwIEd2z09wMdTAfzZe swVLyJ1awjNaAFOPVFRD48imOCvhT/0dDgwRFC9/PJrpTSMilEgluGzYbI5efTTLSlRtlyfq W/cuXzwHzkRNcCFyCrD+XWp7gPKtXqhB9pOTuTlqJaGhnXO2GoDEk0ICWedhtCklm/iWtFNM VMbr39GQa8asRbDosPGdx+yrWOAvxUcc8FNCOB84waIooLE7gDcCmUaQzppbN09qNRwVTEsz kWOnd7iGXpoqrL9YW2Z3qeZq3W1Iyd9EIMZTSoNTA9A79y9pog210jLVow6Tv/zicDpEzbtx TzMtDI5m7gYkc8M0eO84EzDhDWv4JPOS2bZ+znqY45s1SshDKbNWmBiwQGzASpoRGpBcmS8g Q==

Ironport-hdrordr: A9a23:yCidda2vdy9NLRrR8d0VFQqjBEgkLtp133Aq2lEZdPU0SKGlfg 6V/MjztCWE7Ar5PUtLpTnuAsa9qB/nm6KdgrNhWItKPjOW21dARbsKheffKlXbcBEWndQtt5 uIHZIeNDXxZ2IK8PoT4mODYqodKA/sytHWuQ/cpU0dMz2Dc8tbnmBE4p7wKDwMeOFBb6BJcq a01458iBeLX28YVci/DmltZZm4mzWa/KiWGCLvHnQcmXGzsQ8=

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On Thu, May 11, 2023 at 02:05:45PM +0200, Jan Beulich wrote: > Somewhat like port CF9 this may have a bit controlling the CPU's INIT# > signal, and it also may have a bit involved in the driving of A20M#. > Neither of these - just like CF9 - we want to allow Dom0 to drive. > > Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx> Acked-by: Roger Pau Monné <roger.pau@xxxxxxxxxx> I'm kind of concerned that such ports might be used for other stuff not described in the specifications I'm looking at, I guess we will find out. > > --- a/xen/arch/x86/dom0_build.c > +++ b/xen/arch/x86/dom0_build.c > @@ -500,6 +500,10 @@ int __init dom0_setup_permissions(struct > rc |= ioports_deny_access(d, 0x40, 0x43); > /* PIT Channel 2 / PC Speaker Control. */ > rc |= ioports_deny_access(d, 0x61, 0x61); > + > + /* INIT# and alternative A20M# control. */ > + rc |= ioports_deny_access(d, 0x92, 0x92); I do wonder whether it would make sense to create an array of [start, end] IO ports to deny access to, so that we could loop over them and code a single call to ioports_deny_access(). Maybe that's over engineering it. Thanks, Roger.

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.