From patchwork Mon Jul 24 15:37:41 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Roger_Pau_Monn=C3=A9?= X-Patchwork-Id: 13324915 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 3DEBDC0015E for ; Mon, 24 Jul 2023 15:38:50 +0000 (UTC) Received: from list by lists.xenproject.org with outflank-mailman.569027.889332 (Exim 4.92) (envelope-from ) id 1qNxdd-0003Ak-Nu; Mon, 24 Jul 2023 15:38:21 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 569027.889332; Mon, 24 Jul 2023 15:38:21 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1qNxdd-0003Ad-LB; Mon, 24 Jul 2023 15:38:21 +0000 Received: by outflank-mailman (input) for mailman id 569027; Mon, 24 Jul 2023 15:38:20 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1qNxdb-0003AW-SN for xen-devel@lists.xenproject.org; Mon, 24 Jul 2023 15:38:20 +0000 Received: from esa1.hc3370-68.iphmx.com (esa1.hc3370-68.iphmx.com [216.71.145.142]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id 10fdc474-2a38-11ee-8612-37d641c3527e; Mon, 24 Jul 2023 17:38:00 +0200 (CEST) Received: from mail-dm6nam11lp2170.outbound.protection.outlook.com (HELO NAM11-DM6-obe.outbound.protection.outlook.com) ([104.47.57.170]) by ob1.hc3370-68.iphmx.com with ESMTP/TLS/ECDHE-RSA-AES128-GCM-SHA256; 24 Jul 2023 11:37:54 -0400 Received: from SJ0PR03MB6423.namprd03.prod.outlook.com (2603:10b6:a03:38d::21) by MN2PR03MB5101.namprd03.prod.outlook.com (2603:10b6:208:1b0::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6609.32; Mon, 24 Jul 2023 15:37:52 +0000 Received: from SJ0PR03MB6423.namprd03.prod.outlook.com ([fe80::2e0e:5665:96a7:5767]) by SJ0PR03MB6423.namprd03.prod.outlook.com ([fe80::2e0e:5665:96a7:5767%3]) with mapi id 15.20.6609.031; Mon, 24 Jul 2023 15:37:52 +0000 X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 10fdc474-2a38-11ee-8612-37d641c3527e DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=citrix.com; s=securemail; t=1690213094; h=from:to:cc:subject:date:message-id: content-transfer-encoding:mime-version; bh=IYK+bOifPjEvm/34iNsybaMiYRDTv416x4CCd1LbYpE=; b=R0ri9T6qhouYHf1hf8gIRPn/d4GQsj9NMPpJ4rnvsF8baPwHCcP3D8ZV sUKJ6YbGUdL32G2hG9V8FUcO5MODwP3V1wx+65b7N68OwcZ8nKwwNenuR 9O91jD8JyKO89+AJjfCMIx25902/UBDu7dl1yQJyNX4BYgYbZLjMC5WQm k=; X-IronPort-RemoteIP: 104.47.57.170 X-IronPort-MID: 117679537 X-IronPort-Reputation: None X-IronPort-Listener: OutboundMail X-IronPort-SenderGroup: RELAY_O365 X-IronPort-MailFlowPolicy: $RELAYED IronPort-Data: A9a23:czyk8KsgB0VwVE3fQKwZrugVt+fnVJJfMUV32f8akzHdYApBsoF/q tZmKT2HO6nfZGr2Kt51Pt60oxgD756EydcwGwplqy1gQytB+JbJXdiXEBz9bniYRiHhoOCLz O1FM4Wdc5pkJpP4jk3wWlQ0hSAkjclkfpKlVKiffHg3HVQ+IMsYoUoLs/YjhYJ1isSODQqIu Nfjy+XSI1bg0DNvWo4uw/vrRChH4rKq4Vv0gnRkPaoQ5ACEzCFOZH4iDfrZw0XQE9E88tGSH 44v/JnhlkvF8hEkDM+Sk7qTWiXmlZaLYGBiIlIPM0STqkAqSh4ai87XB9JFAatjsB2bnsgZ9 Tl4ncfYpTHFnEH7sL91vxFwS0mSNEDdkVPNCSDXXce7lyUqf5ZwqhnH4Y5f0YAwo45K7W9yG fMwJwwgPjPZrt+Mnqu0FPh1nt4mLYq7BdZK0p1g5Wmx4fcOZ7nmGvyPyfoGmTA6i4ZJAOrUY NcfZXx3dhPcbhZTO1ARTpUjgOOvgXq5eDpdwL6XjfNvvy6Pk0osj/60b4K9lt+iHK25mm6Co W3L5SLhCwwyP92D0zuVtHmrg4cjmAuiAd1MS+zlraECbFu74XUcMxJOdnSAjd68gBGvdvFRF U4o0397xUQ13AnxJjXnZDWorXjBshMCVt54F+wh9BrL2qfS+xyeBGUPUnhGctNOnM08SCEu1 1SJt8j0HjEpu7qQIVqC8p+EoDX0PjIaRUcOfTQBTBcFy9D7rZsvkwnUSdJ+DK+yiMazEjb1q w1mtwA7jrQXyMIOiaOy+Amehyr2/8eRCAko+g/QQ2SpqBtjY5KobJCp7l6d6utcKIGeTR+Ku 31sd9Wi0d3ixKqlzESlKNjh1pn0jxpZGFUwWWJSIqQ= IronPort-HdrOrdr: A9a23:iEf1RqpId5uLIsj9aOXOCwsaV5tALNV00zEX/kB9WHVpm5Oj+v xGzc5w6farsl0ssREb9uxo9pPwI080kqQFmbX5XI3SJTUO3VHFEGgM1/qH/9SNIU3DH41mpN pdmspFebrN5DFB5K6VgTVQe+xQuuVvm5rY4Ns2oU0dLj2DPMpbnnxE40ugYzpLrE4sP+tJKL Osou584xawc3Ueacq2QlEDQuj4vtXO0L72fBIcABYjyQ+WyRel8qTzHRS01goXF2on+8ZozU H11yjCoomzufCyzRHRk0fV8pRtgdPkjvdTGcCWjcARCzP0ziKlfp5oVbGutC085Muv9FEput /RpApIBbU611rhOkWO5Tf90Qjp1zgjr1fk1F+jmHPm5ej0XigzBcZtjZ9QNkKx0TtogPhMlI Zwm06JvZteCh3N2Az7+tjzThlv0m65u2Arn+I/h2FWFaEedLhSh4oC+149KuZ3IAvKrKQcVM V+BsDV4/hbNXuccnDip2FqhOehW3widy32MHQqi4iw6Xx7jXp5x0wXyIg0hXEb7q8wTJFC+q DtLrlovKsmdL5YUYtNQMM6BeenAG3ERhzBdEiIJ078Ka0BM3XR77bq/bQO4v2wcpBg9up/pH 34aiIYiYcOQTOvNSXXt6c7sSwlAV/NEAgF8/suqaSQ4dbHNfjW2S7qciFcryLvmYRbPiThYY fMBHtnOY6eEYLQI/c34+SHYeg1FZA/arxhhj9pYSP7nuv7bqvXi8f8TNH/YJLQLBdMYBKOPp JEZkm4GPl9 X-Talos-CUID: 9a23:IZTYQmg/Ku3fhXFKpayWVETQQzJufUHwnFSKCnKCV39mFqyMUUWV+eA0qp87 X-Talos-MUID: 9a23:zi/36AjtEHTjUnSVClfP3MMpE95n2Kv2K282vbIDsZaVGA9+BTWhpWHi X-IronPort-AV: E=Sophos;i="6.01,228,1684814400"; d="scan'208";a="117679537" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=FZVss69ow/aL+z5clJzrIieha+cLJPQMBqVa44hrhstV1GAfiKBR9PuzchxmU3YX/ms6YgwQ+UgIvmZyvJV4bLO4c4CTxuASeAUA/ot7/9z+h4XAZO+PUeREfjkXP1b7OcYS1iJ6WuoNMSJUvsVB82iaLR2C1PxFDcCCjAIvEpCQr5gvN0xbTunKnHdte67RLiOFqwSmak9qkrUeAaF6H1VzMrwYJTy1A61aepMJYyYktcu2artlB64l4WC/aTUJBNdk8dTi/j8VoWbZeaV+wGkXc2Ewj16j1NsN14Dnmyg261meakJWzdQy1dWgQSSM6obvzWV7CczjV3EHqTUUig== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=dG3oPCszXfwQasS/uN0MSJM+luIJvXbEbNU+alUDoOY=; b=RCTPAF8/OE7JkwGJ7BJWY9AfZw6w5HyzHQQ7y5GHb387EzyBGk/RLWfxIXikizO+ElBX89Ci3lnhoW6ojWx1jAW/sljzmbVETIbTt6vf8jzrmOcPX1c0uup+cyQ9PlQz7wq3s4kM+90dcx5rBBH3SW8HrwP1NmGEcVwh6iNKR4VboRjtJGQj2q8DDOJOcPPExC/23khIo6LzCHgXyi6/oVAwjPxCtji09Ks8XPecy2Cuu2TwRJxrlp2tNO+SzVnOhRO34r8NlhFw3OXS+f84uylKVSQZkTJcVTMKRllpLEwVjSajUTzmMnvpHlUTDN+Kk4a5AT/hEbO9RKhJzLFgVQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=citrix.onmicrosoft.com; s=selector2-citrix-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=dG3oPCszXfwQasS/uN0MSJM+luIJvXbEbNU+alUDoOY=; b=VweBWWY4Au+RmN1S5ZGW9xU9/yCW10u3OVREq8p0y5TCKu6xQMnFJ+LSq7sczwSbqs2jx0JCVzZhp6SeTw5lUuvhFICspgWGGGocDQXt+opF8hW6eyhP/UNYUbFtHOScOdSnek2I+RV1ma3kAsUaamHOKU3ZVcviRrmxmr0FPOA= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=citrix.com; From: Roger Pau Monne To: xen-devel@lists.xenproject.org Cc: Roger Pau Monne , Jan Beulich , Andrew Cooper , Wei Liu , "Daniel P. Smith" Subject: [PATCH] vpci: add permission checks to map_range() Date: Mon, 24 Jul 2023 17:37:41 +0200 Message-ID: <20230724153741.42374-1-roger.pau@citrix.com> X-Mailer: git-send-email 2.41.0 X-ClientProxiedBy: LO6P123CA0007.GBRP123.PROD.OUTLOOK.COM (2603:10a6:600:338::9) To SJ0PR03MB6423.namprd03.prod.outlook.com (2603:10b6:a03:38d::21) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SJ0PR03MB6423:EE_|MN2PR03MB5101:EE_ X-MS-Office365-Filtering-Correlation-Id: a991604c-aa42-4255-477d-08db8c5bf140 X-LD-Processed: 335836de-42ef-43a2-b145-348c2ee9ca5b,ExtAddr,ExtFwd X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: GVXWvrfrppU1+TWvprvAQM5Thz9spqlUsQL2AdlQY++VkNoEIUoLfCmTdS30WpYFhTyHyxI0bklWn//HgdN2AE9ARAe652v1ZQlmeiVzuNVqhwLg58B3saRYIPRJ7TbDftPbKrLj1qKd+6gVASm1YTvg215RUgxzI9bnPpUONt0ADhqMDxHSQU25rWHZtC3GVe3kpWOBQNcFMKHh08mO6/2wWtdLG+AT8Z3ON/xHXyVVE6tlR9Dxx/qgWa1IRW8jOz4EnhTP8058uKFLTu9TdHTLOS1h0ElK4YH7dX/k6AYP/DGplS6bLDSJXUIRexv7yEUj9BJ4XvDBXD1QOY1pBtfTaE46MC8EmVYs1NoVK34SiS5jOMiQ8QsJ1GOf4KIbRbDvU0AjLePf0NqXuXbAFTZm803rfpIDQW+XfHxPHZDPTfeJ8jEqsMEjpYRG2xWJtIZpyqSJgzYXtdBamAIgFN3BcTtJCdUTEDDQoKKnwTJhzPN3OCY1cMnkmCzQUEJW1knPmre0w5lx/RzcJR3tregpNzhV1RN3NZPxDFAqKGo= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SJ0PR03MB6423.namprd03.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230028)(4636009)(366004)(136003)(396003)(346002)(376002)(39860400002)(451199021)(1076003)(26005)(186003)(6506007)(5660300002)(36756003)(8936002)(8676002)(2906002)(2616005)(82960400001)(86362001)(38100700002)(83380400001)(6916009)(66946007)(66556008)(66476007)(4326008)(316002)(54906003)(6486002)(6512007)(6666004)(478600001)(41300700001);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?q?5D0cQEGae7TBqqZ9+GTjZzkysI0n?= =?utf-8?q?arpJ51n9JpOcSeRjD2us7rcQVOwrg/X3w77xXpantuCp6XPsh82/1F2Ui0IVkQE54?= =?utf-8?q?ixw9eW+xiDOHb6ofBs7L6I806pvu7FJim2Ns1xyU6FUFXMMZHVAzaWiFMJ9MHfout?= =?utf-8?q?8ZLaoBe/Aa6Z9KWLHNVUxcZZN+llQLjJVK0U7dVUp0vnrLdXG6f8ODB5JHEtBCeie?= =?utf-8?q?gQnfshO38eyCQ0xi7R1R/mKDdJLuHI7nAyGrvDJ4uaEp705M7uIYw454FClJxJdgY?= =?utf-8?q?VyWVd1Px+hF1RWtgNHFwpkAgiUYEm/Wj+JBhVVaYLRE7P2nt2QJ6YG3rrlJd06pEF?= =?utf-8?q?TezBsDQW4kwKXwcf6n4OE+o32lwFOxWbVpJnqdrR9/pdRqp5HCRQqNBsNT5lzdo8G?= =?utf-8?q?w+Ri5fdKvozzUht7k2dMj2MMMcl/llY6ihJ72BEEBRL/T+2prt9p3xA81rCEqnpvW?= =?utf-8?q?lA3eLGjWJb+2uMjxFl8XsFQhBXrH1dueXNzCGcXFYpO9ncc1FXKY9nRgifQ9wjuth?= =?utf-8?q?tMdwgVFE3erdQ+pAaQ4ghbKjFG5XfQtRu6bb2Tp2IIGGe8wtvsIlt+nY4fhIdJKzV?= =?utf-8?q?JQ+CvBttWV1jH9tBBD8CDtbnbLT+6DXDSqAGsHHhq3+55XdqgqC8ob4E6wingbzkh?= =?utf-8?q?tJuVwW+atyAiZ+RdNIVSbtQLopU0484Xm/ticiaW4kicgQT/0QAJkyKVVkoJC8cs8?= =?utf-8?q?xLe/KnGTVgVrd+9pd2ObGWowhTzV3M6Aq03ozmrvqtmuu41J3HVIYx3CJiDFrNlfm?= =?utf-8?q?hvKx1MMxQCs8D5Zz/xPbvAlM5HnkHCSGtLTVW9Dh4s5g1S2slj2z+IMcRLi3/YLkR?= =?utf-8?q?LydP/9+wWVXUtqEESDNEUS/goJNpI6UnoSLJPcFfKEQXQ9lzui+OWNQiByV5dTxFP?= =?utf-8?q?yqc7CME7Ag6rLpALEjEWyfPGyqi9hCrBvdvznGJNxsPKEzN1Tx2FJ8O81PpzQU52i?= =?utf-8?q?nDlebaT7PnuCgVsKoSLN9Pbc4Wzkopn02MPOjQg4lIx7gtr3d+KBnuleD03ECJH1r?= =?utf-8?q?n+FuqXU7PIzMzAQVSuc+no77jMjW3opodCOdtCHAmxDncEtdomHBnhTc+F0Mwkoyq?= =?utf-8?q?DFqUrl5oiJ4Vp8vw62iIutDS2zx61aRnUkLWfTH/JxR7qBGeg1ZdqOotckdj3L9kG?= =?utf-8?q?4zHm5Hq4NWNKvgRZYmSs4WH21LeU+dblizU4NEDnUN4QluJqObJFzIuPuXffCof4Y?= =?utf-8?q?SPGJQaCOt6Dyy0R42LYBQTtqmcrbroueMW6NzE58bt0v3hRHNEFhqh8N2kfvBS4NU?= =?utf-8?q?IDrH/k/PwKuZIovqkb7jyS6Cybc/ZaNUBLItYG4oc8IQviiQJud88gI9v6KEtpd8t?= =?utf-8?q?vuTMOlzsfU2Q7nUVND6Tvp6dnhSuaaKAcFrJPSHaLmfauQToJTDm3Xb/yeucWyuR7?= =?utf-8?q?FiAGNrP8IOiMTxlcBrCPXG7zpjlu+lo0gV3nvg36DJpkfQSqBjKWTAaukR35WiYke?= =?utf-8?q?WfbuYK7INzH41BN9YUPBhI75KCA5Izy2YLtcW+37zETw6BSQI1lfvJyz7AVnVh1Yy?= =?utf-8?q?t8iP+HiPiAOYJy8WqsgVXRzXPyGsMuOxAQ=3D=3D?= X-MS-Exchange-AntiSpam-ExternalHop-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-ExternalHop-MessageData-0: hbMe5nSKGY4mxIo7/FU2Gn68OPq0y3U9P19Yv/XcGtXHsiqGQX9IKTSSNOpx/8JuTUNf1c1JKhj2fihRGvtddkz4BLCxfmHMeqsSf8+dox/B7uhRAa8am17two+k4dOdhUT35kM6ULqLBj/X+hPkQCru6m24BvlR+xWhxOuFFc+HbZ8RSqWeAG8UAw+WKK2VQm4uEiAcIbGbiWEgpWaBy8g1wqnzfQOOOAmXS5DkSBlzzC5iLWD1BZJv2ZLr7eQ5otwyLym251YT7iwHXNJJOwkIcaynxAKRDfzi+5Fg4vwgek8R+5KuDUOkTnqm4Z8DmMM5t31Yirt1rFdpIkoJvPOaAvXhFqI+V+jsJyIkhJkqCvNNuvSqjO8CV1CJffyTTAlJJ1o+zTQyomKf6vjmbmjPe3+MH/eVwdDziZcNy+lUXyz4OTEUzU1mq0oOWhyEoTEDVWOshzevZNsDBBfkex2I71eX6c6knwF4wXcIVdQPX/T+9PArc4VXaKjHya8y3xeQw7meEArVsB2Yzq2MPRUssAyaw3pt4AnkXiMmmVsXTel3+j3R8Ut+t0gmPRxol9mDlnt8SiuXj36AZJRST7t+TLorE5COYeJ/XsNZrOsugdKHUfgIgORp6Pd3qO4GfKp3oi2pfKWhyBIWYXi80gxbMZpArg12XZCcD7IDdm983UUe+Ro8sf0oPJoMuHZlwW4aDvNv6e5XsTqP30oXWA8eEoNf+M/GuEdlrhe+2qpQYS1A+kGcN5JnSIqOTNxJb0IPXYEO8bUAe+KDhcplh2lVyN45/LDbICoHBhcFwNW2c8V5/r0kwoM3iwCUHqf0nf9oWZlw8fxAZjml4eSoX7JQpLFGS/7Qxw9pA2FxgRxTAqe3GBhodQfyTAgK4t0x X-OriginatorOrg: citrix.com X-MS-Exchange-CrossTenant-Network-Message-Id: a991604c-aa42-4255-477d-08db8c5bf140 X-MS-Exchange-CrossTenant-AuthSource: SJ0PR03MB6423.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 24 Jul 2023 15:37:52.3388 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 335836de-42ef-43a2-b145-348c2ee9ca5b X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: o5dQ8uvXL2AnALN/hXQZp5+/qEHpQgYi1uJ9nh1NDyTyrxLOodtA+Vtd7YtwhpklTQGNWJQteNK81xhjt+lLhg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR03MB5101 Just like it's done for the XEN_DOMCTL_memory_mapping hypercall, add the permissions checks to vPCI map_range(), which is used to map the BARs into the domain p2m. Adding those checks requires that for x86 PVH hardware domain builder the permissions are set before initializing the IOMMU, or else attempts to initialize vPCI done as part of IOMMU device setup will fail due to missing permissions to create the BAR mappings. Fixes: 9c244fdef7e7 ('vpci: add header handlers') Signed-off-by: Roger Pau Monné --- I'm unsure whether on ARM MMIO permissions are properly set for the hardware domain, but I don't have a system to test with. --- xen/arch/x86/hvm/dom0_build.c | 21 ++++++++++++++------- xen/drivers/vpci/header.c | 18 ++++++++++++++++++ 2 files changed, 32 insertions(+), 7 deletions(-) diff --git a/xen/arch/x86/hvm/dom0_build.c b/xen/arch/x86/hvm/dom0_build.c index fd2cbf68bc62..c0ca57e05e98 100644 --- a/xen/arch/x86/hvm/dom0_build.c +++ b/xen/arch/x86/hvm/dom0_build.c @@ -715,13 +715,6 @@ static int __init pvh_setup_cpus(struct domain *d, paddr_t entry, return rc; } - rc = dom0_setup_permissions(d); - if ( rc ) - { - panic("Unable to setup Dom0 permissions: %d\n", rc); - return rc; - } - update_domain_wallclock_time(d); v->is_initialised = 1; @@ -1184,6 +1177,20 @@ int __init dom0_construct_pvh(struct domain *d, const module_t *image, printk(XENLOG_INFO "*** Building a PVH Dom%d ***\n", d->domain_id); + if ( is_hardware_domain(d) ) + { + /* + * Setup permissions early so that calls to add MMIO regions to the + * p2m as part of vPCI setup don't fail due to permission checks. + */ + rc = dom0_setup_permissions(d); + if ( rc ) + { + printk("%pd unable to setup permissions: %d\n", d, rc); + return rc; + } + } + /* * NB: MMCFG initialization needs to be performed before iommu * initialization so the iommu code can fetch the MMCFG regions used by the diff --git a/xen/drivers/vpci/header.c b/xen/drivers/vpci/header.c index b41556d00746..12ae37deac83 100644 --- a/xen/drivers/vpci/header.c +++ b/xen/drivers/vpci/header.c @@ -17,10 +17,13 @@ * License along with this program; If not, see . */ +#include #include #include #include +#include + #include #include @@ -43,6 +46,21 @@ static int cf_check map_range( { unsigned long size = e - s + 1; + if ( !iomem_access_permitted(map->d, s, e) ) + { + gprintk(XENLOG_WARNING, + "%pd denied access to MMIO range [%#lx, %#lx]\n", s, e); + return -EPERM; + } + + rc = xsm_iomem_mapping(XSM_HOOK, map->d, s, e, map->map); + if ( rc ) + { + gprintk(XENLOG_WARNING, + "%pd XSM denied access to MMIO range [%#lx, %#lx]\n", s, e); + return rc; + } + /* * ARM TODOs: * - On ARM whether the memory is prefetchable or not should be passed