diff mbox series

[1/7] x86: don't allow Dom0 access to port CF9

Message ID 74c9e6a8-9094-4646-d06f-cfe0a427bb37@suse.com (mailing list archive)
State New, archived
Headers show
Series x86: Dom0 I/O port access permissions | expand

Commit Message

Jan Beulich May 11, 2023, 12:05 p.m. UTC 
This allows to initiate machine reset, which we don't want to permit
Dom0 to invoke that way.

While there insert blank lines and convert the sibling PCI config space
port numbers to upper case, matching style earlier in the function.

Signed-off-by: Jan Beulich <jbeulich@suse.com>

Comments

Roger Pau Monné Oct. 25, 2023, 12:36 p.m. UTC | #1 
On Thu, May 11, 2023 at 02:05:11PM +0200, Jan Beulich wrote:
> This allows to initiate machine reset, which we don't want to permit
> Dom0 to invoke that way.
> 
> While there insert blank lines and convert the sibling PCI config space
> port numbers to upper case, matching style earlier in the function.
> 
> Signed-off-by: Jan Beulich <jbeulich@suse.com>

Acked-by: Roger Pau Monné <roger.pau@citrix.com>

Should we also do something about port 0x64?

Thanks, Roger.
Jan Beulich Oct. 25, 2023, 1:59 p.m. UTC | #2 
On 25.10.2023 14:36, Roger Pau Monné wrote:
> On Thu, May 11, 2023 at 02:05:11PM +0200, Jan Beulich wrote:
>> This allows to initiate machine reset, which we don't want to permit
>> Dom0 to invoke that way.
>>
>> While there insert blank lines and convert the sibling PCI config space
>> port numbers to upper case, matching style earlier in the function.
>>
>> Signed-off-by: Jan Beulich <jbeulich@suse.com>
> 
> Acked-by: Roger Pau Monné <roger.pau@citrix.com>

Thanks.

> Should we also do something about port 0x64?

That would be more involved, as its reset (and A20) functionality is
only a small subset of what it is used for. IOW we'd have to intercept
accesses and pass through the majority of the operations.

Jan
diff mbox series

Patch

--- a/xen/arch/x86/dom0_build.c
+++ b/xen/arch/x86/dom0_build.c
@@ -503,8 +503,13 @@  int __init dom0_setup_permissions(struct
     /* ACPI PM Timer. */
     if ( pmtmr_ioport )
         rc |= ioports_deny_access(d, pmtmr_ioport, pmtmr_ioport + 3);
-    /* PCI configuration space (NB. 0xcf8 has special treatment). */
-    rc |= ioports_deny_access(d, 0xcfc, 0xcff);
+
+    /* Reset control. */
+    rc |= ioports_deny_access(d, 0xCF9, 0xCF9);
+
+    /* PCI configuration space (NB. 0xCF8 has special treatment). */
+    rc |= ioports_deny_access(d, 0xCFC, 0xCFF);
+
 #ifdef CONFIG_HVM
     if ( is_hvm_domain(d) )
     {