From patchwork Thu May 11 12:05:11 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Jan Beulich X-Patchwork-Id: 13237830 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 318B8C7EE22 for ; Thu, 11 May 2023 12:05:38 +0000 (UTC) Received: from list by lists.xenproject.org with outflank-mailman.533313.829851 (Exim 4.92) (envelope-from ) id 1px52s-0007l4-CW; Thu, 11 May 2023 12:05:18 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 533313.829851; Thu, 11 May 2023 12:05:18 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1px52s-0007kx-9f; Thu, 11 May 2023 12:05:18 +0000 Received: by outflank-mailman (input) for mailman id 533313; Thu, 11 May 2023 12:05:17 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1px52r-0007kb-7u for xen-devel@lists.xenproject.org; Thu, 11 May 2023 12:05:17 +0000 Received: from EUR04-DB3-obe.outbound.protection.outlook.com (mail-db3eur04on0611.outbound.protection.outlook.com [2a01:111:f400:fe0c::611]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id 172baf42-eff4-11ed-b229-6b7b168915f2; Thu, 11 May 2023 14:05:16 +0200 (CEST) Received: from VE1PR04MB6560.eurprd04.prod.outlook.com (2603:10a6:803:122::25) by VI1PR04MB7072.eurprd04.prod.outlook.com (2603:10a6:800:12c::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6363.33; Thu, 11 May 2023 12:05:14 +0000 Received: from VE1PR04MB6560.eurprd04.prod.outlook.com ([fe80::8e41:82b6:a27f:2e0c]) by VE1PR04MB6560.eurprd04.prod.outlook.com ([fe80::8e41:82b6:a27f:2e0c%4]) with mapi id 15.20.6363.033; Thu, 11 May 2023 12:05:14 +0000 X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 172baf42-eff4-11ed-b229-6b7b168915f2 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=bwluglEoMsGa+5Na4A+t6A1cK3Y+AiZEPl820Patmrs4jup6/2ePmr1+ksOzNXMJ6PShqua9wlv1ctjKx69//JoABg/y5xozXmaDyezZfHulrDVzh6IOi52XWcFlXM8Rxu1ioW6dxPFfEvaNSWXWUrI2TgVQUmTnjuxZJ2eqUW7kgusKeWpi0Q/L3jF6IdnQ3/fdmL9IlKVffGmvQsiU6mo+LOFUc8bIZ+w3+RlMcMMY3QH60al+YK5mgrSxXaJCQ7ammbyMu9YT+ge1iLnX7K2Nc3BwuP4M959fr0E+H72vfbaMHuP+1A5gBTmaFotTs5i3HDO0ExpRV8Q+HH16pw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=85NF9wUGCDebSUIxy5wAPMqsl7IvRarqbL2JP+ygPsw=; b=j+0cOaR5AJb3eG1lhmEZkaEeZgLAIcFV1ppo8PGza5xmxMfMD29rSrdy1ER8Ld1DFeZGCpTYdlAWBsOlYjRvyAQkiOY/MREyy2xkWrj5d3MKlQhiCYBYTFYSvDV1O55jpXzeSAso/jFsoBt2NPjXdVyabN5YAnGK4iTnrRdvqwCdLD1dJ/7nsPt4oxyYTO9YngU18EuhIL3vVjTnAFPcWTC1U2209an7E69NMdpe6f4YZslKrCM+DtDlJ2ayErJ2KvZsYxAKWSqKBfMarEMNg/SlXowEJ5cLGXsgA1hsylJBnjFlWH3+GLgKJqFwl+xNRrdWDBg6yZSSZs7o7GmjYA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=85NF9wUGCDebSUIxy5wAPMqsl7IvRarqbL2JP+ygPsw=; b=fQxm5XDa0eDeggqUKV1E5Yt+gM4kS+D0F5F5b+sho++pK5GGn0Ocq8A/3Y4nGE+f8TJAsTXWv8HO3tFXquft8mZKjsJkwe+qZCnqH3AtibgkBajAaO8QEqmbkRs8aavB8E61nUVPBBl/TINaUA/7UHiWVl5rQABerspwcjS4s6iv7gI40tw0tf1G37O4DG//AJSrTbxTAs+YNKOZPUosoYDNLQsZbhB2PbmOdwGlGNcRu9qEjmoNt0rvIUgiHJZxvsJD8izoJ5YGeS7W1WFiyt8oBRZZbAueLl0o9C5H4NcJrywkX6jI3UKcr0iGuUo1zhDsYyaJjnweI12rl8mPBg== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com; Message-ID: <74c9e6a8-9094-4646-d06f-cfe0a427bb37@suse.com> Date: Thu, 11 May 2023 14:05:11 +0200 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.10.1 Subject: [PATCH 1/7] x86: don't allow Dom0 access to port CF9 Content-Language: en-US From: Jan Beulich To: "xen-devel@lists.xenproject.org" Cc: Andrew Cooper , Wei Liu , =?utf-8?q?Roger_Pau_Monn=C3=A9?= References: <95129c04-f37c-9e26-e65d-786a1db2f003@suse.com> In-Reply-To: <95129c04-f37c-9e26-e65d-786a1db2f003@suse.com> X-ClientProxiedBy: FR3P281CA0025.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:1c::23) To VE1PR04MB6560.eurprd04.prod.outlook.com (2603:10a6:803:122::25) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: VE1PR04MB6560:EE_|VI1PR04MB7072:EE_ X-MS-Office365-Filtering-Correlation-Id: f45392f6-06ff-48dd-91b6-08db5217fa5c X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: c49y1dds/UoVd/uTNEFmBLQ3oJz3rTX/ncFYN8Gl0Vxp9/gFlVVMjb34GVj02qh1ffhaFtwgGCK/0TcyoSiPl6jAzEPqWvScr7FRyVCRVCFXjHfrNG21Bw8Lhb2AnvbcHFnvTlEPqnIqTJxLpKmXCnDAXp+l0eLkOB1slj18S0l82ueaxP/zLWpM1PwOzYOr5eg9hJzwXbczTdzh1ENsABEvjoN4e9As4afw1G4oiA6N+Z/n6H4jTjHwhZPDA9xjzQ8b/PF9NF96wPlI5ueYLJWC/ifFLfliWKL4P9ZDiVpHChIWOcXnGIrpuwhyIe7UbajL97GTPPOkoSdNds0WIAb9cRuqknylSLIfE8ojxApptGb+Mzvqq0O14A+aRGzZLbEOVo7CKIVbc3L0o1XQ/y86l0lbgqQuTXfmW8aJwXVxZPldr3ZZBydvk6jter7UwOrgueTutF5wiHgAo1FgOkDC+kx1kCJj9eqqKphfnnvQsRMY12/zRONOJ/sLSolXuzFzR1tbGDAGnBfVG8QbfUT+S5R6dC1xJ02dLDZeLRxJbBoz9rJu26FqAYYqJccr18AvNmJ29JPZf1sT8F/znjdOYYhKSR1s3igq4LVxezLkWc3O1drs1yyxEsw9SqRwsrZhiT9Nfqr9eaMYkIo44w== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:VE1PR04MB6560.eurprd04.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230028)(376002)(366004)(39860400002)(136003)(396003)(346002)(451199021)(31686004)(36756003)(2906002)(41300700001)(86362001)(38100700002)(8676002)(31696002)(5660300002)(4744005)(8936002)(4326008)(316002)(83380400001)(478600001)(66946007)(6506007)(6916009)(186003)(6486002)(6666004)(66476007)(66556008)(26005)(54906003)(6512007)(2616005)(43740500002)(45980500001);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?q?1KH/sW2ms0O8AgbeBaY7RMzuY/Z9?= =?utf-8?q?WmFr/PcTmk+EzH2Fj1KOgtFRAW/UiV3c0SZMOKCyooWTEUdKlDRBd2otPoAd9yQ5x?= =?utf-8?q?0XlViy3ZwU3URjT5NQhAtvCa3gIaooem6n7ZrX3IChSdUidMZfFkU7uapURqt3Kz7?= =?utf-8?q?OVa37G5qj4yPfUBLH+aOmnJueeOK1o5PMMn8wSazcbTwLBbwT6Z4iNjYh8GdoDNco?= =?utf-8?q?HnQ/+tVzPbcyxE9DoLxMgCwzB819oIrpAS1npvH1bazcO1ls3mQ+vSrXRL+s4qoSM?= =?utf-8?q?WT33Iqz51uQs3h7kX589E+mzayMPEnKYPSWl02HXoZxgYTmmu8uflzfiFt18ESRUU?= =?utf-8?q?AvnVfeTGLLyV9KC8XRlH65R/5zBWW21Acz4rTJmnFwn+qQz2WMkbdspfvg+B7hNJn?= =?utf-8?q?yQ9dsoLKa3jDrmZ/xW6pH2dkrTM93Cgr0F3AWyY7jIQsGhsi+0z4Wehpx/0LpILgW?= =?utf-8?q?KB3/E6OSQ6tmR9qGwcqe2hu5gS7qsWl6DYJUgGEx1SsUgbb9WYVNexl3MTw4vMxRO?= =?utf-8?q?PPQplyMSuF2c2qz40m/LBMblMbA+6b9gus4KMslx1BycMmBxiReemV3UfnRztzpC6?= =?utf-8?q?ULKSQ/2FvWU4xEhXqQqPdnWUDjEn64IFHfknwwNB6IZw78C0jh+iQ08KfVD+gdCnu?= =?utf-8?q?5IjVk5dPf2GDDURj99CmTJgofwCqPZUDQENGLxiHE3gFn7xpDgvCs7vZlTfvFoNdr?= =?utf-8?q?/YCYhmtw0WyKp1zDl7dJvvYUdOdPLvhosmYlKO+Z1VDcWo4RL+ezByOaDYSRcqbRB?= =?utf-8?q?608dQHly/NgkLA4qnZxW2d37/kEWcWz/zsqKr0jciryML+KZknI3nTMYam6vlbJAo?= =?utf-8?q?0JILRkhjG4ylOswgj+T6ghirLCaIFvzrVGJN9iSnwEFOIMObB6JNihs39moxAoIpZ?= =?utf-8?q?EVwddgknrr5G2ZVN+py1OP27gah0WHim3ogNZmzU0RUGvQrI/qkf9SMGHEMjmy+Ze?= =?utf-8?q?EIb/CDTNl096Bf9la0J8f2XRNxe62NG7Fm6qfvoue52QwMOJX3zBa+artnXa3zUh/?= =?utf-8?q?EnOTDB+isaR+q78eGnzbwkl6NK+9DA5n1B3/cVDRtXMtD7BfFFmxvk4+44sSiTkge?= =?utf-8?q?3dmPWbyOE3zGOXemYRzzkYCnCibRUOIEZpI3uFXHdINZAeSUTxiS38VYGPj2uwsDJ?= =?utf-8?q?wBYzLSF5k4ruvxwi3b8lJ2A2D9Z9nc9wgcONpexd9zBFtmWvxlOQxvYd0KZfc23ge?= =?utf-8?q?Tp6QStdTYDHk36cyu4mMeBpaF/rH2MavEQCzboLOFMzqwSb4L9M+4+61+ID/g4KDY?= =?utf-8?q?CCdmd3KzqmouKZoa79KF598waPuuF6HWQU//3xlcosB1vvd6RBTFAiTSVPtDlSYle?= =?utf-8?q?8qTFL2Jq7t8FjrEAPncEk+7OVoE+tbtusFAJOni2KUPkDvrvPtfX7OtRE+zCt7kBS?= =?utf-8?q?W1QWTpU0aHOgy91HrfsFcDIUu7FgZpAX1/wkqcfcAY9ZNgr32795pzY7OHaXY46wu?= =?utf-8?q?OZCweflBS371rDzURU1RcJXplY4UgkPWa0J4PtgunHE93LiT3LeChQ3JxBXt4YH4H?= =?utf-8?q?Bc+P/UqpnVAa?= X-OriginatorOrg: suse.com X-MS-Exchange-CrossTenant-Network-Message-Id: f45392f6-06ff-48dd-91b6-08db5217fa5c X-MS-Exchange-CrossTenant-AuthSource: VE1PR04MB6560.eurprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 11 May 2023 12:05:14.3150 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: f7a17af6-1c5c-4a36-aa8b-f5be247aa4ba X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 414Kk9EEkJzByG44rXWxbzF+68rUKpIQ1ybXTnZw2O44GyKBPs81HIQ1nYmSYLJjpDc9Not9a/zw0yLyNv/eiw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR04MB7072 This allows to initiate machine reset, which we don't want to permit Dom0 to invoke that way. While there insert blank lines and convert the sibling PCI config space port numbers to upper case, matching style earlier in the function. Signed-off-by: Jan Beulich Acked-by: Roger Pau Monné --- a/xen/arch/x86/dom0_build.c +++ b/xen/arch/x86/dom0_build.c @@ -503,8 +503,13 @@ int __init dom0_setup_permissions(struct /* ACPI PM Timer. */ if ( pmtmr_ioport ) rc |= ioports_deny_access(d, pmtmr_ioport, pmtmr_ioport + 3); - /* PCI configuration space (NB. 0xcf8 has special treatment). */ - rc |= ioports_deny_access(d, 0xcfc, 0xcff); + + /* Reset control. */ + rc |= ioports_deny_access(d, 0xCF9, 0xCF9); + + /* PCI configuration space (NB. 0xCF8 has special treatment). */ + rc |= ioports_deny_access(d, 0xCFC, 0xCFF); + #ifdef CONFIG_HVM if ( is_hvm_domain(d) ) {