From patchwork Thu May 11 12:06:25 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Jan Beulich X-Patchwork-Id: 13237832 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 3FDD0C77B7C for ; Thu, 11 May 2023 12:06:47 +0000 (UTC) Received: from list by lists.xenproject.org with outflank-mailman.533321.829871 (Exim 4.92) (envelope-from ) id 1px544-0000PG-2P; Thu, 11 May 2023 12:06:32 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 533321.829871; Thu, 11 May 2023 12:06:32 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1px543-0000P9-VC; Thu, 11 May 2023 12:06:31 +0000 Received: by outflank-mailman (input) for mailman id 533321; Thu, 11 May 2023 12:06:30 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1px542-0000KI-C4 for xen-devel@lists.xenproject.org; Thu, 11 May 2023 12:06:30 +0000 Received: from EUR05-AM6-obe.outbound.protection.outlook.com (mail-am6eur05on20628.outbound.protection.outlook.com [2a01:111:f400:7e1b::628]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id 426e7a90-eff4-11ed-8611-37d641c3527e; Thu, 11 May 2023 14:06:28 +0200 (CEST) Received: from VE1PR04MB6560.eurprd04.prod.outlook.com (2603:10a6:803:122::25) by VI1PR04MB7072.eurprd04.prod.outlook.com (2603:10a6:800:12c::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6363.33; Thu, 11 May 2023 12:06:27 +0000 Received: from VE1PR04MB6560.eurprd04.prod.outlook.com ([fe80::8e41:82b6:a27f:2e0c]) by VE1PR04MB6560.eurprd04.prod.outlook.com ([fe80::8e41:82b6:a27f:2e0c%4]) with mapi id 15.20.6363.033; Thu, 11 May 2023 12:06:27 +0000 X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 426e7a90-eff4-11ed-8611-37d641c3527e ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=M9rNuV6oyWbE2uBeBsPkTsuA1LQEhfWPJGlfDdTG+eCc4nFJ9IvPLhcjAyF9hOdhwjxn+NG1VLa8NvE4YyNAtD396e3nBBDGkXgDcPzrse7LzbcRk8/1NgzVSy8cX+L8zXbvMbhNJ0VPxSjk3bOTht9crGPsxjket+YvozCZav5xMzfSyOMZKoJTCi82lqOzukmKIGyliK8SbA+NjuMaNgOsWUujjVrrrvqv2Vq0ssj8wtZYEzu3ijpSYklIXwIwhXHJxIdtRHLf0b5PZdiOFqJ6GQadFluIrXLoM4cY50wK94dvB1g9hfMrqYIbGVz0so8YcRyw9cU0QO5X8FZDjw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=tKCZe8aIk+i5ppy7aKMs7dwLZsehuRpn4OGEOjQsCn8=; b=VP0tD1NzrJa8S6aWmgsv/IJZj5kG0/rQ3LkhxYSLZ3RABWGyBqpazCta2KweHVmHklcOf5jw5uBzwRXFko5vlbr1GT0zeg1DLDYTGDkTovPETsSxclUfa9TEPlzDTTHJaUJdImimJNlrrabzMIIsFbF2mVoa8saYmdlqQO/VESQrqrUjeWO52mSPMdH6Lhj0hbZWDyCfy694ukj1KixHmnZRJVPWa5ZD70KJm95h+bJbJolHyzr50TFcHNqAFzuUSjMAHtcP/9F3HLeaqP4zcp9eY2wOdMmop3WCZD5955oh4Q55W2gi9O/XTMLuYgrQtS8d4kVmaJ1ID1Oc80NyvA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=tKCZe8aIk+i5ppy7aKMs7dwLZsehuRpn4OGEOjQsCn8=; b=L8OXzxY91fz/m6MhXXbcOq7WdAXBqT5zMoJkmBOg53zoH1KW4xP2Y/g1Ria0APjRjaAJv795aDcCnhVxu86eiXC7/ygIe9mYc3EUYjSnju8wo91yLgMNlAiviYxEErC4sXtb+NksoywKOEyAaBTATghK//yjXph8Thj9i5n/2ICbTfINUFWPiEf1vqrCfl0LWy1bTQJoHNMKGQiodbsubX8c1UqaFDrEei0WLEdzItz4PAzObQKWRmMKmlnLbloY9Dce18o3BHgJiEasCyF3t8Fgf6kLDxG97KanDXszvvpdaGpuqNVVgXckUsuvudEfL8b9wuDp25LnoNlfCU+POA== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com; Message-ID: Date: Thu, 11 May 2023 14:06:25 +0200 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.10.1 Subject: [PATCH 3/7] x86/PVH: deny Dom0 access to the ISA DMA controller Content-Language: en-US From: Jan Beulich To: "xen-devel@lists.xenproject.org" Cc: Andrew Cooper , Wei Liu , =?utf-8?q?Roger_Pau_Monn=C3=A9?= References: <95129c04-f37c-9e26-e65d-786a1db2f003@suse.com> In-Reply-To: <95129c04-f37c-9e26-e65d-786a1db2f003@suse.com> X-ClientProxiedBy: FR0P281CA0018.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:15::23) To VE1PR04MB6560.eurprd04.prod.outlook.com (2603:10a6:803:122::25) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: VE1PR04MB6560:EE_|VI1PR04MB7072:EE_ X-MS-Office365-Filtering-Correlation-Id: de9a531f-cd8d-43a3-9e1f-08db521825d7 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: YBmn72Z+88o0bYT92PouPSfxs2iuuPRfekHVGWd7ri6Eg7N/7RfG5m5/Jy01klu+sFGO0uc24lBNfD+ID2kKQJnfgcEYIiDZJ/RCsHfMubQBm//tiRGbSpKu+tPkkBkJMQ7yQeYQrEVkHZapWB5IV4lvHF9UtoJVFsFgOu5Uw88w6qLCobOu/03LAQbmhhz9E0UeN7rZ085tMJUT+rlRWJipUvn1RJDVUC+X0QgBaXqMJBXYuDENea26tkOZBPiN369t0GlFDPnZB2EtT0Y8+6utLlSAGpAV43yvrKaNpNxJCX/eZf2e/yzy8fVNilpPFLkhMYHIZO7bj0k+WJYzdZFHAAOzADsKwJqU1eos/SkYx4keRyjt3uI8UIocJpbflOJpTLedKvfgPpdLNdrTOLJCNRd/kZxdp43KpFvHDwy7PDt4JhplzfLZSto2JYjwMvgSZNSQkH1Crpe1MEHd3KQMMEC9A+Zsumeyegc44n6LF3K0yCCJKhXgBiu4RvOyorhDerB2SB/KtglrlZaJrqIZz2fTFEfBhSH6zPSWFUou8uo8KRhPRHly5yITPtNYEjvoXLO4TxqvBLKoelZYV2cwz3eAI7v/LEbBOxrrBSJdur1JKPVx+Cmc0EWY5xFjRLqoJjxs/GOljdIGOIW5m7gYBPeN00vfoxOrsV9+5sc= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:VE1PR04MB6560.eurprd04.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230028)(376002)(366004)(39860400002)(136003)(396003)(346002)(451199021)(31686004)(36756003)(2906002)(41300700001)(86362001)(38100700002)(8676002)(31696002)(5660300002)(8936002)(4326008)(316002)(83380400001)(478600001)(66946007)(6506007)(6916009)(186003)(6486002)(66476007)(66556008)(26005)(54906003)(6512007)(2616005)(43740500002)(45980500001)(309714004);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?q?QivEwXgj9GTErsfBxwgJJhSosj/A?= =?utf-8?q?dpBR5teoU9bg9i0gf+tth1+m6e7EDk0OKmJjmVBQO6VT+xkXCjudVD/rIB2EOJ0K7?= =?utf-8?q?stcd/O5fT/F4PbZIm/gk4WPCMryOfNL1v3o/glH9Iq+dL6G1rFhKnv6PQaBkslSUD?= =?utf-8?q?RLv6AXO/7x9hBzEolNMRhnlfPNvwTQo+Tu2V3UMr4SFtVVDgHC3vrrcTIcM/6vpUu?= =?utf-8?q?GG6fI9arhI8BGJLx+KgMDlWaifGvyOGX0MXNTBDHuyAYnDgJ2xIJ5g0pfFRjegnd4?= =?utf-8?q?g2rNWFMYdrpxxZRp9KAFSSDolwP/1SemSH2fxA5RNaDuXAnqn0NGa7SbEbZlIpXCR?= =?utf-8?q?kRv1V3HllZ6bPIYXgua/cOnos6r0OA+CcdPxbgd7EVqauLmUcjlr8hVV6h/lowcuB?= =?utf-8?q?CDWD7xH3UHeczVV/GSUONc37oc5qaQ4emPYM4ym4iN1MB8OUjVKltfmRmXEZsLn5Y?= =?utf-8?q?RVF8u6eDT6YXCQMzPedhNf7RU50InxOHOGaAxpdB6LsHiOxsikOqqTaXIHEHmBkxf?= =?utf-8?q?zr7x4WGLX0tKzP9CY2F2GL1c2mwq0+xHKvDGgAcM/9x2uHXTewRCg8ih6AiVjb9PJ?= =?utf-8?q?rA8CZi1/QEMpyflcVuW5xEI8Gsi3glx7VR3accZ8X10CYY5IwKi7gcBbFkqcJpwPZ?= =?utf-8?q?Lp5bmGLfxO7YEj3lWquqNLLdy38F9+nfZFDYHmz8AqNnsf+yjF6LHqL2kApXsc+lA?= =?utf-8?q?4xarF9KP4NYdGDPdGAfTSrAnC33UdEMg05lY9lRi1IUNqh6tQsxVZNUmgb36S5B1C?= =?utf-8?q?L/3XEUX3YkzOo50FzOTNcPK54/xpAs27J6hjFC+6MPBkRkP78dEESx3vDLNpgZBWn?= =?utf-8?q?P6ifXCjdSPCYB0aeXoWX74Xj78ufUYlQGjzc3OC85MuOX1MDTMPYFjV5ZNhC8Lsoe?= =?utf-8?q?9dHClExpR9mURxFOQk23pvcQ+XxWWxOnrclVkz/YK7x+VVVGaVIBsbUOjKsEMZwZs?= =?utf-8?q?twi78J7s/F8WFueSpCSlQnP0+Zzn6Qi/rg6geBqPs6nkVv3j2RYiT3bKX6sd7y+s3?= =?utf-8?q?1/ZhIoFmOCqvYLOyzl7Gs8PgETMghru2V9gucsZo79t0PWeWTqlLUTPOCiOJFoxcH?= =?utf-8?q?nQX0rHtkr+y3kmxhJgNZbnT39f4u3yGYXWGalH5hC7dioHAbv12DH+3M7uZFabELT?= =?utf-8?q?Wn5B1hcubq2OEjntHCM+oPNlq7pvKXtreIP/vB4WgfqXcUDOQBOtagYUDSkvsLixC?= =?utf-8?q?owhxGmofGee02Zy6CeL8WQSmC/PKEtCwgdUSSmseAs6ZHKadvnBTVJlDIUk2spo2K?= =?utf-8?q?nCXTDjI5Y3tceSPYH0/CD8HitMDfVIpKF/iSWuj+UwWFqG22IM3XTjLvZuPJvMw1t?= =?utf-8?q?CHqhhg2JHfmQXiWg3pSnUO1UbDFQkB5qrSFdhG9Tgeacybu/IGgqDpsKq/rJfs0kd?= =?utf-8?q?PkKSeJ2c3MclF01bkoOTS/UStm+4HNteF1tgvOo103Yk5AHWX4L066GP6XVdDOEa5?= =?utf-8?q?DL/mplkYZ8xkOR3d1n97s4G0vjrH9ec2afcAS4Q648KxklZvHGTJKlfjQpz8fyUMe?= =?utf-8?q?IvdBDASBTvp3?= X-OriginatorOrg: suse.com X-MS-Exchange-CrossTenant-Network-Message-Id: de9a531f-cd8d-43a3-9e1f-08db521825d7 X-MS-Exchange-CrossTenant-AuthSource: VE1PR04MB6560.eurprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 11 May 2023 12:06:27.3118 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: f7a17af6-1c5c-4a36-aa8b-f5be247aa4ba X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: dj2AUvX/4qBhIP5qtpanOsatBrePftGCSjjHzxVUY2MCzzmeW0xrvjAo5D5RZ9pXN6C93DBgWDoEYRm1Q6xpkA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR04MB7072 Unlike PV, a PVH Dom0 has no sensible way of driving the address and page registers correctly, as it would need to translate guest physical addresses to host ones. Rather than allowing data corruption to occur from e.g. the use of a legacy floppy drive, disallow access altogether. Signed-off-by: Jan Beulich Acked-by: Roger Pau Monné --- The possible aliases of the page registers (90-9F, except 92) aren't covered. Unlike the possible alias range 10-1F, which I think is okay to include here blindly, I guess we'd better probe for aliasing of these if we wanted to deny access there as well. This is first and foremost because the range having had wider use on PS/2, and who knows what's been re-used in that range beyond port 92. --- a/xen/arch/x86/dom0_build.c +++ b/xen/arch/x86/dom0_build.c @@ -517,6 +517,13 @@ int __init dom0_setup_permissions(struct #ifdef CONFIG_HVM if ( is_hvm_domain(d) ) { + /* ISA DMA controller, channels 0-3 (incl possible aliases). */ + rc |= ioports_deny_access(d, 0x00, 0x1F); + /* ISA DMA controller, page registers (incl various reserved ones). */ + rc |= ioports_deny_access(d, 0x80 + !!hvm_port80_allowed, 0x8F); + /* ISA DMA controller, channels 4-7 (incl usual aliases). */ + rc |= ioports_deny_access(d, 0xC0, 0xDF); + /* HVM debug console IO port. */ rc |= ioports_deny_access(d, XEN_HVM_DEBUGCONS_IOPORT, XEN_HVM_DEBUGCONS_IOPORT);