From mboxrd@z Thu Jan  1 00:00:00 1970
From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Subject: Re: [PATCH 1/3] x86: don't allow Dom0 access to the MSI
 address range
Date: Wed, 21 Aug 2013 10:29:31 -0400
Message-ID: <20130821142931.GG2593@phenom.dumpdata.com>
References: <5214784202000078000ED378@nat28.tlf.novell.com>
	<52147C2A02000078000ED38B@nat28.tlf.novell.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-bounces@lists.xen.org>
Received: from mail6.bemta5.messagelabs.com ([195.245.231.135])
	by lists.xen.org with esmtp (Exim 4.72)
	(envelope-from <konrad.wilk@oracle.com>) id 1VC9Po-0005zF-Vn
	for xen-devel@lists.xenproject.org; Wed, 21 Aug 2013 14:29:41 +0000
Content-Disposition: inline
In-Reply-To: <52147C2A02000078000ED38B@nat28.tlf.novell.com>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Sender: xen-devel-bounces@lists.xen.org
Errors-To: xen-devel-bounces@lists.xen.org
To: Jan Beulich <JBeulich@suse.com>
Cc: xen-devel <xen-devel@lists.xenproject.org>, Keir Fraser <keir@xen.org>, xiantao.zhang@intel.com
List-Id: xen-devel@lists.xenproject.org

On Wed, Aug 21, 2013 at 07:36:58AM +0100, Jan Beulich wrote:
> In particular, MMIO assignments should not be done using this area.

And just to make sure there are no regressions - have you tested
this with an upstream dom0 kernel to make sure it does not blow things up?

Or at least if it does blow up - are there any WARN or BUG to help
in coming up with a patch?
> 
> Signed-off-by: Jan Beulich <jbeulich@suse.com>
> 
> --- a/xen/arch/x86/domain_build.c
> +++ b/xen/arch/x86/domain_build.c
> @@ -1122,6 +1122,10 @@ int __init construct_dom0(
>          if ( !rangeset_contains_singleton(mmio_ro_ranges, mfn) )
>              rc |= iomem_deny_access(dom0, mfn, mfn);
>      }
> +    /* MSI range. */
> +    rc |= iomem_deny_access(dom0, paddr_to_pfn(MSI_ADDR_BASE_LO),
> +                            paddr_to_pfn(MSI_ADDR_BASE_LO +
> +                                         MSI_ADDR_DEST_ID_MASK));
>  
>      /* Remove access to E820_UNUSABLE I/O regions above 1MB. */
>      for ( i = 0; i < e820.nr_map; i++ )
> 
> 
> 

> x86: don't allow Dom0 access to the MSI address range
> 
> In particular, MMIO assignments should not be done using this area.
> 
> Signed-off-by: Jan Beulich <jbeulich@suse.com>
> 
> --- a/xen/arch/x86/domain_build.c
> +++ b/xen/arch/x86/domain_build.c
> @@ -1122,6 +1122,10 @@ int __init construct_dom0(
>          if ( !rangeset_contains_singleton(mmio_ro_ranges, mfn) )
>              rc |= iomem_deny_access(dom0, mfn, mfn);
>      }
> +    /* MSI range. */
> +    rc |= iomem_deny_access(dom0, paddr_to_pfn(MSI_ADDR_BASE_LO),
> +                            paddr_to_pfn(MSI_ADDR_BASE_LO +
> +                                         MSI_ADDR_DEST_ID_MASK));
>  
>      /* Remove access to E820_UNUSABLE I/O regions above 1MB. */
>      for ( i = 0; i < e820.nr_map; i++ )

> _______________________________________________
> Xen-devel mailing list
> Xen-devel@lists.xen.org
> http://lists.xen.org/xen-devel