From: Daniel De Graaf <dgdegra@tycho.nsa.gov>
To: Jan Beulich <JBeulich@suse.com>
Cc: Keir Fraser <keir@xen.org>, xen-devel <xen-devel@lists.xen.org>
Subject: Re: c/s 24425:053a44894279 (xsm: add checks on PCI configuration access)
Date: Thu, 21 Jun 2012 10:19:02 -0400 [thread overview]
Message-ID: <4FE32D56.6000809@tycho.nsa.gov> (raw)
In-Reply-To: <4FE33BD2020000780008B1B9@nat28.tlf.novell.com>
On 06/21/2012 09:20 AM, Jan Beulich wrote:
> The mmconfig part of this is seriously broken: These operations,
> even when carried out by Dom0, are MMIO accesses, and hence
> are invisible to the hypervisor without extra handling. Putting
> the checks into pci_mmcfg_{read,write}() has the effect of
> potentially denying the _hypervisor_ access. So I think at least
> that part needs to be reverted.
I agree - the XSM checks are intended to be done only when the hypervisor
is accessing on behalf of the domain, which looks to be covered by the
traps part of the patch. These checks are currently intended to deny a
domain with IS_PRIV but without full hardware access - in particular,
without access to the PCI configuration MMIO area - from using legacy
register access to reconfigure PCI devices.
While it may be useful to extend this access check to include the PCI
configuration MMIO pages, this would require emulating both reads and
writes to any page that has entries that a particular domain does not
have access to. The existing pciback/pcifront configuration access model
already handles these issues without changes to the hypervisor.
> Even the I/O port base logic isn't fully correct - AMD's extension
> to access extended config space isn't being taken care of (i.e.
> wrong register values might get passed to the xsm callback).
Looks like a trivial one-line fix, I'll send a patch momentarily. I wasn't
aware of that extension when I was writing the cf8 decoding.
next prev parent reply other threads:[~2012-06-21 14:19 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-06-21 13:20 c/s 24425:053a44894279 (xsm: add checks on PCI configuration access) Jan Beulich
2012-06-21 14:19 ` Daniel De Graaf [this message]
2012-06-21 14:20 ` [PATCH] x86/PCI: pass correct register value to XSM Daniel De Graaf
2012-06-21 15:05 ` Jan Beulich
2012-06-21 17:01 ` Daniel De Graaf
2012-06-22 8:03 ` Jan Beulich
2012-06-22 8:33 ` Jan Beulich
2012-06-22 8:53 ` Keir Fraser
2012-06-21 15:13 ` c/s 24425:053a44894279 (xsm: add checks on PCI configuration access) Jan Beulich
2012-06-21 15:14 ` Daniel De Graaf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4FE32D56.6000809@tycho.nsa.gov \
--to=dgdegra@tycho.nsa.gov \
--cc=JBeulich@suse.com \
--cc=keir@xen.org \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.