Re: [PATCH v1 for-4.6 1/2] xen/pvh: check permissions when adding MMIO regions

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Andrew Cooper <andrew.cooper3@citrix.com>
To: Roger Pau Monne <roger.pau@citrix.com>, xen-devel@lists.xenproject.org
Cc: Jan Beulich <jbeulich@suse.com>
Subject: Re: [PATCH v1 for-4.6 1/2] xen/pvh: check permissions when adding MMIO regions
Date: Thu, 18 Dec 2014 19:05:09 +0000	[thread overview]
Message-ID: <54932565.2020801@citrix.com> (raw)
In-Reply-To: <1418927225-60266-2-git-send-email-roger.pau@citrix.com>

On 18/12/14 18:27, Roger Pau Monne wrote:
> Check that MMIO regions added to PVH Dom0 are allowed. Previously a PVH Dom0
> would have access to the full MMIO range.
>
> Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>
> Cc: Jan Beulich <jbeulich@suse.com>
> Cc: Andrew Cooper <andrew.cooper3@citrix.com>
> ---
>  xen/arch/x86/domain_build.c | 31 +++++++++++++++++++++++++++++++
>  1 file changed, 31 insertions(+)
>
> diff --git a/xen/arch/x86/domain_build.c b/xen/arch/x86/domain_build.c
> index 7a6afea..aa3bf0f 100644
> --- a/xen/arch/x86/domain_build.c
> +++ b/xen/arch/x86/domain_build.c
> @@ -312,16 +312,47 @@ static __init void pvh_add_mem_mapping(struct domain *d, unsigned long gfn,
>                                         unsigned long mfn, unsigned long nr_mfns)
>  {
>      unsigned long i;
> +    xenmem_access_t def_access;
> +    bool_t r_only = false;
>      int rc;
>  
>      for ( i = 0; i < nr_mfns; i++ )
>      {
> +        if ( !iomem_access_permitted(d, mfn + i, mfn + i) )
> +            goto next;
> +
> +        if ( rangeset_contains_singleton(mmio_ro_ranges, mfn + i) && !r_only )
> +        {
> +            rc = p2m_get_mem_access(d, ~0ul, &def_access);
> +            BUG_ON(rc);
> +            /* Set default access to read-only */
> +            rc = p2m_set_mem_access(d, ~0ul, 0, 0, 0, XENMEM_access_r);
> +            BUG_ON(rc);
> +            r_only = true;
> +        }
> +        else if ( r_only )
> +        {
> +            /* Set the default back */
> +            rc = p2m_set_mem_access(d, ~0ul, 0, 0, 0, def_access);
> +            BUG_ON(rc);
> +            r_only = false;
> +        }

Am I missing something obvious, or would all this r_only juggling be far
more easy if set_mmio_p2m_entry() had a ro/rw boolean parameter?

As these entries are done one at a time, it would seem to be far less
error prone to explicitly choose a read-only or read-write mmio mapping,
rather than playing with the entire default.

> +
>          if ( (rc = set_mmio_p2m_entry(d, gfn + i, _mfn(mfn + i))) )
>              panic("pvh_add_mem_mapping: gfn:%lx mfn:%lx i:%ld rc:%d\n",
>                    gfn, mfn, i, rc);
> +
> + next:
>          if ( !(i & 0xfffff) )
>                  process_pending_softirqs();

You could remove the next label by moving this clause to the top and
adding an i != 0 check.

>      }
> +
> +    if ( r_only )
> +    {
> +        /* Set the default back */
> +        rc = p2m_set_mem_access(d, ~0ul, 0, 0, 0, def_access);

This will clobber the p2m default access type based on whether the final
mfn is read-only or read-write.

~Andrew

> +        BUG_ON(rc);
> +    }
>  }
>  
>  /*



_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel

next prev parent reply	other threads:[~2014-12-18 19:06 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-12-18 18:27 [PATCH v1 for-4.6 1/2] xen: fixes for PVH Dom0 MMIO regions Roger Pau Monne
2014-12-18 18:27 ` [PATCH v1 for-4.6 1/2] xen/pvh: check permissions when adding " Roger Pau Monne
2014-12-18 19:05   ` Andrew Cooper [this message]
2014-12-19  9:06     ` Jan Beulich
2014-12-18 18:27 ` [PATCH v1 for-4.6 2/2] xen: prevent access to HPET from Dom0 Roger Pau Monne
2014-12-18 18:51   ` Andrew Cooper
2014-12-19  8:04     ` Roger Pau Monné
2014-12-19 11:25       ` Andrew Cooper
2014-12-19  9:02     ` Jan Beulich
2014-12-19  9:11     ` Jan Beulich
2014-12-19 11:32       ` Andrew Cooper
2014-12-19 13:08         ` Jan Beulich
2014-12-19  9:01   ` Jan Beulich
2014-12-18 18:39 ` [PATCH v1 for-4.6 1/2] xen: fixes for PVH Dom0 MMIO regions Andrew Cooper

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=54932565.2020801@citrix.com \
    --to=andrew.cooper3@citrix.com \
    --cc=jbeulich@suse.com \
    --cc=roger.pau@citrix.com \
    --cc=xen-devel@lists.xenproject.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.