From: "Roger Pau Monné" <roger.pau@citrix.com>
To: Jan Beulich <JBeulich@suse.com>
Cc: Andrew Cooper <andrew.cooper3@citrix.com>,
xen-devel@lists.xenproject.org
Subject: Re: [PATCH v5 3/3] xen: block access to IO port 0xcf9
Date: Thu, 7 May 2015 17:57:11 +0200 [thread overview]
Message-ID: <554B8B57.2020707@citrix.com> (raw)
In-Reply-To: <554B9F4A0200007800077B7F@mail.emea.novell.com>
Hello,
El 07/05/15 a les 17.22, Jan Beulich ha escrit:
>>>> On 07.05.15 at 16:54, <roger.pau@citrix.com> wrote:
>> This port is used by PM1a and should not be accessed directly by Dom0.
>
> I don't think this is unconditionally PM1a - that should be read out
> of the FADT if at all. I also don't think port CF9 universally serves
> as the port to do reboots. I.e. I don't think this should be done
> unconditionally.
>
>> This
>> also premits trapping 2 and 4 byte accesses to 0xcf8, which need to be
>> handled by the hypervisor.
>
> Only 4-byte ones need to be handled in the hypervisor, and you're
> not adding any code forcing 2-byte ones to be allowed through. I.e.
>
>> Also, since admin_io_okay is now a wrapper around ioports_access_permitted
>> remove it.
>
> ... this should not be the final result afaict.
Thanks for the comments. IMHO the best way to deal with this is to not
add anything in the 0xcf8-0xcfb to ioports_deny_access, leaving
admin_io_okay as-is. Then in the PVH io bitmap blocking access to
0xcf8-0xcfb in order to trap accesses to that range. Does that sound
suitable?
Roger.
next prev parent reply other threads:[~2015-05-07 15:57 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-05-07 14:54 [PATCH v5 0/3] xen/pvh: use a custom IO bitmap for PVH hardware domains Roger Pau Monne
2015-05-07 14:54 ` [PATCH v5 1/3] " Roger Pau Monne
2015-05-07 15:10 ` Jan Beulich
2015-05-07 15:21 ` Roger Pau Monné
2015-05-18 6:05 ` Tian, Kevin
2015-05-07 14:54 ` [PATCH v5 2/3] xen: add the RTC io space to the blocked access list Roger Pau Monne
2015-05-07 15:15 ` Jan Beulich
2015-05-08 11:50 ` Jan Beulich
2015-05-08 11:55 ` Roger Pau Monné
2015-05-08 12:09 ` Jan Beulich
2015-05-07 14:54 ` [PATCH v5 3/3] xen: block access to IO port 0xcf9 Roger Pau Monne
2015-05-07 15:22 ` Jan Beulich
2015-05-07 15:57 ` Roger Pau Monné [this message]
2015-05-07 16:08 ` Jan Beulich
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=554B8B57.2020707@citrix.com \
--to=roger.pau@citrix.com \
--cc=JBeulich@suse.com \
--cc=andrew.cooper3@citrix.com \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.