From mboxrd@z Thu Jan  1 00:00:00 1970
From: =?windows-1252?Q?Roger_Pau_Monn=E9?= <roger.pau@citrix.com>
Subject: Re: [PATCH v5 3/3] xen: block access to IO port 0xcf9
Date: Thu, 7 May 2015 17:57:11 +0200
Message-ID: <554B8B57.2020707@citrix.com>
References: <1431010459-20920-1-git-send-email-roger.pau@citrix.com>
	<1431010459-20920-4-git-send-email-roger.pau@citrix.com>
	<554B9F4A0200007800077B7F@mail.emea.novell.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-bounces@lists.xen.org>
Received: from mail6.bemta3.messagelabs.com ([195.245.230.39])
	by lists.xen.org with esmtp (Exim 4.72)
	(envelope-from <roger.pau@citrix.com>) id 1YqOBA-0003FP-Mg
	for xen-devel@lists.xenproject.org; Thu, 07 May 2015 15:57:40 +0000
In-Reply-To: <554B9F4A0200007800077B7F@mail.emea.novell.com>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Sender: xen-devel-bounces@lists.xen.org
Errors-To: xen-devel-bounces@lists.xen.org
To: Jan Beulich <JBeulich@suse.com>
Cc: Andrew Cooper <andrew.cooper3@citrix.com>, xen-devel@lists.xenproject.org
List-Id: xen-devel@lists.xenproject.org

Hello,

El 07/05/15 a les 17.22, Jan Beulich ha escrit:
>>>> On 07.05.15 at 16:54, <roger.pau@citrix.com> wrote:
>> This port is used by PM1a and should not be accessed directly by Dom0.
> 
> I don't think this is unconditionally PM1a - that should be read out
> of the FADT if at all. I also don't think port CF9 universally serves
> as the port to do reboots. I.e. I don't think this should be done
> unconditionally.
> 
>> This
>> also premits trapping 2 and 4 byte accesses to 0xcf8, which need to be
>> handled by the hypervisor.
> 
> Only 4-byte ones need to be handled in the hypervisor, and you're
> not adding any code forcing 2-byte ones to be allowed through. I.e.
> 
>> Also, since admin_io_okay is now a wrapper around ioports_access_permitted
>> remove it.
> 
> ... this should not be the final result afaict.

Thanks for the comments. IMHO the best way to deal with this is to not
add anything in the 0xcf8-0xcfb to ioports_deny_access, leaving
admin_io_okay as-is. Then in the PVH io bitmap blocking access to
0xcf8-0xcfb in order to trap accesses to that range. Does that sound
suitable?

Roger.