* [PATCH] x86/PCI: make all config space writes subject to XSM checking
@ 2015-11-24 14:42 Jan Beulich
2015-11-24 18:10 ` Daniel De Graaf
2015-12-02 17:04 ` Andrew Cooper
0 siblings, 2 replies; 3+ messages in thread
From: Jan Beulich @ 2015-11-24 14:42 UTC (permalink / raw)
To: xen-devel; +Cc: Andrew Cooper, dgdegra, Keir Fraser
[-- Attachment #1: Type: text/plain, Size: 1544 bytes --]
Now that we intercept them all, there's no reason not to also uniformly
hand them to XSM. Reads (which are expected to be of less interest) get
handled as before (MMCFG accesses un-audited).
Signed-off-by: Jan Beulich <jbeulich@suse.com>
--- a/xen/arch/x86/pci.c
+++ b/xen/arch/x86/pci.c
@@ -7,6 +7,7 @@
#include <xen/spinlock.h>
#include <xen/pci.h>
#include <asm/io.h>
+#include <xsm/xsm.h>
static DEFINE_SPINLOCK(pci_config_lock);
@@ -73,7 +74,12 @@ int pci_conf_write_intercept(unsigned in
uint32_t *data)
{
struct pci_dev *pdev;
- int rc = 0;
+ int rc = xsm_pci_config_permission(XSM_HOOK, current->domain, bdf,
+ reg, reg + size - 1, 1);
+
+ if ( rc < 0 )
+ return rc;
+ ASSERT(!rc);
/*
* Avoid expensive operations when no hook is going to do anything
--- a/xen/arch/x86/traps.c
+++ b/xen/arch/x86/traps.c
@@ -1823,11 +1823,9 @@ static bool_t pci_cfg_ok(struct domain *
start |= CF8_ADDR_HI(currd->arch.pci_cf8);
}
- if ( xsm_pci_config_permission(XSM_HOOK, currd, machine_bdf,
- start, start + size - 1, !!write) != 0 )
- return 0;
-
- return !write ||
+ return !write ?
+ xsm_pci_config_permission(XSM_HOOK, currd, machine_bdf,
+ start, start + size - 1, 0) == 0 :
pci_conf_write_intercept(0, machine_bdf, start, size, write) >= 0;
}
[-- Attachment #2: x86-PCI-CFG-write-XSM.patch --]
[-- Type: text/plain, Size: 1603 bytes --]
x86/PCI: make all config space writes subject to XSM checking
Now that we intercept them all, there's no reason not to also uniformly
hand them to XSM. Reads (which are expected to be of less interest) get
handled as before (MMCFG accesses un-audited).
Signed-off-by: Jan Beulich <jbeulich@suse.com>
--- a/xen/arch/x86/pci.c
+++ b/xen/arch/x86/pci.c
@@ -7,6 +7,7 @@
#include <xen/spinlock.h>
#include <xen/pci.h>
#include <asm/io.h>
+#include <xsm/xsm.h>
static DEFINE_SPINLOCK(pci_config_lock);
@@ -73,7 +74,12 @@ int pci_conf_write_intercept(unsigned in
uint32_t *data)
{
struct pci_dev *pdev;
- int rc = 0;
+ int rc = xsm_pci_config_permission(XSM_HOOK, current->domain, bdf,
+ reg, reg + size - 1, 1);
+
+ if ( rc < 0 )
+ return rc;
+ ASSERT(!rc);
/*
* Avoid expensive operations when no hook is going to do anything
--- a/xen/arch/x86/traps.c
+++ b/xen/arch/x86/traps.c
@@ -1823,11 +1823,9 @@ static bool_t pci_cfg_ok(struct domain *
start |= CF8_ADDR_HI(currd->arch.pci_cf8);
}
- if ( xsm_pci_config_permission(XSM_HOOK, currd, machine_bdf,
- start, start + size - 1, !!write) != 0 )
- return 0;
-
- return !write ||
+ return !write ?
+ xsm_pci_config_permission(XSM_HOOK, currd, machine_bdf,
+ start, start + size - 1, 0) == 0 :
pci_conf_write_intercept(0, machine_bdf, start, size, write) >= 0;
}
[-- Attachment #3: Type: text/plain, Size: 126 bytes --]
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] x86/PCI: make all config space writes subject to XSM checking
2015-11-24 14:42 [PATCH] x86/PCI: make all config space writes subject to XSM checking Jan Beulich
@ 2015-11-24 18:10 ` Daniel De Graaf
2015-12-02 17:04 ` Andrew Cooper
1 sibling, 0 replies; 3+ messages in thread
From: Daniel De Graaf @ 2015-11-24 18:10 UTC (permalink / raw)
To: Jan Beulich, xen-devel; +Cc: Andrew Cooper, Keir Fraser
On 24/11/15 09:42, Jan Beulich wrote:
> Now that we intercept them all, there's no reason not to also uniformly
> hand them to XSM. Reads (which are expected to be of less interest) get
> handled as before (MMCFG accesses un-audited).
>
> Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] x86/PCI: make all config space writes subject to XSM checking
2015-11-24 14:42 [PATCH] x86/PCI: make all config space writes subject to XSM checking Jan Beulich
2015-11-24 18:10 ` Daniel De Graaf
@ 2015-12-02 17:04 ` Andrew Cooper
1 sibling, 0 replies; 3+ messages in thread
From: Andrew Cooper @ 2015-12-02 17:04 UTC (permalink / raw)
To: Jan Beulich, xen-devel; +Cc: dgdegra, Keir Fraser
On 24/11/15 14:42, Jan Beulich wrote:
> Now that we intercept them all, there's no reason not to also uniformly
> hand them to XSM. Reads (which are expected to be of less interest) get
> handled as before (MMCFG accesses un-audited).
>
> Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Andrew Cooper <andrew.cooper3@citrix.com>
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2015-12-02 17:04 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-11-24 14:42 [PATCH] x86/PCI: make all config space writes subject to XSM checking Jan Beulich
2015-11-24 18:10 ` Daniel De Graaf
2015-12-02 17:04 ` Andrew Cooper
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.