From: "Roger Pau Monné" <roger.pau@citrix.com>
To: Jan Beulich <jbeulich@suse.com>
Cc: "xen-devel@lists.xenproject.org" <xen-devel@lists.xenproject.org>,
Andrew Cooper <andrew.cooper3@citrix.com>, Wei Liu <wl@xen.org>
Subject: Re: [PATCH 4/7] x86: detect PIC aliasing on ports other than 0x[2A][01]
Date: Thu, 26 Oct 2023 17:19:40 +0200 [thread overview]
Message-ID: <ZTqDjNSBmXeblsud@macbook> (raw)
In-Reply-To: <75026813-03fe-3a46-2274-b93e98f62f89@suse.com>
On Thu, Oct 26, 2023 at 05:07:18PM +0200, Jan Beulich wrote:
> On 26.10.2023 15:24, Roger Pau Monné wrote:
> > On Thu, Oct 26, 2023 at 11:03:42AM +0200, Jan Beulich wrote:
> >> On 26.10.2023 10:34, Roger Pau Monné wrote:
> >>> On Thu, May 11, 2023 at 02:06:46PM +0200, Jan Beulich wrote:
> >>>> ... in order to also deny Dom0 access through the alias ports. Without
> >>>> this it is only giving the impression of denying access to both PICs.
> >>>> Unlike for CMOS/RTC, do detection very early, to avoid disturbing normal
> >>>> operation later on.
> >>>>
> >>>> Like for CMOS/RTC a fundamental assumption of the probing is that reads
> >>>> from the probed alias port won't have side effects in case it does not
> >>>> alias the respective PIC's one.
> >>>
> >>> I'm slightly concerned about this probing.
> >>>
> >>> Also I'm unsure we can fully isolate the hardware domain like this.
> >>> Preventing access to the non-aliased ports is IMO helpful for domains
> >>> to realize the PIT is not available, but in any case such accesses
> >>> shouldn't happen in the first place, as dom0 must be modified to run
> >>> in such mode.
> >>
> >> That's true for PV Dom0, but not necessarily for PVH. Plus by denying
> >> access to the aliases we also guard against bugs in Dom0, if some
> >> component thinks there's something else at those ports (as they
> >> indeed were used for other purposes by various vendors).
> >
> > I think it would be safe to add a command line option to disable the
> > probing, as we would at least like to avoid it in pvshim mode. Maybe
> > ut would be interesting to make it a Kconfig option so that exclusive
> > pvshim Kconfig can avoid all this?
> >
> > Otherwise it will just make booting the pvshim slower.
>
> I've taken note to introduce such an option (not sure yet whether just
> cmdline or also Kconfig). Still
> - Shouldn't we already be bypassing related init logic in shim mode?
Not sure what we bypass in pvshim mode, would be good to double
check.
> - A Kconfig option interfacing with PV_SHIM_EXCLUSIVE will collide with
> my patch inverting that option's sense (and renaming it), so it would
> be nice to have that sorted/accepted first (see
> https://lists.xen.org/archives/html/xen-devel/2023-03/msg00040.html).
It being Andrew the one that made the request, I would like to get his
opinion on it. UNCONSTRAINED does seem a bit weird.
Maybe the issue is that PV_SHIM_EXCLUSIVE shouldn't have been a
Kconfig option in the first place, and instead a specific Kconfig
config file?
Maybe it's not possible to achieve the same using just a Kconfig
config file.
Thanks, Roger.
next prev parent reply other threads:[~2023-10-26 15:20 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-05-11 12:03 [PATCH 0/7] x86: Dom0 I/O port access permissions Jan Beulich
2023-05-11 12:05 ` [PATCH 1/7] x86: don't allow Dom0 access to port CF9 Jan Beulich
2023-10-25 12:36 ` Roger Pau Monné
2023-10-25 13:59 ` Jan Beulich
2023-05-11 12:05 ` [PATCH 2/7] x86: don't allow Dom0 access to port 92 Jan Beulich
2023-10-25 12:49 ` Roger Pau Monné
2023-10-25 14:11 ` Jan Beulich
2023-05-11 12:06 ` [PATCH 3/7] x86/PVH: deny Dom0 access to the ISA DMA controller Jan Beulich
2023-10-25 13:22 ` Roger Pau Monné
2023-05-11 12:06 ` [PATCH 4/7] x86: detect PIC aliasing on ports other than 0x[2A][01] Jan Beulich
2023-10-26 8:34 ` Roger Pau Monné
2023-10-26 9:03 ` Jan Beulich
2023-10-26 13:24 ` Roger Pau Monné
2023-10-26 15:07 ` Jan Beulich
2023-10-26 15:19 ` Roger Pau Monné [this message]
2023-10-30 12:24 ` Jan Beulich
2023-10-30 15:14 ` Roger Pau Monné
2023-10-30 15:19 ` Jan Beulich
2023-10-30 15:23 ` Roger Pau Monné
2023-10-30 15:35 ` Jan Beulich
2023-10-30 16:25 ` Roger Pau Monné
2023-05-11 12:07 ` [PATCH 5/7] x86: detect PIT aliasing on ports other than 0x4[0-3] Jan Beulich
2023-10-26 10:25 ` Roger Pau Monné
2023-10-26 12:31 ` Jan Beulich
2023-10-26 13:57 ` Roger Pau Monné
2023-10-26 15:10 ` Jan Beulich
2023-10-26 15:13 ` Roger Pau Monné
2023-10-30 12:50 ` Jan Beulich
2023-05-11 12:07 ` [PATCH 6/7] x86: don't allow Dom0 (direct) access to port F0 Jan Beulich
2023-10-26 10:48 ` Roger Pau Monné
2023-05-11 12:08 ` [PATCH 7/7] x86: don't allow Dom0 access to ELCR ports Jan Beulich
2023-10-26 11:02 ` Roger Pau Monné
2023-10-26 12:51 ` Jan Beulich
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZTqDjNSBmXeblsud@macbook \
--to=roger.pau@citrix.com \
--cc=andrew.cooper3@citrix.com \
--cc=jbeulich@suse.com \
--cc=wl@xen.org \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.