Re: [Xen-devel] [PATCH v1 for-4.6 2/2] xen: prevent access to HPET from Dom0
Hello, El 18/12/14 a les 19.51, Andrew Cooper ha escrit: On 18/12/14 18:27, Roger Pau Monne wrote: Prevent Dom0 from accessing HPET MMIO region by adding it to the list of denied memory regions. Signed-off-by: Roger Pau Monné roger@citrix.com Cc: Jan Beulich jbeul...@suse.com Cc: Andrew Cooper andrew.coop...@citrix.com Apologies that this reply is split between patch 0 and 2 - I replied to your cover letter before reading this patch. Denying access is only valid if acpi_table_hpet.flags ACPI_HPET_PAGE_PROTECT4 is true. Thanks, if ACPI_HPET_PAGE_PROTECT4 is set then we can prevent access to the full page and if ACPI_HPET_PAGE_PROTECT64 is set we can prevent access to this page and the adjacent 60KB (15 pages). Will send an updated version. Roger. ___ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel
Re: [Xen-devel] [PATCH v1 for-4.6 2/2] xen: prevent access to HPET from Dom0
On 18.12.14 at 19:27, roger@citrix.com wrote: --- a/xen/arch/x86/domain_build.c +++ b/xen/arch/x86/domain_build.c @@ -36,6 +36,9 @@ #include asm/bzimage.h /* for bzimage_parse */ #include asm/io_apic.h #include asm/hap.h +#ifdef CONFIG_HPET_TIMER +#include asm/hpet.h /* for hpet_address */ +#endif When you update the patch according to Andrew's comments, please also drop these stray #ifdef-s - if anything we should delete eventual other references to CONFIG_HPET_TIMER. Jan ___ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel
Re: [Xen-devel] [PATCH v1 for-4.6 2/2] xen: prevent access to HPET from Dom0
On 18.12.14 at 19:51, andrew.coop...@citrix.com wrote: On 18/12/14 18:27, Roger Pau Monne wrote: Prevent Dom0 from accessing HPET MMIO region by adding it to the list of denied memory regions. Signed-off-by: Roger Pau Monné roger@citrix.com Cc: Jan Beulich jbeul...@suse.com Cc: Andrew Cooper andrew.coop...@citrix.com Apologies that this reply is split between patch 0 and 2 - I replied to your cover letter before reading this patch. Denying access is only valid if acpi_table_hpet.flags ACPI_HPET_PAGE_PROTECT4 is true. Somehow the existence of this indication slipped my attention so far; I had always wanted to hide the HPET page from Dom0 if possible. Jan ___ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel
Re: [Xen-devel] [PATCH v1 for-4.6 2/2] xen: prevent access to HPET from Dom0
On 18.12.14 at 19:51, andrew.coop...@citrix.com wrote: On 18/12/14 18:27, Roger Pau Monne wrote: Prevent Dom0 from accessing HPET MMIO region by adding it to the list of denied memory regions. Signed-off-by: Roger Pau Monné roger@citrix.com Cc: Jan Beulich jbeul...@suse.com Cc: Andrew Cooper andrew.coop...@citrix.com Apologies that this reply is split between patch 0 and 2 - I replied to your cover letter before reading this patch. Denying access is only valid if acpi_table_hpet.flags ACPI_HPET_PAGE_PROTECT4 is true. Having just checked (as an example) the most modern Intel box I have direct access to, I wonder how many systems actually supply other than 0 here. Perhaps we ought to at once add a command line option to trigger the denial? Jan ___ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel
Re: [Xen-devel] [PATCH v1 for-4.6 2/2] xen: prevent access to HPET from Dom0
On 19/12/14 08:04, Roger Pau Monné wrote: Hello, El 18/12/14 a les 19.51, Andrew Cooper ha escrit: On 18/12/14 18:27, Roger Pau Monne wrote: Prevent Dom0 from accessing HPET MMIO region by adding it to the list of denied memory regions. Signed-off-by: Roger Pau Monné roger@citrix.com Cc: Jan Beulich jbeul...@suse.com Cc: Andrew Cooper andrew.coop...@citrix.com Apologies that this reply is split between patch 0 and 2 - I replied to your cover letter before reading this patch. Denying access is only valid if acpi_table_hpet.flags ACPI_HPET_PAGE_PROTECT4 is true. Thanks, if ACPI_HPET_PAGE_PROTECT4 is set then we can prevent access to the full page and if ACPI_HPET_PAGE_PROTECT64 is set we can prevent access to this page and the adjacent 60KB (15 pages). Will send an updated version. Roger. ACPI_HPET_PAGE_PROTECT64 stems from ia64 land, where pages can be 64k. I believe it can safely be ignored for x86, or perhaps used to imply ACPI_HPET_PAGE_PROTECT4 ~Andrew ___ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel
Re: [Xen-devel] [PATCH v1 for-4.6 2/2] xen: prevent access to HPET from Dom0
On 19/12/14 09:11, Jan Beulich wrote: On 18.12.14 at 19:51, andrew.coop...@citrix.com wrote: On 18/12/14 18:27, Roger Pau Monne wrote: Prevent Dom0 from accessing HPET MMIO region by adding it to the list of denied memory regions. Signed-off-by: Roger Pau Monné roger@citrix.com Cc: Jan Beulich jbeul...@suse.com Cc: Andrew Cooper andrew.coop...@citrix.com Apologies that this reply is split between patch 0 and 2 - I replied to your cover letter before reading this patch. Denying access is only valid if acpi_table_hpet.flags ACPI_HPET_PAGE_PROTECT4 is true. Having just checked (as an example) the most modern Intel box I have direct access to, I wonder how many systems actually supply other than 0 here. Perhaps we ought to at once add a command line option to trigger the denial? I also can't find a server which sets this flag. I wonder how many systems actually have other things sitting in the remainder of the page. ~Andrew ___ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel
Re: [Xen-devel] [PATCH v1 for-4.6 2/2] xen: prevent access to HPET from Dom0
On 19.12.14 at 12:32, andrew.coop...@citrix.com wrote: On 19/12/14 09:11, Jan Beulich wrote: On 18.12.14 at 19:51, andrew.coop...@citrix.com wrote: On 18/12/14 18:27, Roger Pau Monne wrote: Prevent Dom0 from accessing HPET MMIO region by adding it to the list of denied memory regions. Signed-off-by: Roger Pau Monné roger@citrix.com Cc: Jan Beulich jbeul...@suse.com Cc: Andrew Cooper andrew.coop...@citrix.com Apologies that this reply is split between patch 0 and 2 - I replied to your cover letter before reading this patch. Denying access is only valid if acpi_table_hpet.flags ACPI_HPET_PAGE_PROTECT4 is true. Having just checked (as an example) the most modern Intel box I have direct access to, I wonder how many systems actually supply other than 0 here. Perhaps we ought to at once add a command line option to trigger the denial? I also can't find a server which sets this flag. I wonder how many systems actually have other things sitting in the remainder of the page. One would think (or should I say hope) that there's at least nothing with read side effects anywhere, or else Linux'es exposing of the page to user mode would be a security problem. Perhaps we should also limit Dom0 mappings to r/o when we can't hide the page altogether. Jan ___ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel
[Xen-devel] [PATCH v1 for-4.6 2/2] xen: prevent access to HPET from Dom0
Prevent Dom0 from accessing HPET MMIO region by adding it to the list of denied memory regions. Signed-off-by: Roger Pau Monné roger@citrix.com Cc: Jan Beulich jbeul...@suse.com Cc: Andrew Cooper andrew.coop...@citrix.com --- xen/arch/x86/domain_build.c | 12 1 file changed, 12 insertions(+) diff --git a/xen/arch/x86/domain_build.c b/xen/arch/x86/domain_build.c index aa3bf0f..788f7db 100644 --- a/xen/arch/x86/domain_build.c +++ b/xen/arch/x86/domain_build.c @@ -36,6 +36,9 @@ #include asm/bzimage.h /* for bzimage_parse */ #include asm/io_apic.h #include asm/hap.h +#ifdef CONFIG_HPET_TIMER +#include asm/hpet.h /* for hpet_address */ +#endif #include public/version.h @@ -1516,6 +1519,15 @@ int __init construct_dom0( rc |= iomem_deny_access(d, sfn, efn); } +#ifdef CONFIG_HPET_TIMER +/* Prevent access to HPET */ +if ( hpet_address != 0 ) +{ +mfn = paddr_to_pfn(hpet_address); +rc |= iomem_deny_access(d, mfn, mfn); +} +#endif + BUG_ON(rc != 0); if ( elf_check_broken(elf) ) -- 1.9.3 (Apple Git-50) ___ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel
Re: [Xen-devel] [PATCH v1 for-4.6 2/2] xen: prevent access to HPET from Dom0
On 18/12/14 18:27, Roger Pau Monne wrote: Prevent Dom0 from accessing HPET MMIO region by adding it to the list of denied memory regions. Signed-off-by: Roger Pau Monné roger@citrix.com Cc: Jan Beulich jbeul...@suse.com Cc: Andrew Cooper andrew.coop...@citrix.com Apologies that this reply is split between patch 0 and 2 - I replied to your cover letter before reading this patch. Denying access is only valid if acpi_table_hpet.flags ACPI_HPET_PAGE_PROTECT4 is true. ~Andrew --- xen/arch/x86/domain_build.c | 12 1 file changed, 12 insertions(+) diff --git a/xen/arch/x86/domain_build.c b/xen/arch/x86/domain_build.c index aa3bf0f..788f7db 100644 --- a/xen/arch/x86/domain_build.c +++ b/xen/arch/x86/domain_build.c @@ -36,6 +36,9 @@ #include asm/bzimage.h /* for bzimage_parse */ #include asm/io_apic.h #include asm/hap.h +#ifdef CONFIG_HPET_TIMER +#include asm/hpet.h /* for hpet_address */ +#endif #include public/version.h @@ -1516,6 +1519,15 @@ int __init construct_dom0( rc |= iomem_deny_access(d, sfn, efn); } +#ifdef CONFIG_HPET_TIMER +/* Prevent access to HPET */ +if ( hpet_address != 0 ) +{ +mfn = paddr_to_pfn(hpet_address); +rc |= iomem_deny_access(d, mfn, mfn); +} +#endif + BUG_ON(rc != 0); if ( elf_check_broken(elf) ) ___ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel