[Xen-devel] [PATCH] vpci: don't allow access to devices not assigned to the domain

Mon, 02 Sep 2019 04:32:11 -0700 

Don't allow the hardware domain to access the PCI config space of
devices not assigned to it. Ie: the config space of iommu devices
in use by Xen should not be accessible to the hardware domain.

Note that access from the hardware domain to config space regions
where Xen hasn't detected any devices is still allowed.

Signed-off-by: Roger Pau Monné <roger....@citrix.com>
---
 xen/drivers/vpci/vpci.c | 31 +++++++++++++++++++++++++++----
 1 file changed, 27 insertions(+), 4 deletions(-)

diff --git a/xen/drivers/vpci/vpci.c b/xen/drivers/vpci/vpci.c
index 758d9420e7..761aa40f99 100644
--- a/xen/drivers/vpci/vpci.c
+++ b/xen/drivers/vpci/vpci.c
@@ -319,7 +319,21 @@ uint32_t vpci_read(pci_sbdf_t sbdf, unsigned int reg, 
unsigned int size)
     /* Find the PCI dev matching the address. */
     pdev = pci_get_pdev_by_domain(d, sbdf.seg, sbdf.bus, sbdf.devfn);
     if ( !pdev )
+    {
+        pcidevs_lock();
+        pdev = pci_get_pdev(sbdf.seg, sbdf.bus, sbdf.devfn);
+        pcidevs_unlock();
+        if ( pdev )
+            /* Drop reads to devices not assigned to the domain. */
+            return data;
+
+        /*
+         * Let the hardware domain access config space regions for non-existent
+         * devices.
+         * TODO: revisit for domU support.
+         */
         return vpci_read_hw(sbdf, reg, size);
+    }
 
     spin_lock(&pdev->vpci->lock);
 
@@ -418,13 +432,22 @@ void vpci_write(pci_sbdf_t sbdf, unsigned int reg, 
unsigned int size,
         return;
     }
 
-    /*
-     * Find the PCI dev matching the address.
-     * Passthrough everything that's not trapped.
-     */
+    /* Find the PCI dev matching the address. */
     pdev = pci_get_pdev_by_domain(d, sbdf.seg, sbdf.bus, sbdf.devfn);
     if ( !pdev )
     {
+        pcidevs_lock();
+        pdev = pci_get_pdev(sbdf.seg, sbdf.bus, sbdf.devfn);
+        pcidevs_unlock();
+        if ( pdev )
+            /* Ignore writes to devices not assigned to the domain. */
+            return;
+
+        /*
+         * Let the hardware domain access config space regions for non-existent
+         * devices.
+         * TODO: revisit for domU support.
+         */
         vpci_write_hw(sbdf, reg, size, data);
         return;
     }
-- 
2.22.0


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

Reply via email to