From nobody Tue Nov 11 10:09:51 2025 Delivered-To: importer@patchew.org Received-SPF: none (zoho.com: 192.237.175.120 is neither permitted nor denied by domain of lists.xenproject.org) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=none (zoho.com: 192.237.175.120 is neither permitted nor denied by domain of lists.xenproject.org) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=fail(p=none dis=none) header.from=kernel.org ARC-Seal: i=1; a=rsa-sha256; t=1565912250; cv=none; d=zoho.com; s=zohoarc; b=iKp6pHQ6caA5lSOe4FGEEl+UG2gLxWUWjLDM0g6oTsuDFsOXunst7MFTKoLpm3ncFy7RBW1tqb9ZJi4sDOymPQ2rawR2NclBpoHxgjqleNrTew1/w+tMbZc58M+7z7QP7CJ+pMXVrxIbE2k6utZ0v+NtgCHcHzuPaBkjkSV9MSo= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1565912250; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results; bh=dGh4yFa0aEmEEbezeLXOYaX0xOwVa7zDRgo19ndmaBU=; b=meulrMSgPcIfTY3zCuPfMLcUd1UOmXJCkD9X4GBEgxhGF96ifCbm9cHRCGzoZU2qjDCEHXOFPfansZ9F0GJ/m2NaFzgGp5y1dw/zOoxwjG+rCZRx/iG7Rw5ia98/S3o1mVrmTGnhhudqb3esDRfkwzwHn8Eap9Jy2VdqgcXKpQU= ARC-Authentication-Results: i=1; mx.zoho.com; dkim=fail; spf=none (zoho.com: 192.237.175.120 is neither permitted nor denied by domain of lists.xenproject.org) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 156591225056342.76340608619603; Thu, 15 Aug 2019 16:37:30 -0700 (PDT) Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1hyPIB-0004aS-Mp; Thu, 15 Aug 2019 23:36:27 +0000 Received: from us1-rack-iad1.inumbo.com ([172.99.69.81]) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1hyPI9-0004YI-Vh for xen-devel@lists.xenproject.org; Thu, 15 Aug 2019 23:36:26 +0000 Received: from mail.kernel.org (unknown [198.145.29.99]) by us1-rack-iad1.inumbo.com (Halon) with ESMTPS id 7efa37f8-bfb5-11e9-b90c-bc764e2007e4; Thu, 15 Aug 2019 23:36:25 +0000 (UTC) Received: from sstabellini-ThinkPad-T480s.xilinx.com (c-67-164-102-47.hsd1.ca.comcast.net [67.164.102.47]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 9ECCB2173E; Thu, 15 Aug 2019 23:36:24 +0000 (UTC) X-Inumbo-ID: 7efa37f8-bfb5-11e9-b90c-bc764e2007e4 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1565912184; bh=AThwz4wThr4JPginnrcX3zZoiJJtt2Vt6Zaw7pTFK9o=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=ClFHFJFAkBu9scenHqEGBm63w970w+Cpw1/Ui2T35T2NVxwNgqefVIoifBBvj0xF8 vAqr6Nmy/Q+WrIq5nGJJMR/nKaq5ixqQo5n7yAeuaxawrvqRH+hcCRWd4dGlqXJ7G7 oCiO8tin/HjzIsCl6HFkksKWi2qJEwrQJlee7iYo= From: Stefano Stabellini To: xen-devel@lists.xenproject.org Date: Thu, 15 Aug 2019 16:36:17 -0700 Message-Id: <20190815233618.31630-7-sstabellini@kernel.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: References: Subject: [Xen-devel] [PATCH v6 7/8] xen/arm: don't iomem_permit_access for reserved-memory regions X-BeenThere: xen-devel@lists.xenproject.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Cc: Stefano Stabellini , julien.grall@arm.com, sstabellini@kernel.org, Volodymyr_Babchuk@epam.com MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Errors-To: xen-devel-bounces@lists.xenproject.org Sender: "Xen-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) Don't allow reserved-memory regions to be remapped into any unprivileged guests, until reserved-memory regions are properly supported in Xen. For now, do not call iomem_permit_access on them, because giving iomem_permit_access to dom0 means that the toolstack will be able to assign the region to a domU. Signed-off-by: Stefano Stabellini --- Changes in v6: - compare against "/reserved-memory/" Changes in v5: - fix check condition - use strnicmp - return error - improve commit message Changes in v4: - compare the parent name with reserved-memory - use dt_node_cmp Changes in v3: - new patch --- xen/arch/arm/domain_build.c | 24 ++++++++++++++++-------- 1 file changed, 16 insertions(+), 8 deletions(-) diff --git a/xen/arch/arm/domain_build.c b/xen/arch/arm/domain_build.c index 4c8404155a..673ffa453f 100644 --- a/xen/arch/arm/domain_build.c +++ b/xen/arch/arm/domain_build.c @@ -1155,15 +1155,23 @@ static int __init map_range_to_domain(const struct = dt_device_node *dev, bool need_mapping =3D !dt_device_for_passthrough(dev); int res; =20 - res =3D iomem_permit_access(d, paddr_to_pfn(addr), - paddr_to_pfn(PAGE_ALIGN(addr + len - 1))); - if ( res ) + /* + * Don't give iomem permissions for reserved-memory ranges to domUs + * until reserved-memory support is complete. + */ + if ( strnicmp(dt_node_full_name(dev), "/reserved-memory/", + strlen("/reserved-memory/")) !=3D 0 ) { - printk(XENLOG_ERR "Unable to permit to dom%d access to" - " 0x%"PRIx64" - 0x%"PRIx64"\n", - d->domain_id, - addr & PAGE_MASK, PAGE_ALIGN(addr + len) - 1); - return res; + res =3D iomem_permit_access(d, paddr_to_pfn(addr), + paddr_to_pfn(PAGE_ALIGN(addr + len - 1))); + if ( res ) + { + printk(XENLOG_ERR "Unable to permit to dom%d access to" + " 0x%"PRIx64" - 0x%"PRIx64"\n", + d->domain_id, + addr & PAGE_MASK, PAGE_ALIGN(addr + len) - 1); + return res; + } } =20 if ( need_mapping ) --=20 2.17.1 _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel