From nobody Fri May 17 06:43:16 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; arc=pass (i=1 dmarc=pass fromdomain=suse.com); dmarc=pass(p=quarantine dis=none) header.from=suse.com ARC-Seal: i=2; a=rsa-sha256; t=1683806760; cv=pass; d=zohomail.com; s=zohoarc; b=lNF7KgtURTq14BcWd9y8BOEpGL6e34ktE7xzGewHYYEFKV8M7JynrmYV/QxLnalOL7L425/pXByPCGQj2+9+l/AkNMKbC8YS9rzN/JTr3NMyVYtKdULsPuPTZnq3OAxui2OELVWSWHX/EqbNmTvo/qrg33Y2GSLvHXFy1Q+SlhU= ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1683806760; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=85NF9wUGCDebSUIxy5wAPMqsl7IvRarqbL2JP+ygPsw=; b=ahbQ6Lwl7HDryCMzJmnnHkXFOqdKDGCBXsctAugcimlLa9rffdXqSVXzEdNVPQa9NSYUZ2KD99RC+KSLkfssf8Xl0xAuM5uOEcraj9zusnjN0ts6/rB19IfKo8bhDyfsP4Nnb+iZxGVgPUEc1ctmtl8dmWHptGqBAQEnKiKZt8k= ARC-Authentication-Results: i=2; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; arc=pass (i=1 dmarc=pass fromdomain=suse.com); dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 168380676037410.539363365189615; Thu, 11 May 2023 05:06:00 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.533313.829851 (Exim 4.92) (envelope-from ) id 1px52s-0007l4-CW; Thu, 11 May 2023 12:05:18 +0000 Received: by outflank-mailman (output) from mailman id 533313.829851; Thu, 11 May 2023 12:05:18 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1px52s-0007kx-9f; Thu, 11 May 2023 12:05:18 +0000 Received: by outflank-mailman (input) for mailman id 533313; Thu, 11 May 2023 12:05:17 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1px52r-0007kb-7u for xen-devel@lists.xenproject.org; Thu, 11 May 2023 12:05:17 +0000 Received: from EUR04-DB3-obe.outbound.protection.outlook.com (mail-db3eur04on0611.outbound.protection.outlook.com [2a01:111:f400:fe0c::611]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id 172baf42-eff4-11ed-b229-6b7b168915f2; Thu, 11 May 2023 14:05:16 +0200 (CEST) Received: from VE1PR04MB6560.eurprd04.prod.outlook.com (2603:10a6:803:122::25) by VI1PR04MB7072.eurprd04.prod.outlook.com (2603:10a6:800:12c::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6363.33; Thu, 11 May 2023 12:05:14 +0000 Received: from VE1PR04MB6560.eurprd04.prod.outlook.com ([fe80::8e41:82b6:a27f:2e0c]) by VE1PR04MB6560.eurprd04.prod.outlook.com ([fe80::8e41:82b6:a27f:2e0c%4]) with mapi id 15.20.6363.033; Thu, 11 May 2023 12:05:14 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 172baf42-eff4-11ed-b229-6b7b168915f2 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=bwluglEoMsGa+5Na4A+t6A1cK3Y+AiZEPl820Patmrs4jup6/2ePmr1+ksOzNXMJ6PShqua9wlv1ctjKx69//JoABg/y5xozXmaDyezZfHulrDVzh6IOi52XWcFlXM8Rxu1ioW6dxPFfEvaNSWXWUrI2TgVQUmTnjuxZJ2eqUW7kgusKeWpi0Q/L3jF6IdnQ3/fdmL9IlKVffGmvQsiU6mo+LOFUc8bIZ+w3+RlMcMMY3QH60al+YK5mgrSxXaJCQ7ammbyMu9YT+ge1iLnX7K2Nc3BwuP4M959fr0E+H72vfbaMHuP+1A5gBTmaFotTs5i3HDO0ExpRV8Q+HH16pw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=85NF9wUGCDebSUIxy5wAPMqsl7IvRarqbL2JP+ygPsw=; b=j+0cOaR5AJb3eG1lhmEZkaEeZgLAIcFV1ppo8PGza5xmxMfMD29rSrdy1ER8Ld1DFeZGCpTYdlAWBsOlYjRvyAQkiOY/MREyy2xkWrj5d3MKlQhiCYBYTFYSvDV1O55jpXzeSAso/jFsoBt2NPjXdVyabN5YAnGK4iTnrRdvqwCdLD1dJ/7nsPt4oxyYTO9YngU18EuhIL3vVjTnAFPcWTC1U2209an7E69NMdpe6f4YZslKrCM+DtDlJ2ayErJ2KvZsYxAKWSqKBfMarEMNg/SlXowEJ5cLGXsgA1hsylJBnjFlWH3+GLgKJqFwl+xNRrdWDBg6yZSSZs7o7GmjYA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=85NF9wUGCDebSUIxy5wAPMqsl7IvRarqbL2JP+ygPsw=; b=fQxm5XDa0eDeggqUKV1E5Yt+gM4kS+D0F5F5b+sho++pK5GGn0Ocq8A/3Y4nGE+f8TJAsTXWv8HO3tFXquft8mZKjsJkwe+qZCnqH3AtibgkBajAaO8QEqmbkRs8aavB8E61nUVPBBl/TINaUA/7UHiWVl5rQABerspwcjS4s6iv7gI40tw0tf1G37O4DG//AJSrTbxTAs+YNKOZPUosoYDNLQsZbhB2PbmOdwGlGNcRu9qEjmoNt0rvIUgiHJZxvsJD8izoJ5YGeS7W1WFiyt8oBRZZbAueLl0o9C5H4NcJrywkX6jI3UKcr0iGuUo1zhDsYyaJjnweI12rl8mPBg== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com; Message-ID: <74c9e6a8-9094-4646-d06f-cfe0a427bb37@suse.com> Date: Thu, 11 May 2023 14:05:11 +0200 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.10.1 Subject: [PATCH 1/7] x86: don't allow Dom0 access to port CF9 Content-Language: en-US From: Jan Beulich To: "xen-devel@lists.xenproject.org" Cc: Andrew Cooper , Wei Liu , =?UTF-8?Q?Roger_Pau_Monn=c3=a9?= References: <95129c04-f37c-9e26-e65d-786a1db2f003@suse.com> In-Reply-To: <95129c04-f37c-9e26-e65d-786a1db2f003@suse.com> Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: FR3P281CA0025.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:1c::23) To VE1PR04MB6560.eurprd04.prod.outlook.com (2603:10a6:803:122::25) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: VE1PR04MB6560:EE_|VI1PR04MB7072:EE_ X-MS-Office365-Filtering-Correlation-Id: f45392f6-06ff-48dd-91b6-08db5217fa5c X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: c49y1dds/UoVd/uTNEFmBLQ3oJz3rTX/ncFYN8Gl0Vxp9/gFlVVMjb34GVj02qh1ffhaFtwgGCK/0TcyoSiPl6jAzEPqWvScr7FRyVCRVCFXjHfrNG21Bw8Lhb2AnvbcHFnvTlEPqnIqTJxLpKmXCnDAXp+l0eLkOB1slj18S0l82ueaxP/zLWpM1PwOzYOr5eg9hJzwXbczTdzh1ENsABEvjoN4e9As4afw1G4oiA6N+Z/n6H4jTjHwhZPDA9xjzQ8b/PF9NF96wPlI5ueYLJWC/ifFLfliWKL4P9ZDiVpHChIWOcXnGIrpuwhyIe7UbajL97GTPPOkoSdNds0WIAb9cRuqknylSLIfE8ojxApptGb+Mzvqq0O14A+aRGzZLbEOVo7CKIVbc3L0o1XQ/y86l0lbgqQuTXfmW8aJwXVxZPldr3ZZBydvk6jter7UwOrgueTutF5wiHgAo1FgOkDC+kx1kCJj9eqqKphfnnvQsRMY12/zRONOJ/sLSolXuzFzR1tbGDAGnBfVG8QbfUT+S5R6dC1xJ02dLDZeLRxJbBoz9rJu26FqAYYqJccr18AvNmJ29JPZf1sT8F/znjdOYYhKSR1s3igq4LVxezLkWc3O1drs1yyxEsw9SqRwsrZhiT9Nfqr9eaMYkIo44w== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:VE1PR04MB6560.eurprd04.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230028)(376002)(366004)(39860400002)(136003)(396003)(346002)(451199021)(31686004)(36756003)(2906002)(41300700001)(86362001)(38100700002)(8676002)(31696002)(5660300002)(4744005)(8936002)(4326008)(316002)(83380400001)(478600001)(66946007)(6506007)(6916009)(186003)(6486002)(6666004)(66476007)(66556008)(26005)(54906003)(6512007)(2616005)(43740500002)(45980500001);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?MUtIL3NXMm1zME84QWdiZUJhWTdSTXp1WS9aOVdtRnIvUGNUbWsrRXpIMkZq?= =?utf-8?B?MUtPZ3RGUkFXL1VpVjNjMFNaTU9LQ3lvb1dURVVkS2xEUkJkMm90UG9BZDl5?= =?utf-8?B?UTV4MFhsVml5M1p3VTNVUmpUNU5RaEF0dkNhM2dJYW9vZW02bjdaclgzSUNo?= =?utf-8?B?U2RVaWRNWmZGa1U3dWFwVVJxdDNLejdPVmEzN0c1cWo0eVBmVUJMSCthT21u?= =?utf-8?B?SnVlZU9LMW81UE1Nbjh3U2F6Y2JUd0xCYndUNlo0aU5qWWg4R2RvRE5jb0hu?= =?utf-8?B?US8rdFZ6UGJjeXhFOURvTHhNZ0N3ekI4MTlvSXJwQVMxbnB2SDFiYXpjTzFs?= =?utf-8?B?czNtUSt2U3JYUkwrczRxb1NNV1QzM0lxejUxdVFzM2g3a1g1ODlFK216YXlN?= =?utf-8?B?UEVuS1lQU1dsMDJIWG9aeGdZVG1tdTh1Zmx6ZmlGdDE4RVNSVVVBdm5WZmVU?= =?utf-8?B?R0xMeVY5S0M4WFJsSDY1Ui81ekJXVzIxQWN6NHJUSm1uRnduK3FRejJXTWti?= =?utf-8?B?ZHNwZnZnK0I3aE5KbnlROWRzb0xLYTNqRHJtWi94VzZwSDJka3JUTTkzQ2dy?= =?utf-8?B?MEYzQVd5WTdqSVFzR2hzaSswejRXZWhweC8wTHBJTGdXS0IzL0U2T1NRNnRt?= =?utf-8?B?UjlxR3djcWUyaHU1Z1M3cXNXbDZEWUpVZ0dFeDFTc1VnYmI5V1lWTmV4bDNN?= =?utf-8?B?VHc0dk14Uk9QUFFwbHlNU3VGMmMycXo0MG0vTEJNYmxNYkErNmI5Z3VzNEtN?= =?utf-8?B?c2x4MUJ5Y01tQnhpUmVlbVYzVWZuUnp0enBDNlVMS1NRLzJGdldVNHhFaFhx?= =?utf-8?B?UXFQZG5XVURqRW42NElGSGZrbnd3TkI2SVp3NzhDMGpoK2lRMDhLZlZEK2dk?= =?utf-8?B?Q251NUlqVms1ZFBmMkdERFVSajk5Q21USmdvZndDcVBaVURRRU5HTHhpSEUz?= =?utf-8?B?Z0ZuN3hwRGd2Q3M3dlpsVGZ2Rm9OZHIvWUNZaG10dzBXeUtwMXpEbDdkSnZ2?= =?utf-8?B?WVVkT2RQTHZob3NtWWxLTytaMVZEY1dvNFJMK2V6QnlPYURZU1JjcWJSQjYw?= =?utf-8?B?OGRRSGx5L05na0xBNHFuWnhXMmQzNy9rRVdjV3ovenNxS3IwamNpcnlNTCtL?= =?utf-8?B?WmtuSTNuVE1ZYW02dmxiSkFvMEpJTFJraGpHNHlsT3N3Z2orVDZnaGlyTENh?= =?utf-8?B?SUZ2enJWR0pOOWlTbndFRk9JTU9iQjZKTmloczM5bW94QW9JcFpFVndkZGdr?= =?utf-8?B?bnJyNUcyWlZOK3B5MU9QMjdnYWgwV0hpbTNvZ05abXpVMFJVR3ZRckkvcWtm?= =?utf-8?B?OVNNR0hFTWpteStaZUVJYi9DRFRObDA5NkJmOWxhMEo4ZjJYUk54ZTYyTkc3?= =?utf-8?B?Rm02cWZ2b3VlNTJRd01PSlgzekJhK2FydG5YYTN6VWgvRW5PVERCK2lzYVIr?= =?utf-8?B?cTc4ZUduemJ3a2w2TksrOURBNW4xQjMvY1ZEUnRYTXREN0JmRkZteHZrNCs0?= =?utf-8?B?NHNTaVRrZ2UzZG1QV2J5T0UzekdPWGVtWVJ6emtZQ25DaWJSVU9JRVpwSTN1?= =?utf-8?B?RlhIZElOWkFlU1VUeGlTMzhWWUdQajJ1d3NESndCWXpMU0Y1azRydXZ4d2kz?= =?utf-8?B?YjhsSjJBMkQ5WjluYzl3Z2NPTnBleGQ5ekJGdG1XdnhsT1F4dllkMEtaZmMy?= =?utf-8?B?M2dlVHA2UVN0ZFRZREhrMzZjeXU0bU1lQnBhRi9ySDJNYXZFUUN6Ym9MT0ZN?= =?utf-8?B?enF3U2I0TDlNKzQrNjErSUQvZzRLRFlDQ2RtZDNLenFtb3VLWm9hNzlLRjU5?= =?utf-8?B?OHdhUHV1RjZIV1FVLy8zeGxjb3NCMXZ2ZDZSQlRGQWlUU1ZQdERsU1lsZThx?= =?utf-8?B?VEZMMkpxN3Q4RmpyRUFQbmNFays3T1ZvRSt0YnR1c0ZBSk9uaTJLVVBrRHZy?= =?utf-8?B?dlB0Zlg3T3RSRSt6Q3Q3a0JTVzFRV1RwVTBhSE9neTkxSHJmc0ZjRElVdTdG?= =?utf-8?B?Z1pwQVgxL3drcWNmY0FZOVpOZ3IzMjc5NXB6WTdPSGFYWTQ2d3VPWkN3ZWZs?= =?utf-8?B?QlMzNzFyRHpVUlUxUmNKWHBsWTRVZ2tQV2EwSjRQdGd1bkhFOTNMaVQzTGVD?= =?utf-8?Q?hQ3JxBXt4YH4HBc+P/UqpnVAa?= X-OriginatorOrg: suse.com X-MS-Exchange-CrossTenant-Network-Message-Id: f45392f6-06ff-48dd-91b6-08db5217fa5c X-MS-Exchange-CrossTenant-AuthSource: VE1PR04MB6560.eurprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 11 May 2023 12:05:14.3150 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: f7a17af6-1c5c-4a36-aa8b-f5be247aa4ba X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 414Kk9EEkJzByG44rXWxbzF+68rUKpIQ1ybXTnZw2O44GyKBPs81HIQ1nYmSYLJjpDc9Not9a/zw0yLyNv/eiw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR04MB7072 X-ZohoMail-DKIM: pass (identity @suse.com) X-ZM-MESSAGEID: 1683806762489100001 Content-Type: text/plain; charset="utf-8" This allows to initiate machine reset, which we don't want to permit Dom0 to invoke that way. While there insert blank lines and convert the sibling PCI config space port numbers to upper case, matching style earlier in the function. Signed-off-by: Jan Beulich Acked-by: Roger Pau Monn=C3=A9 --- a/xen/arch/x86/dom0_build.c +++ b/xen/arch/x86/dom0_build.c @@ -503,8 +503,13 @@ int __init dom0_setup_permissions(struct /* ACPI PM Timer. */ if ( pmtmr_ioport ) rc |=3D ioports_deny_access(d, pmtmr_ioport, pmtmr_ioport + 3); - /* PCI configuration space (NB. 0xcf8 has special treatment). */ - rc |=3D ioports_deny_access(d, 0xcfc, 0xcff); + + /* Reset control. */ + rc |=3D ioports_deny_access(d, 0xCF9, 0xCF9); + + /* PCI configuration space (NB. 0xCF8 has special treatment). */ + rc |=3D ioports_deny_access(d, 0xCFC, 0xCFF); + #ifdef CONFIG_HVM if ( is_hvm_domain(d) ) { From nobody Fri May 17 06:43:16 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; arc=pass (i=1 dmarc=pass fromdomain=suse.com); dmarc=pass(p=quarantine dis=none) header.from=suse.com ARC-Seal: i=2; a=rsa-sha256; t=1683806787; cv=pass; d=zohomail.com; s=zohoarc; b=iMrAxQX6OL/hBbdZMdyBREE0nKVLicj1vU08+9O16olNr53ffyi8UQEoByH4udBFHa02yA3dxnSRd3NPw66zXBAWiDXabMQj/f0kXfzah4nZzrPpMvw4fzl5FKbBgu0CmNX481FdhWIHgv61Rrin3GnkD1jgTjnHOnFB4un1vX4= ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1683806787; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=CR+eUbj/5Je+MQ4vbE1qFcIftH2nxRaJNZbDsHnTN30=; b=R3Rh2oZ3GES8GwQLt/Ab3SNZ390QOYD8ZcMd3bqyTJYO7XJgDt/jJzCTvp9c27yiUajB4h7B0EwEkhgI1dRgHzY415p+FYp5HfsOsp6yZL1XzTjSLcfmkGZx5m4k/pM+RaHILcUpyIsaiQCE1KJiR4ohnKSckgs5PG1hD3lSEbM= ARC-Authentication-Results: i=2; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; arc=pass (i=1 dmarc=pass fromdomain=suse.com); dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1683806787853407.08776352798725; Thu, 11 May 2023 05:06:27 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.533316.829861 (Exim 4.92) (envelope-from ) id 1px53Q-0008Bl-K9; Thu, 11 May 2023 12:05:52 +0000 Received: by outflank-mailman (output) from mailman id 533316.829861; Thu, 11 May 2023 12:05:52 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1px53Q-0008Be-HU; Thu, 11 May 2023 12:05:52 +0000 Received: by outflank-mailman (input) for mailman id 533316; Thu, 11 May 2023 12:05:51 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1px53P-0008BT-Cf for xen-devel@lists.xenproject.org; Thu, 11 May 2023 12:05:51 +0000 Received: from EUR05-AM6-obe.outbound.protection.outlook.com (mail-am6eur05on2062f.outbound.protection.outlook.com [2a01:111:f400:7e1b::62f]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id 2ba90d4c-eff4-11ed-b229-6b7b168915f2; Thu, 11 May 2023 14:05:50 +0200 (CEST) Received: from VE1PR04MB6560.eurprd04.prod.outlook.com (2603:10a6:803:122::25) by VI1PR04MB7072.eurprd04.prod.outlook.com (2603:10a6:800:12c::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6363.33; Thu, 11 May 2023 12:05:47 +0000 Received: from VE1PR04MB6560.eurprd04.prod.outlook.com ([fe80::8e41:82b6:a27f:2e0c]) by VE1PR04MB6560.eurprd04.prod.outlook.com ([fe80::8e41:82b6:a27f:2e0c%4]) with mapi id 15.20.6363.033; Thu, 11 May 2023 12:05:47 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 2ba90d4c-eff4-11ed-b229-6b7b168915f2 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=WdselYRAYcXbhpzaS6z2V0aX9Eb2tElMtKD/HI3zCG3yFxoEOgLxGPGoPWc+kBYzOVinix1he5Mey9uM4+6NIhwA/vt432E2Xo9dQoInvPI7flemYA1n3/HuGxG20iNQPl22oOjwDi34d6jLQa5Jb5qA0UmJhGxxNFaZHutw88VqCK4GTuSucNDf1Fj26JaxlLpT0B/f1rgvQ3aJDoURlxSmFdORnFsB5ECrtG8ogh9zgLbC7vmuTONiYwQvB9adDg8Yl+0F3Z5pN9fd7mh5pTwUlsRrYxqEGxHvN9sHF13Vg+XoURQZuOLQ+NuLLDVAMzzgi9zyw/+kEzh7s+Ejpg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=CR+eUbj/5Je+MQ4vbE1qFcIftH2nxRaJNZbDsHnTN30=; b=dEYNR9elkY97Kh/NWmiBiv7wYpgr1QixASMvbvXk8YxOW9IZjkHB/LmXp6yZT+xIvOmn7GnrpM0T/OhtRC3KDG8NuQV7czzcXyeopSzx6VirYUUfORKsZP0DnYcysMpNfdlGf8XeLnWG1pYU4WVq/eAp3fpZ3zPfF7rZ1ahqHM7FWAt3yVW6iioByk3qz1Q3X9P1J4wXav1ljMd0m7mE5k74HYrYfiXKrgN3ri2DgQI5C5ZwtVDS8BY+YuODkuYS0nDB1BIzhshb49wV3yye45O7TEu7DoxETsvLgedX0XqC2+we7tWHwT+mmJIeDKKRW8FZcgma4T17uCSK0k+sEg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=CR+eUbj/5Je+MQ4vbE1qFcIftH2nxRaJNZbDsHnTN30=; b=gmvVD31Uzhmc3065LJVJD9vi3aSZRZ0SRr0ZKUUEJ4jDyYLsDie5v7UqSL1pdf9Vgf+kpazZ5/256oLgfhqcxswyI9hi3L2F/pja4Li0dHYZmk+Xl/37tSOs3VM0D7zUjVfPCZ0NrrkhSGQvBP+cfijzmhDqmi3qdimIWhAOdEsWW1b9UNMVUx8X+h9S7ewjqeelfLY2mfbgDemyPF6U4q+l1nzJ0rWllCAAnjhyKGEfUxA0rQIroNw24cU7nFPu8AsPYZkzj+ub0Lv362uX/EBKVPUruF1gIFalYs0uVURuNjmGeytL76RidoHWg1Da1SjoUvC6DQNUjtcACVfBRw== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com; Message-ID: Date: Thu, 11 May 2023 14:05:45 +0200 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.10.1 Subject: [PATCH 2/7] x86: don't allow Dom0 access to port 92 Content-Language: en-US From: Jan Beulich To: "xen-devel@lists.xenproject.org" Cc: Andrew Cooper , Wei Liu , =?UTF-8?Q?Roger_Pau_Monn=c3=a9?= References: <95129c04-f37c-9e26-e65d-786a1db2f003@suse.com> In-Reply-To: <95129c04-f37c-9e26-e65d-786a1db2f003@suse.com> Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: FR3P281CA0023.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:1c::7) To VE1PR04MB6560.eurprd04.prod.outlook.com (2603:10a6:803:122::25) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: VE1PR04MB6560:EE_|VI1PR04MB7072:EE_ X-MS-Office365-Filtering-Correlation-Id: 33aa4a28-5125-4ced-661a-08db52180e4a X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: HM2sNlcV4vHZe7NyVOKjkwNirF8rzK75n/dcGPlPlZ5mnucRyJCOboYRuBDhAK4NoavUUR71AiXbu6EoiY4AJlYi6FBV1maIV76FXFN+hs+aX74FV2frTPisNepXVPVgFsxe8/7lvdUxcfeXkvnXrTN1Ap3jOWSlCPGI6ycMy0GDFufj6JVRj1jaKNTKEoJQ5JUWPHh+eoSIddZJFB8s3IcxaURbL4/z9GG4BylrhmvzgorDAe5e/nEaa9LD4GNwGQwZmGgsIatwPZKZCc5xE/jCgkr2arQGr4vAN9xnu1p1klWQFGExQqPXLyh+ySxjbr9NncAn6PIf/ER8Xd7B/BNEcwRslv25kJPH4P0wHJ2iF/4yLE0WY6yVGEXomOCvJymjS9zFCTEeLq64pdt/6+hHqnDTJzqIToKsJw0ImORpPmqMrf245cyFx7AEeR+tVV7HIkmD5jgxwpult3DFoTUCJAwKv68hI+BXI7FCb0siKigC4P0dRSSM860MzQnNSeGmFLpej4gA5MS16ir4JPrccOQNqBb5IaqT8d+V5qId676Fm0WMNyTmUAKyzsgG6ohrppBeglspV8bBklRjM9Rp7aDOO/JItrafBalPmuVHP+FA00DL3EHosXgjbgByAL9pnIXd2EmkSBg3hQtvPg== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:VE1PR04MB6560.eurprd04.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230028)(376002)(366004)(39860400002)(136003)(396003)(346002)(451199021)(31686004)(36756003)(2906002)(41300700001)(86362001)(38100700002)(8676002)(31696002)(5660300002)(4744005)(8936002)(4326008)(316002)(83380400001)(478600001)(66946007)(6506007)(6916009)(186003)(6486002)(66476007)(66556008)(26005)(54906003)(6512007)(2616005)(43740500002)(45980500001);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?TVVjMzZ3ZmwwcWhKUExTMHE3RklyQmRNNUFzcTBWTm10Q0tJVWp2NVJ5dXBy?= =?utf-8?B?Wk55YURGMEZ5TEl4dm55VGUwT3JaaW15Tk9ZaGpUYzFOU3cwSms4bTlNalJY?= =?utf-8?B?TkhrT2IveGJHbUVKanlweUgwaW51ZWhySXhNa2cyU3VNckVpK3ExYzI1b1Bh?= =?utf-8?B?bXc0Rjdka1ZOcWhJTGlzRURDQXViS3BCTWZVc3dlcnJMamFFZDU4NmZMcWRl?= =?utf-8?B?VU9CUnpzdGsvTzhrbUtHbXJWYjRLa1hMN0FycE5rWnlvbWRWU0hrR2tGdW1n?= =?utf-8?B?NHdEbjNsUlFTYVlZbEJoTGtTeHVPbm1DaXA4YXhxM2Y4ZDVYcExqenhXblVZ?= =?utf-8?B?ZzM5eVgzRVdJVWg1bmxWZ3p4cG5kS2dVVWlvQktSQTdhVjQrM091NW9MUjNx?= =?utf-8?B?VW5aQWducExXUWxXVVA4b1RBbnlmOHQwV2pyQ2tFZ0JlVXFiOXcrR01Wcmgw?= =?utf-8?B?amRWMEd4YWxTRG1OSUppZnJCV0hlbysxMDhzSVZUNUlBL2xOV0NSNHVabkdw?= =?utf-8?B?ZFNlSTYyUW1mcElmWnhPYU5oRW1UaXdYTEo3d1RPZUlpRUQzaWFiNkFPOTRZ?= =?utf-8?B?MXJpZEY3RjFvV0NOaWJVS1Fodk9aRjFXVy9CNlR6bloxdnRUN2FwU21UYWNP?= =?utf-8?B?QW9VVmlkQlJEWWZadVAza3RuZ2dRQ3hXMWRQNHBGNjVWOCt0NTFOZGhrVHgw?= =?utf-8?B?bVBheENZOWRaU2U4anE4K2ZibWJBSkxvRy9tUURXaXB5blpyMUtQUXJlcVRB?= =?utf-8?B?cjg2aTV0dWFGUjdFaTZmTXZuMEwvWjQyNGRNclAwUStLU2YyQ2tZc1dKK085?= =?utf-8?B?UThWZ3VOMkYyMCtyRC8rNkZoUndBZ2xHa2dpVzZnN0dLK0dYTTdzV1NkajNY?= =?utf-8?B?SkxiSFFXTjg2b2VrVXpNbXJJTzZPNnlNZGFoS2tpdmdKWkM2cHg1WFRtc2NY?= =?utf-8?B?Nm5NYWx1VzlGa1FoZDZyRzZ5OEpmK0pBS2hySnRJNjZnd2ZzNm56cURZc3JN?= =?utf-8?B?Z1dHYTJsQ0ZVYnY0aFFreGNxOTJXNGVCT2pMVDdQSDV6Rkp5eENjRGJRSVgv?= =?utf-8?B?NGpUZmxhcmdLOUtWSDM2VkVOLzlwc3ZwN1Q3dEF0WXRPaitlUEsyOGZ6aE9O?= =?utf-8?B?OXlhS0h4eHZLcEJyQ0ZxMVk4L0VRKzhMU3VWWkNGYm9LcHZiU3U3c0RZZ2pJ?= =?utf-8?B?RFdhTnVvRnVMZzJPSU5VckFnZ3l2NTJCdlZCdStueVZRd2U3VVhyZ1VqWXhX?= =?utf-8?B?NlVJMnBjOVlUNGtZMXV6MTlXeXpiYmVueTJCQlRXR2d1WXpVUEZETXlXTHZ3?= =?utf-8?B?c2VMRDdtV2JwRTJwRDFOaVk3MkNscVdoYU1oVDV6L1k4S1pER29ydXFFZjF5?= =?utf-8?B?VURLSTR6Vk92ZHdKK1FQcmk0cmdGWE9lbkE2djdNaVdqZUtPcE1Md01vNkZM?= =?utf-8?B?c2tMV1ZUYW9Vc1krYkxQN1FXMUxXUW02NnUrcXYyUGczZXRPZUkyQkkyMFhI?= =?utf-8?B?WlJxYW9teUprWGZtRlZicnFVWkZwYnVDcEZTYk9EY0cwY0hUVXAwZ3g1enJG?= =?utf-8?B?NmJyYVBDWEJKd1lGbUdkWVM4WDhvY3NZRE94VTB2R3RXMElUZURWcmRTaUtl?= =?utf-8?B?NTYyNERVYlFQeHR0ZXNwc2lsVWtjSlQ3Y1drY2wrT2RwUmFkVmRwMHEvbDVq?= =?utf-8?B?N0owMGo5TWpxVlg5b0VocDhubnNlTmNtNThCWUJtbHlDaVp6U3FzTm1wemJy?= =?utf-8?B?bnROaGdBUk1jbGR6MjlBMmRPdHBJWU9wMk9BYS82YXk1WVhVS3lTSEVBSVRL?= =?utf-8?B?MGRrdEtSaWhDeS9tRkMvQmRtV2JSSlJRRDJFSHFwVjBwZitHYnBjZkwwWjdo?= =?utf-8?B?aUt6a21ZZ1RvdE9wNUxmL0hDeVNrWEd1eEthTDNUNWVaeWFzUW84a1B2WHpO?= =?utf-8?B?Q1YwMDg2Zk9vV29KQ3FOWHB2ZFFNdlB2bExadWRHaW1HVVhDSDJPeERxaVgz?= =?utf-8?B?NUp3bnRLK1JMbjNpRGU1NW9mTjNyZ1VFRFNheTVYdWFvRmpaTDArRzlwUm9i?= =?utf-8?B?S0pkZUtwYWRGcjJ0ZGpyMG5RbnBHRmtHbjJEMjVneURUc0s1VlpZRGVkVXhj?= =?utf-8?Q?FRp6Wq2q1EAL9fjrPLn8QTOYI?= X-OriginatorOrg: suse.com X-MS-Exchange-CrossTenant-Network-Message-Id: 33aa4a28-5125-4ced-661a-08db52180e4a X-MS-Exchange-CrossTenant-AuthSource: VE1PR04MB6560.eurprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 11 May 2023 12:05:47.6798 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: f7a17af6-1c5c-4a36-aa8b-f5be247aa4ba X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 9nbRYqbki1naMA/9xJWjk8F753BmG7VTR0U/KIGTSvkEF5vVfyrveuwMg7Xv2T7ChHxEMrWfqPEO0VSg/Aj61Q== X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR04MB7072 X-ZohoMail-DKIM: pass (identity @suse.com) X-ZM-MESSAGEID: 1683806788959100001 Content-Type: text/plain; charset="utf-8" Somewhat like port CF9 this may have a bit controlling the CPU's INIT# signal, and it also may have a bit involved in the driving of A20M#. Neither of these - just like CF9 - we want to allow Dom0 to drive. Signed-off-by: Jan Beulich Acked-by: Roger Pau Monn=C3=A9 --- a/xen/arch/x86/dom0_build.c +++ b/xen/arch/x86/dom0_build.c @@ -500,6 +500,10 @@ int __init dom0_setup_permissions(struct rc |=3D ioports_deny_access(d, 0x40, 0x43); /* PIT Channel 2 / PC Speaker Control. */ rc |=3D ioports_deny_access(d, 0x61, 0x61); + + /* INIT# and alternative A20M# control. */ + rc |=3D ioports_deny_access(d, 0x92, 0x92); + /* ACPI PM Timer. */ if ( pmtmr_ioport ) rc |=3D ioports_deny_access(d, pmtmr_ioport, pmtmr_ioport + 3); From nobody Fri May 17 06:43:16 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; arc=pass (i=1 dmarc=pass fromdomain=suse.com); dmarc=pass(p=quarantine dis=none) header.from=suse.com ARC-Seal: i=2; a=rsa-sha256; t=1683806833; cv=pass; d=zohomail.com; s=zohoarc; b=gTj/HG13S+5+7uzBxKNvODrb9UXHNbOngTrBj9DKRkFqXHStev1ZZue3b3OtvxhzOcWDlbuG1sQ3wHnzCnIB6yIJip/5orCygtS4T69Cf5vv++xjklN53aWT0+/HjVvc0AEI4KhYGjIPI5lXmb9rfjPE7oB7Sc8/UaB3AWJe0Zg= ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1683806833; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=tKCZe8aIk+i5ppy7aKMs7dwLZsehuRpn4OGEOjQsCn8=; b=E6vfjTJ1eilDVHBmGBwyZHieutVKQH4GlNRMsYeIQbbkT/X1dn81bYwRvszD1q79s/zoVVDim1I6NdNZM4LjOVGm+GGrQ8gc6U1ensXnEU9svp8/SC28Ehqw41n0mxaGHSK2JNqx0qoS8pb5mmszjnKDKLpXuh7Te/AnYsXXc6s= ARC-Authentication-Results: i=2; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; arc=pass (i=1 dmarc=pass fromdomain=suse.com); dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 16838068332504.946183168755738; Thu, 11 May 2023 05:07:13 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.533321.829871 (Exim 4.92) (envelope-from ) id 1px544-0000PG-2P; Thu, 11 May 2023 12:06:32 +0000 Received: by outflank-mailman (output) from mailman id 533321.829871; Thu, 11 May 2023 12:06:32 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1px543-0000P9-VC; Thu, 11 May 2023 12:06:31 +0000 Received: by outflank-mailman (input) for mailman id 533321; Thu, 11 May 2023 12:06:30 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1px542-0000KI-C4 for xen-devel@lists.xenproject.org; Thu, 11 May 2023 12:06:30 +0000 Received: from EUR05-AM6-obe.outbound.protection.outlook.com (mail-am6eur05on20628.outbound.protection.outlook.com [2a01:111:f400:7e1b::628]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id 426e7a90-eff4-11ed-8611-37d641c3527e; Thu, 11 May 2023 14:06:28 +0200 (CEST) Received: from VE1PR04MB6560.eurprd04.prod.outlook.com (2603:10a6:803:122::25) by VI1PR04MB7072.eurprd04.prod.outlook.com (2603:10a6:800:12c::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6363.33; Thu, 11 May 2023 12:06:27 +0000 Received: from VE1PR04MB6560.eurprd04.prod.outlook.com ([fe80::8e41:82b6:a27f:2e0c]) by VE1PR04MB6560.eurprd04.prod.outlook.com ([fe80::8e41:82b6:a27f:2e0c%4]) with mapi id 15.20.6363.033; Thu, 11 May 2023 12:06:27 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 426e7a90-eff4-11ed-8611-37d641c3527e ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=M9rNuV6oyWbE2uBeBsPkTsuA1LQEhfWPJGlfDdTG+eCc4nFJ9IvPLhcjAyF9hOdhwjxn+NG1VLa8NvE4YyNAtD396e3nBBDGkXgDcPzrse7LzbcRk8/1NgzVSy8cX+L8zXbvMbhNJ0VPxSjk3bOTht9crGPsxjket+YvozCZav5xMzfSyOMZKoJTCi82lqOzukmKIGyliK8SbA+NjuMaNgOsWUujjVrrrvqv2Vq0ssj8wtZYEzu3ijpSYklIXwIwhXHJxIdtRHLf0b5PZdiOFqJ6GQadFluIrXLoM4cY50wK94dvB1g9hfMrqYIbGVz0so8YcRyw9cU0QO5X8FZDjw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=tKCZe8aIk+i5ppy7aKMs7dwLZsehuRpn4OGEOjQsCn8=; b=VP0tD1NzrJa8S6aWmgsv/IJZj5kG0/rQ3LkhxYSLZ3RABWGyBqpazCta2KweHVmHklcOf5jw5uBzwRXFko5vlbr1GT0zeg1DLDYTGDkTovPETsSxclUfa9TEPlzDTTHJaUJdImimJNlrrabzMIIsFbF2mVoa8saYmdlqQO/VESQrqrUjeWO52mSPMdH6Lhj0hbZWDyCfy694ukj1KixHmnZRJVPWa5ZD70KJm95h+bJbJolHyzr50TFcHNqAFzuUSjMAHtcP/9F3HLeaqP4zcp9eY2wOdMmop3WCZD5955oh4Q55W2gi9O/XTMLuYgrQtS8d4kVmaJ1ID1Oc80NyvA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=tKCZe8aIk+i5ppy7aKMs7dwLZsehuRpn4OGEOjQsCn8=; b=L8OXzxY91fz/m6MhXXbcOq7WdAXBqT5zMoJkmBOg53zoH1KW4xP2Y/g1Ria0APjRjaAJv795aDcCnhVxu86eiXC7/ygIe9mYc3EUYjSnju8wo91yLgMNlAiviYxEErC4sXtb+NksoywKOEyAaBTATghK//yjXph8Thj9i5n/2ICbTfINUFWPiEf1vqrCfl0LWy1bTQJoHNMKGQiodbsubX8c1UqaFDrEei0WLEdzItz4PAzObQKWRmMKmlnLbloY9Dce18o3BHgJiEasCyF3t8Fgf6kLDxG97KanDXszvvpdaGpuqNVVgXckUsuvudEfL8b9wuDp25LnoNlfCU+POA== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com; Message-ID: Date: Thu, 11 May 2023 14:06:25 +0200 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.10.1 Subject: [PATCH 3/7] x86/PVH: deny Dom0 access to the ISA DMA controller Content-Language: en-US From: Jan Beulich To: "xen-devel@lists.xenproject.org" Cc: Andrew Cooper , Wei Liu , =?UTF-8?Q?Roger_Pau_Monn=c3=a9?= References: <95129c04-f37c-9e26-e65d-786a1db2f003@suse.com> In-Reply-To: <95129c04-f37c-9e26-e65d-786a1db2f003@suse.com> Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: FR0P281CA0018.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:15::23) To VE1PR04MB6560.eurprd04.prod.outlook.com (2603:10a6:803:122::25) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: VE1PR04MB6560:EE_|VI1PR04MB7072:EE_ X-MS-Office365-Filtering-Correlation-Id: de9a531f-cd8d-43a3-9e1f-08db521825d7 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: YBmn72Z+88o0bYT92PouPSfxs2iuuPRfekHVGWd7ri6Eg7N/7RfG5m5/Jy01klu+sFGO0uc24lBNfD+ID2kKQJnfgcEYIiDZJ/RCsHfMubQBm//tiRGbSpKu+tPkkBkJMQ7yQeYQrEVkHZapWB5IV4lvHF9UtoJVFsFgOu5Uw88w6qLCobOu/03LAQbmhhz9E0UeN7rZ085tMJUT+rlRWJipUvn1RJDVUC+X0QgBaXqMJBXYuDENea26tkOZBPiN369t0GlFDPnZB2EtT0Y8+6utLlSAGpAV43yvrKaNpNxJCX/eZf2e/yzy8fVNilpPFLkhMYHIZO7bj0k+WJYzdZFHAAOzADsKwJqU1eos/SkYx4keRyjt3uI8UIocJpbflOJpTLedKvfgPpdLNdrTOLJCNRd/kZxdp43KpFvHDwy7PDt4JhplzfLZSto2JYjwMvgSZNSQkH1Crpe1MEHd3KQMMEC9A+Zsumeyegc44n6LF3K0yCCJKhXgBiu4RvOyorhDerB2SB/KtglrlZaJrqIZz2fTFEfBhSH6zPSWFUou8uo8KRhPRHly5yITPtNYEjvoXLO4TxqvBLKoelZYV2cwz3eAI7v/LEbBOxrrBSJdur1JKPVx+Cmc0EWY5xFjRLqoJjxs/GOljdIGOIW5m7gYBPeN00vfoxOrsV9+5sc= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:VE1PR04MB6560.eurprd04.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230028)(376002)(366004)(39860400002)(136003)(396003)(346002)(451199021)(31686004)(36756003)(2906002)(41300700001)(86362001)(38100700002)(8676002)(31696002)(5660300002)(8936002)(4326008)(316002)(83380400001)(478600001)(66946007)(6506007)(6916009)(186003)(6486002)(66476007)(66556008)(26005)(54906003)(6512007)(2616005)(43740500002)(45980500001)(309714004);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?UWl2RXdYZ2o5R1RFcnNmQnh3Z0pKaFNvc2ovQWRwQlI1dGVvVTliZzlpMGdm?= =?utf-8?B?K3R0aDErbTZlN0VEazBPS21Kam1WQlFPNlZUK3hrWENqdWRWRC9ySUIyRU9K?= =?utf-8?B?MEs3c3RjZC9PNWZUL0Y0UGJaSW0vZ2s0V1BDTXJ5T2ZOTDF2M28vZ2xIOUlx?= =?utf-8?B?K2RMNkcxckZoS252NlBRYUJrc2xTVURSTHY2QVhPLzd4OWhCekVvbE5NUmhu?= =?utf-8?B?bGZQTnZ3VFFvK1R1MlYzVU1yNFNGdFZWRGdIQzN2cnJjVEljTS82dnBVdUdH?= =?utf-8?B?NmZJOWFyaEk4QkdKTHgrS2dNRGxXYWlmR3Z5T0dYME1YTlRCREh1eUFZbkRn?= =?utf-8?B?SjJ4SUo1ZzBwZkZSamVnbmQ0ZzJyTldGTVlkcnB4eFpScDlLQUZTU0RvbHdQ?= =?utf-8?B?LzFTZW1TSDJmeEE1Uk5hRHVYQW5xbjBOR2E3U2JFYlpsSXBYQ1JrUnYxVjNI?= =?utf-8?B?bGxaNmJQSVlYZ3VhL2NPbm9zNnIwT0ErQ2NkUHhiZ2Q3RVZxYXVMbVVjamxy?= =?utf-8?B?OGhWVjZoL2xvd2N1QkNEV0Q3eEgzVUhlY3pWVi9HU1VPTmMzN29jNXFhUTRl?= =?utf-8?B?bVBZTTR5bTRpTjFNQjhPVWpWS2x0Zm1SbVhFWnNMbjVZUlZGOHU2ZURUNllY?= =?utf-8?B?Q1FNelBlZGhOZjdSVTUwSW54T0hPR2FBeHBkQjZMc0hpT3hzaWtPcXFUYVhJ?= =?utf-8?B?SEVIbUJreGZ6cjd4NFdHTFgwdEt6UDlDWTJGMkdMMWMybXdxMCt4SEt2REdn?= =?utf-8?B?QWNNLzl4MnVIWFRld1JDZzhpaDZBaVZqYjlQSnJBOENaaTEvUUVNcHlmbGNW?= =?utf-8?B?dVc1eEVJOEdzaTNnbHg3VlIzYWNjWjhYMTBDWVk1SXdLaTdnY0JiRmtxY0pw?= =?utf-8?B?d1BaTHA1Ym1HTGZ4TzdZRWozbFdxdXFOTExkeTM4RjkrbmZaRkRZSG16OEFx?= =?utf-8?B?Tm5zZit5akY2TEhxTDJrQXBYc2MrbEE0eGFyRjlLUDROWWRHRFBkR0FmVFNy?= =?utf-8?B?QW5DMzNVZEVNZzA1bFk5bFJpMUlVTnFoNnRRc3hWWk5VbWdiMzZTNUIxQ0wv?= =?utf-8?B?M1hFVVgzWWt6T281MEZ6T1ROY1BLNTQveHBBczI3SjZoakZDKzZNUEJrUmtQ?= =?utf-8?B?NzhkRUVTeDN2RExOcGdaQlduUDZpZlhDamRTUENZQjBhZVhvV1g3NFhqNzh1?= =?utf-8?B?ZlVZbFFHanpjM09DODVNdU9YMU1EVE1QWUZqVjVaTmhDOExzb2U5ZEhDbEV4?= =?utf-8?B?cFI5bVVSeEZPUWsyM3B2Y1ErWHhXV3hPbnJjbFZrei9ZSzd4K1ZWVkdhVklC?= =?utf-8?B?c2JVT2pLc0VNWndac3R3aTc4SjdzL0Y4V0Z1ZVNwQ1NsUW5QMCtaem42UWkv?= =?utf-8?B?cmc2Z2VCcVBzNm5rVnYzajJSWWlUM2JLWDZzZDd5K3MzMS9aaElvRm1PQ3F2?= =?utf-8?B?WUxPeXpsN0dzOFBnRVRNZ2hydTJWOWd1Y3Nabzc5dDBQV2VXVHFsTFVUUE9D?= =?utf-8?B?aU9KRm94Y0huUVgwckh0a3IreTNrbXhoSmdOWmJuVDM5ZjR1M3lHWVhXR2Fs?= =?utf-8?B?SDVoQzdkaW9IQWJ2MTJESCszTTd1WkZhYkVMVFduNUIxaGN1YnEyT0VqbnRI?= =?utf-8?B?Q00rb1BObHE3cHZLWHRyZUlQL3ZCNFdnZnFYY1VET1FCT3RhZ1lVRFNrdnNM?= =?utf-8?B?aXhDb3doeEdtb2ZHZWUwMlp5NkNlTDhXUVNtQy9QS0V0Q3dnZFVTU21zZUFz?= =?utf-8?B?NlpIS2Fkdm5CVFZKbERJVWsyc3BvMktuQ1hURGpJNVkzdGNlU1BZSDAvQ0Q4?= =?utf-8?B?SGl0TURmVklwS0YvaVNXdWorVXdXRnFHMjJJTTNYVGpMdlp1UEp2TXcxdENI?= =?utf-8?B?cWhoZzJKSGZtUVhpV2czcFNuVU8xVWJERlFrQjVxclNGZGhHOVRnZWFjeWJ1?= =?utf-8?B?L0lHZ3FEcHNLcS9ySmZzMGtkUGtLU2VKMmMzTWNsRjAxYmtvT1RTL1VTdG0r?= =?utf-8?B?NEhOdGVGMXRndk9vMTAzWWs1QUhXWDRMMDY2R1A2WFZkRE9FYTVETC9tcGxr?= =?utf-8?B?WVo4eGtPUjNkMW45N3M0RzB2anJIOWVjMmFmY0FTNFE2NDhLeGtsWnZIR1RK?= =?utf-8?Q?KlfjQpz8fyUMeIvdBDASBTvp3?= X-OriginatorOrg: suse.com X-MS-Exchange-CrossTenant-Network-Message-Id: de9a531f-cd8d-43a3-9e1f-08db521825d7 X-MS-Exchange-CrossTenant-AuthSource: VE1PR04MB6560.eurprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 11 May 2023 12:06:27.3118 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: f7a17af6-1c5c-4a36-aa8b-f5be247aa4ba X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: dj2AUvX/4qBhIP5qtpanOsatBrePftGCSjjHzxVUY2MCzzmeW0xrvjAo5D5RZ9pXN6C93DBgWDoEYRm1Q6xpkA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR04MB7072 X-ZohoMail-DKIM: pass (identity @suse.com) X-ZM-MESSAGEID: 1683806835297100001 Content-Type: text/plain; charset="utf-8" Unlike PV, a PVH Dom0 has no sensible way of driving the address and page registers correctly, as it would need to translate guest physical addresses to host ones. Rather than allowing data corruption to occur from e.g. the use of a legacy floppy drive, disallow access altogether. Signed-off-by: Jan Beulich Acked-by: Roger Pau Monn=C3=A9 --- The possible aliases of the page registers (90-9F, except 92) aren't covered. Unlike the possible alias range 10-1F, which I think is okay to include here blindly, I guess we'd better probe for aliasing of these if we wanted to deny access there as well. This is first and foremost because the range having had wider use on PS/2, and who knows what's been re-used in that range beyond port 92. --- a/xen/arch/x86/dom0_build.c +++ b/xen/arch/x86/dom0_build.c @@ -517,6 +517,13 @@ int __init dom0_setup_permissions(struct #ifdef CONFIG_HVM if ( is_hvm_domain(d) ) { + /* ISA DMA controller, channels 0-3 (incl possible aliases). */ + rc |=3D ioports_deny_access(d, 0x00, 0x1F); + /* ISA DMA controller, page registers (incl various reserved ones)= . */ + rc |=3D ioports_deny_access(d, 0x80 + !!hvm_port80_allowed, 0x8F); + /* ISA DMA controller, channels 4-7 (incl usual aliases). */ + rc |=3D ioports_deny_access(d, 0xC0, 0xDF); + /* HVM debug console IO port. */ rc |=3D ioports_deny_access(d, XEN_HVM_DEBUGCONS_IOPORT, XEN_HVM_DEBUGCONS_IOPORT); From nobody Fri May 17 06:43:16 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; arc=pass (i=1 dmarc=pass fromdomain=suse.com); dmarc=pass(p=quarantine dis=none) header.from=suse.com ARC-Seal: i=2; a=rsa-sha256; t=1683806852; cv=pass; d=zohomail.com; s=zohoarc; b=Pnib6Y5My6CpHVAsR49i2sMSYi1qC6YezHPvW0KyIJeZh4c/JRd8+JYL2rtFnb5r0exJlckLeQ7xLRi5k4DGwKY4PiRj6F4y24Q/2T8/0tvQncmaULdwojWQyVzy2mnRWMcwcYuAOTspPehzyDzQ+jTv6FqdWD040TBAG+viyqI= ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1683806852; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=rthJQS7crBKjl3ZFrOs6SFetUwu0mLQJ0JboEF0Txzg=; b=bq5vdwo12uChiB/taGIr+P1ffBC4ELIAdRuimYAti7laOP7q9iKLuAcRZSnckCcQQXnP92pBub+bHdVfowOSob19IJFeImmnId/4RX/EzVP1HOnP+nYpfEiqsSToO6tvL5gjIMxRE8YulE6jMWBG6OjAWBWgCvamcQKJwIcj4UE= ARC-Authentication-Results: i=2; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; arc=pass (i=1 dmarc=pass fromdomain=suse.com); dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1683806852976549.3036198499503; Thu, 11 May 2023 05:07:32 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.533323.829881 (Exim 4.92) (envelope-from ) id 1px54P-0000s0-A2; Thu, 11 May 2023 12:06:53 +0000 Received: by outflank-mailman (output) from mailman id 533323.829881; Thu, 11 May 2023 12:06:53 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1px54P-0000rt-76; Thu, 11 May 2023 12:06:53 +0000 Received: by outflank-mailman (input) for mailman id 533323; Thu, 11 May 2023 12:06:51 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1px54N-0000KI-Nq for xen-devel@lists.xenproject.org; Thu, 11 May 2023 12:06:51 +0000 Received: from EUR04-DB3-obe.outbound.protection.outlook.com (mail-db3eur04on0602.outbound.protection.outlook.com [2a01:111:f400:fe0c::602]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id 4efc1d0e-eff4-11ed-8611-37d641c3527e; Thu, 11 May 2023 14:06:49 +0200 (CEST) Received: from VE1PR04MB6560.eurprd04.prod.outlook.com (2603:10a6:803:122::25) by VI1PR04MB7072.eurprd04.prod.outlook.com (2603:10a6:800:12c::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6363.33; Thu, 11 May 2023 12:06:48 +0000 Received: from VE1PR04MB6560.eurprd04.prod.outlook.com ([fe80::8e41:82b6:a27f:2e0c]) by VE1PR04MB6560.eurprd04.prod.outlook.com ([fe80::8e41:82b6:a27f:2e0c%4]) with mapi id 15.20.6363.033; Thu, 11 May 2023 12:06:48 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 4efc1d0e-eff4-11ed-8611-37d641c3527e ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=i5Wgd725Hb5qq7bRrYHcOI4VKkdQuVNrO+SV8QoMAL50eW87DCuI/gtADXKGo0bsTw+LFtDeAJixHJhdxmBjNN3mMPZ83McpxKmt1orn9F8TmSDZP6SuZqMIsIom+TfN9uLMtI2ernXBFv7b4jeIMdFAZwK3yYzDYA5CwmvCJ9mc2NjoiRD16Q70vUSyxvI8H8yS27/GjqKd4FncQN0upa/6FmIe3Y+kJ1h1iqbHCwC8HbTeFZ9QUh3KH2ZAVdl1bQFtSAiVX61BzYQv7rvyP6n/DSbItfsIhqjqxStjjB0SvUBsvhcqnm2uPYdSghO+n9dKey986et2h3uCn0nnSQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=rthJQS7crBKjl3ZFrOs6SFetUwu0mLQJ0JboEF0Txzg=; b=LKxZ3wFOrPdP/8LXdsJSK9EtYo9p3h03s44LSJFMXoSInx+Ts5c1pyR7eClW3+DN379bJpS5fZuxyZMZNb6GTcZwJ85Rq9P0TrB8+hlcsaWVLLBoBm0Rw2ypNqmxb3g4P3ipJDVCK8yeXNvl2OWy8aFhvCSZu8m7S6q0lCO8cKv+YxwRMpUVtKbkIlQI7Fw/r7c//7QZlEjGaR06keefI2OX+EfONJ8hzLFmt79Z0TedxSiQDi+I2rx5ccTm6KwsF3xvcEwqOCbH5WKVA8lbC7r+RnUm0iOn/BDERgROHZJKLjPD23yfmsvhb2UUQq8NPsqaNJ5I/hM6b+s8WdZNNQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=rthJQS7crBKjl3ZFrOs6SFetUwu0mLQJ0JboEF0Txzg=; b=uMue81MVy677rVdiSdhiIU7aDIlX64wsbjVLgVmpeafo8DYKGe1u80XCVnmKe9Cqtb0fx49GcKTGFJ2Z3voVzfheyqklq5rJ/ZRJ8AY58FSCFgHlDx5cdyDQi8ruEbz2tB9u4GnK/3tPEXKmtrMHCd8MBRnHvGZlr4YcF26WUvT3yyP3StLGAHyIXbRHMRAnQnIL4vU7s+H5avvfNgUE4iOYPnEUBBBXPWGDT8jPpf7YJZ0HKhpC8nPYeHVVlvT/2jsXydUwJOvJw+HBz43I0hEjMa5sj/WImEvHgxNwPGjVFp5+DkVwdBXEf9nHivX0dDOdmGJlZ3/Th5uVbVUnsg== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com; Message-ID: <27dd8f40-1ea6-1e7e-49c2-31936a17e9d7@suse.com> Date: Thu, 11 May 2023 14:06:46 +0200 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.10.1 Subject: [PATCH 4/7] x86: detect PIC aliasing on ports other than 0x[2A][01] Content-Language: en-US From: Jan Beulich To: "xen-devel@lists.xenproject.org" Cc: Andrew Cooper , Wei Liu , =?UTF-8?Q?Roger_Pau_Monn=c3=a9?= References: <95129c04-f37c-9e26-e65d-786a1db2f003@suse.com> In-Reply-To: <95129c04-f37c-9e26-e65d-786a1db2f003@suse.com> Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: FR2P281CA0106.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:9c::18) To VE1PR04MB6560.eurprd04.prod.outlook.com (2603:10a6:803:122::25) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: VE1PR04MB6560:EE_|VI1PR04MB7072:EE_ X-MS-Office365-Filtering-Correlation-Id: 4caf44d5-2e29-4e0e-fb79-08db52183275 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: s8jy3byeHlo2Xcd4ocY4hZvB2ZmHVmCdT43DG/AWaSdOYNOkpPj5cAWdlDE7c3AZdSzWBGwGers9sxh7NKOXiTiXSM8SeneGw8ik7DdTVOC8fUIXnghWqqPAfV3e6zPI7Site3o5PX/AvkWCPVTWOtGon8VgGmNPfrrLORn/HGl0r9wstinfa+RqrMC9nZzHY8240k2H0jKhHwghjNjHObi1zYUKwfxsdKBTUHCqhWUEyWknZ3XdcO8qIto2InEjSBpWYeUz18EwAQA310JpzU2TsMR1Xz7yi9JitTgQ6/orp8UsUYWm3uihbTxA2okRDlkb+z6bX/P14pifHDw+5fjWReKkf5tVE2ybiGMiY2Dx7HUpgUMolGeBQag3re/qY/hCPPu/OjYzUhkyoyJGs471LrtKVVjeuPQTG2PP2rlgAjwncB3Rr3dtw/psajLdPjkRrtLWhXn3RifBLsG6LW3AcUo71vZ39Th/ySb+Ds3r5ya9Pr732hLfINPH8Ljk0Fe2tvJOW+2CmlogyErQUvXz/kcUAgdqeeRSr/2A3n2vEqbBSF2Zugfca0mhD56xlgiWfDErgjFaWkD66g99bUl+0XGAvyE+96CDeWJwBFp2mSLOEgGTAGer1M7qr3Q5UrxQgzTMkzCY1DObU5dNQg== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:VE1PR04MB6560.eurprd04.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230028)(376002)(366004)(39860400002)(136003)(396003)(346002)(451199021)(31686004)(36756003)(2906002)(41300700001)(86362001)(38100700002)(8676002)(31696002)(5660300002)(8936002)(4326008)(316002)(83380400001)(478600001)(66946007)(6506007)(6916009)(186003)(6486002)(66476007)(66556008)(26005)(54906003)(6512007)(2616005)(43740500002)(45980500001);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?VVZDWTk0eFBzM05nM28relRrS1lJSlBkM0ZWOERibi9FbnJ3T3lMT1hnYldC?= =?utf-8?B?dlZNNHZ5cEV4Q2RwRlhOOWxTVDkza2lFbUFjTTJ3V2JZYzR6c2J5Q3YwWTM2?= =?utf-8?B?Zk1pWjZ2SVV6N2VYSWxiM09KVUJ4WUpaaXVMb1dKeSsvTm5wTGxFMUpTREs2?= =?utf-8?B?SW9Tc1ZJOG9pcGd0V3NBYmxOdWFBRmZCSnpOYjhXQVJodHoxVTJnRkRGVTN4?= =?utf-8?B?NmNBdGZLVDMrSThGZnAvRGJkU3Bkd2RiYjBKc3VLeVB5SDRxVE84aUIzSXFw?= =?utf-8?B?QWtGQXVMV2xURVdJRVlBRzVPZk1xTW41R1BZRFZHY1ppZGtTbVBCa0Y5MHpT?= =?utf-8?B?Q0F4SExXOXNhL0plL0JxYkh3WHE0bTBKZTE2ZHR1ay82bG9RQWdreGwzdmE0?= =?utf-8?B?Q0pPaGhNZkhFeVpYcnZzZndSUUZHZ0o0Rnd6Q1NzamJWN2hrcDZ5Vjh2ZmQv?= =?utf-8?B?ZitsanNCZjhLZHBJWEVjaWtTZnJxTkFGUGw2QVlEQTZQbDUwamRucExxK0dy?= =?utf-8?B?SUxPajJYQ21DQ2hERER0OUh2VXQ5S3YvQzZjU2hsNldoTHg4Q0wxdDB3RXFG?= =?utf-8?B?MWdpUk5FUmxITVZNdFJRY3NkUTRMREpmR3lDRVN3ZHhzekZDdFhLV1FIMVZh?= =?utf-8?B?SUVyTWc0bnMycWhtQzhHSTZqSzIrRDU4NEtRb0NtU29FcStXN0JrR05HRXEy?= =?utf-8?B?YTJ4cnpLamxZekYxLzloOFA2Ky9GcmZPQm9Wb3hVOGFSb0RRQXRYL1J6WWln?= =?utf-8?B?b0xyanhRdUxmY0VKbEh6SDhBazBlRGpqVFdVM2YyQThyQU5ocnI4TW5wSWR1?= =?utf-8?B?cGxaKytZdENVYlh0ZlpqeEd5YXpRbmsxSzdGYnBJaTQzWmx3TXBtSTJpWUli?= =?utf-8?B?K2dVUWtaeEM0V1JzMTFxbmowSUE5ZmZUNW9pRnU0TzFSSlhDYnVDUEtRRUdV?= =?utf-8?B?TFIwZzN3UDVLYWU3cGJ6Q1REWExZKzJsUjV0Z0VFRFhqeHliLzVHZDVFM3NH?= =?utf-8?B?UFY3eDVOYXVpRWJYcUk5KzZ5bDF6dlYydExrRzRqM25OTGhzTWtBakVlUElZ?= =?utf-8?B?ZXVuU0tmejdlOWRYRGwzcURjK3Z1dFlJK0t2aG5SeFBsOU03YUV6MTEwbmZ3?= =?utf-8?B?Q3FiTkFPMXlZSkl5cW1sQVREWkVxWEhKNXhEWWlHMERuaG1qS1M4VTlpeDJj?= =?utf-8?B?Tno4NTQxSGFxTjNzdGIya2kxMEdtS1RtclhuRUdyeWVGc1k5Y0VVTk5YWDdl?= =?utf-8?B?VTdBSE84SDN4M1hJc0dJRkJUWDFTSXlnU0ZaZEpJK0Q0bHlxMWFZUFlSNjI4?= =?utf-8?B?L25QTHNVcStaVmlLVFc2N1NXbWZ4ZVlkREVGYUE4dnN6a2NhODY3MHhTelUv?= =?utf-8?B?eEJCcjJjZksxZldLNkVXc00xbXkrRHhTZ2Raa1hxQ0ExNTBzaXR3cHNhZ0pW?= =?utf-8?B?VzNNVU1MTXludUEzeW9nRmFzUEpNTk5vWEdUcFprMWV5SnRIUVBYeHI5cWpv?= =?utf-8?B?NTBpRFdJSGV0aUNSUDY0Mk1GRFR2YjB6VmVQYkVQWXZpdFFYblB2QVEyY25m?= =?utf-8?B?NVVJMmFoK0hkQVhvZk9JOUJ0a2NaekxINHVOc2FJZkZsRW1uV2dZcUVRVUEy?= =?utf-8?B?ay95VG42eVhWREVOUVNHOUVyS3ZtSjZZVWRLYngwTDBYVGtZbzJPYWsyOFRw?= =?utf-8?B?eG1wWExjNzJaWWpFQmg0c29ueWF2czRWSTZuU1dOcmF2SXQrQVIrMi9BY2FW?= =?utf-8?B?M1NXOEttRDM0ZHZNZFhUSHhCSTdMQmxid0J6TmdNNFpTY3piTWdYTCtET1BL?= =?utf-8?B?S2NWZzhseDFmdXVvY1hwcE5Gek1YclhPbTNzTFQyamN1bmpmUWhNTFlLV0Vt?= =?utf-8?B?a1M3b09pZ1U3WHVwRHJ5MDdROUlCN1JaV1gyUDg4eVduMGtiM0QvVTJSU2Rx?= =?utf-8?B?bm4wODBxaWtzT0JINlhoM1VuN1Y3TnV0bHBCQnlvZHRSZGN1Qnk4TnFab0RX?= =?utf-8?B?WEpnZFVQYTFxNUFxM0JmVWc3TVIvYksrS1Z5YlF0YWNhcjB6R09WelJFWW1Q?= =?utf-8?B?cHB5akNuc0VVdTc0bDVRa0ZOVFA1eWtMeThydTBmWWNBU1NoWUJZbWVZRVRz?= =?utf-8?Q?Ygf5yU/403EeUFysAnRJYkmg0?= X-OriginatorOrg: suse.com X-MS-Exchange-CrossTenant-Network-Message-Id: 4caf44d5-2e29-4e0e-fb79-08db52183275 X-MS-Exchange-CrossTenant-AuthSource: VE1PR04MB6560.eurprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 11 May 2023 12:06:48.3894 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: f7a17af6-1c5c-4a36-aa8b-f5be247aa4ba X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: W+MUsw/B+bw9jgOXSYSjSUMmhUl/nuWAbauq2C/lHVjDCX5r89UnHLeOBD0lKdxjZzZgk3Fbo0r/9GX7gBf3tg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR04MB7072 X-ZohoMail-DKIM: pass (identity @suse.com) X-ZM-MESSAGEID: 1683806853579100001 Content-Type: text/plain; charset="utf-8" ... in order to also deny Dom0 access through the alias ports. Without this it is only giving the impression of denying access to both PICs. Unlike for CMOS/RTC, do detection very early, to avoid disturbing normal operation later on. Like for CMOS/RTC a fundamental assumption of the probing is that reads from the probed alias port won't have side effects in case it does not alias the respective PIC's one. Signed-off-by: Jan Beulich --- a/xen/arch/x86/dom0_build.c +++ b/xen/arch/x86/dom0_build.c @@ -479,7 +479,7 @@ static void __init process_dom0_ioports_ int __init dom0_setup_permissions(struct domain *d) { unsigned long mfn; - unsigned int i; + unsigned int i, offs; int rc; =20 if ( pv_shim ) @@ -492,10 +492,17 @@ int __init dom0_setup_permissions(struct =20 /* Modify I/O port access permissions. */ =20 - /* Master Interrupt Controller (PIC). */ - rc |=3D ioports_deny_access(d, 0x20, 0x21); - /* Slave Interrupt Controller (PIC). */ - rc |=3D ioports_deny_access(d, 0xA0, 0xA1); + for ( offs =3D 0, i =3D pic_alias_mask & -pic_alias_mask ?: 2; + offs <=3D pic_alias_mask; offs +=3D i ) + { + if ( offs & ~pic_alias_mask ) + continue; + /* Master Interrupt Controller (PIC). */ + rc |=3D ioports_deny_access(d, 0x20 + offs, 0x21 + offs); + /* Slave Interrupt Controller (PIC). */ + rc |=3D ioports_deny_access(d, 0xA0 + offs, 0xA1 + offs); + } + /* Interval Timer (PIT). */ rc |=3D ioports_deny_access(d, 0x40, 0x43); /* PIT Channel 2 / PC Speaker Control. */ --- a/xen/arch/x86/i8259.c +++ b/xen/arch/x86/i8259.c @@ -19,6 +19,7 @@ #include #include #include +#include #include #include =20 @@ -332,6 +333,55 @@ void __init make_8259A_irq(unsigned int irq_to_desc(irq)->handler =3D &i8259A_irq_type; } =20 +unsigned int __initdata pic_alias_mask; + +static void __init probe_pic_alias(void) +{ + unsigned int mask =3D 0x1e; + uint8_t val =3D 0; + + /* + * The only properly r/w register is OCW1. While keeping the master + * fully masked (thus also masking anything coming through the slave), + * write all possible 256 values to the slave's base port, and check + * whether the same value can then be read back through any of the + * possible alias ports. Probing just the slave of course builds on t= he + * assumption that aliasing is identical for master and slave. + */ + + outb(0xff, 0x21); /* Fully mask master. */ + + do { + unsigned int offs; + + outb(val, 0xa1); + + /* Try to make sure we're actually having a PIC here. */ + if ( inb(0xa1) !=3D val ) + { + mask =3D 0; + break; + } + + for ( offs =3D mask & -mask; offs <=3D mask; offs <<=3D 1 ) + { + if ( !(mask & offs) ) + continue; + if ( inb(0xa1 + offs) !=3D val ) + mask &=3D ~offs; + } + } while ( mask && (val +=3D 0x0d) ); /* Arbitrary uneven number. */ + + outb(cached_A1, 0xa1); /* Restore slave IRQ mask. */ + outb(cached_21, 0x21); /* Restore master IRQ mask. */ + + if ( mask ) + { + dprintk(XENLOG_INFO, "PIC aliasing mask: %02x\n", mask); + pic_alias_mask =3D mask; + } +} + static struct irqaction __read_mostly cascade =3D { no_action, "cascade", = NULL}; =20 void __init init_IRQ(void) @@ -342,6 +392,8 @@ void __init init_IRQ(void) =20 init_8259A(0); =20 + probe_pic_alias(); + for (irq =3D 0; platform_legacy_irq(irq); irq++) { struct irq_desc *desc =3D irq_to_desc(irq); =20 --- a/xen/arch/x86/include/asm/setup.h +++ b/xen/arch/x86/include/asm/setup.h @@ -52,6 +52,8 @@ extern uint8_t kbd_shift_flags; extern unsigned long highmem_start; #endif =20 +extern unsigned int pic_alias_mask; + extern int8_t opt_smt; =20 #ifdef CONFIG_SHADOW_PAGING From nobody Fri May 17 06:43:16 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; arc=pass (i=1 dmarc=pass fromdomain=suse.com); dmarc=pass(p=quarantine dis=none) header.from=suse.com ARC-Seal: i=2; a=rsa-sha256; t=1683806878; cv=pass; d=zohomail.com; s=zohoarc; b=Mqfr41aB7Dj17jPhR9GYds49OVDZLs8ID9ipnxBsSHXQnma3W9G9FT6AIv7Bd7brNsVEPlQHZCRVimKeNwWKO4N+PkvF6FmA/zw2s5Yg9O9yt/DLvW8FDFNIgDOoBuxCwEoVOKyN6vFjhv90zCxCIuL49Joj/p1I/Cz2NcIDoPg= ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1683806878; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=m8K8rfTh8nTzrnw7JpPtZZMmTWFZSgvhcqiMn1zjH5Y=; b=QhPeXwWhF/2Zc/gPWSO5o2UPbI3inWdtQ71lg/pr+ihddSVl77lZMl45YdRGBitcaKZTvqyJbR+4jmo7a1T2Ji8gW99IlWWa1BKsgs9NgOxjRWtt/+HU60++4/9IRkdeGz2fxeSR9I0sYElJIS4B62mnIVqlb++Ii5b3jsXoIR8= ARC-Authentication-Results: i=2; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; arc=pass (i=1 dmarc=pass fromdomain=suse.com); dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1683806878164225.07852438434213; Thu, 11 May 2023 05:07:58 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.533330.829901 (Exim 4.92) (envelope-from ) id 1px54o-0001h9-W9; Thu, 11 May 2023 12:07:18 +0000 Received: by outflank-mailman (output) from mailman id 533330.829901; Thu, 11 May 2023 12:07:18 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1px54o-0001h2-Sy; Thu, 11 May 2023 12:07:18 +0000 Received: by outflank-mailman (input) for mailman id 533330; Thu, 11 May 2023 12:07:18 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1px54o-0000KI-3M for xen-devel@lists.xenproject.org; Thu, 11 May 2023 12:07:18 +0000 Received: from EUR04-DB3-obe.outbound.protection.outlook.com (mail-db3eur04on0601.outbound.protection.outlook.com [2a01:111:f400:fe0c::601]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id 5e8ca344-eff4-11ed-8611-37d641c3527e; Thu, 11 May 2023 14:07:16 +0200 (CEST) Received: from VE1PR04MB6560.eurprd04.prod.outlook.com (2603:10a6:803:122::25) by VI1PR04MB7072.eurprd04.prod.outlook.com (2603:10a6:800:12c::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6363.33; Thu, 11 May 2023 12:07:14 +0000 Received: from VE1PR04MB6560.eurprd04.prod.outlook.com ([fe80::8e41:82b6:a27f:2e0c]) by VE1PR04MB6560.eurprd04.prod.outlook.com ([fe80::8e41:82b6:a27f:2e0c%4]) with mapi id 15.20.6363.033; Thu, 11 May 2023 12:07:14 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 5e8ca344-eff4-11ed-8611-37d641c3527e ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=QLE6lLNvVHuSw/fdKAAzSm3vbMHlxyKjSYP1wn7xnBhFEAgjwWTW63L1poNNwN1UqW4DwHMwPbZhQq3+wz4BalLFpaS73N509zDQpmQr+WG6eeJZutserc20TH0r6XAjrUPqHY//t+DwqMXSS3UWj91LQqQYGLUNuQiGsVFCMoSzO/ywD9zyxg3S692T914FJNgbg8g6WuWhh5cQEunOdW1d/MvOLOIgDQN8QTBMyeJ7m94wHM9D2h4g+g+uqX/buceQMWdR3ohgVyA0GUPYzLGtRQq/G/HfvjcWoOuzByC77uYg+tsZOzfYkSEcYDD+fzJAMhEh3JuHqcu9m9bZHQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=m8K8rfTh8nTzrnw7JpPtZZMmTWFZSgvhcqiMn1zjH5Y=; b=ZssgIDn4uYLKy92R3VrnrvWrVB4GnVJYeKzmqHKi7FO8BBW9bcq3wB7A0EXpzd2o77eN4y6PFhm2RdzAVWOIPpz6tI9Umlwf9musXSnswLoZncxgrZvfPS/akNjmunZ0vAdbLc6oL4oT5Jd32gZ99V18xLMygL38i8Tsu4ru7edz6CzK8A2RScgUP2xfjXrsIgrrXt0/rPcHVqYyrG1EsBIoJUYtQUy+M/zHbTpDmZdOj0uOM3cBjYHlu//iesPkY6pvV9RdgYcYiliG4x19rQ0aEUasl+ZTvMxh4mLpUPh5gc5s/TtG30V9aundapwsOLf0R2oWcyqnfxROifTngw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=m8K8rfTh8nTzrnw7JpPtZZMmTWFZSgvhcqiMn1zjH5Y=; b=JhCfwXzO0baWy9CqDtDbNLF9ZaTgt4sYVeyB4ea1qSpYiZqRYrogTS10Q1ryKf/ViF45BPCHQifQn9gX6vd422yOn2pwGg4vgTK+58Zal310WAE2KRtzO5pSNZXiTxn8ZW+rLAaoIdPUSAxJ5WK01+vfYU23U20Xn8BBrH5vygdPCw6kKglPGY9r1txhbsKpJKpPgfj4MJe4rlb3QL3xFHaLddUG3rs5mlUsWHeipf/hf5XVYBfbMQku83fb2cW/dvHe8dyDzjdvrDNDkJNOfpIopAu02s2gtvtD1WOaTv+gwLo9GY46NkRBT6pGJ658hNP++TkQu1A3LsWa3PB/9A== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com; Message-ID: <042f76dd-d189-c40a-baec-68ded32aa797@suse.com> Date: Thu, 11 May 2023 14:07:12 +0200 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.10.1 Subject: [PATCH 5/7] x86: detect PIT aliasing on ports other than 0x4[0-3] Content-Language: en-US From: Jan Beulich To: "xen-devel@lists.xenproject.org" Cc: Andrew Cooper , Wei Liu , =?UTF-8?Q?Roger_Pau_Monn=c3=a9?= References: <95129c04-f37c-9e26-e65d-786a1db2f003@suse.com> In-Reply-To: <95129c04-f37c-9e26-e65d-786a1db2f003@suse.com> Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: FR0P281CA0221.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:ac::17) To VE1PR04MB6560.eurprd04.prod.outlook.com (2603:10a6:803:122::25) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: VE1PR04MB6560:EE_|VI1PR04MB7072:EE_ X-MS-Office365-Filtering-Correlation-Id: 88a83702-e00d-411a-3ce5-08db5218420f X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: Piw6xsXWIlRnmjXfRN6ILvU41a/F2MUffr1rvlRQAgppIDeqYvesIV98II/UysaHxr/WmArp9kARj2198WkAr+2PhkRUlisFg+6qYr+EUHDS3EZRsB8CQRrTaiTUMe/xje18lRQllTIV0FneYeglDwdDijoipoYbsgy5+s5CkR+ARor9ReIesOOfluOK9L7naOHnYo2XreX+Dq2ENkIMlmXJrQG1OcOj6tH1tIqFaCyEGWbqcMn5nJh8KYKWJoJ4ZSXUrKHlLYeS3gzEwzRjVHWXr9M+ruD6/KrnGkaJ42Hkk6WDrOtxEqlR4iKF1fAOnrN0ADOe6ybJY8HALQmU1S4YOGdsMCZy/XB+17LIGD21clyYrIvLaoZplZrmK4l5wkx3KgF2hX7BeKQuBEFMRRh/g3/A1QHc9V9wgaPmZQl0Y0UF7Fw3rxwhgQnMFIXiJ4J6Zla1V9wG+HhFMlBh0pssqOtbLZa+fvz79qHKj4EOy/L82S8SRFHIi4tyPOwYyde8HWS2g/5Fb68y8u9psa63Zpfq+vov06zkWVNrbhZp3QTyRF57LCkGPVZDnoqxwc1BIxkz3Sz3Ea7E2WHxELr5g5qDcDLtFQ5QnWjkK2RXw0CFbIoQvzhuA7+YTsZqGlbJv5Dut8FmrbKZQwO28Q== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:VE1PR04MB6560.eurprd04.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230028)(376002)(366004)(39860400002)(136003)(396003)(346002)(451199021)(31686004)(36756003)(2906002)(41300700001)(86362001)(38100700002)(8676002)(31696002)(5660300002)(8936002)(4326008)(316002)(83380400001)(478600001)(66946007)(6506007)(6916009)(186003)(6486002)(66476007)(66556008)(26005)(54906003)(6512007)(2616005)(43740500002)(45980500001);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?ZXFETDJWbjlyY01PYm51SHpQTFhmNWI4c05aZUZ0VnNKNmthb3RLYktlVUFN?= =?utf-8?B?TXRRWGk2NXlWdmp5MmVKWEhCSjBCbXVBVkkxVTBTV0hUQXNuU3Jva1Z0UkZ4?= =?utf-8?B?Tlk3Qzk5ZkFXQkxEMzVPZ1liMkFxR2JuYlpuMXM2aVJ6cGhtWEF2a01Jek1R?= =?utf-8?B?VytBODlybWg5bUFZSUZCS0l0cXl0WVpTVTNVTGdRSWZROEx6azhERTB5T0FT?= =?utf-8?B?QWNKNzUrSE9rSHYvM0s1Qy9NS0hJS1F2dVdMYU1yejBBSEowaW1WSXlaakRV?= =?utf-8?B?T2w3TmZNRGc4TzI2bUxpWkdqWEtKa2tzc3NYaEkxeDQ1WXNUKzlFLzh0azVU?= =?utf-8?B?L3VyNDRZMWJBdUJmTnhMaU5jaTgyVmZpWVlRazJxNGl3K0RjU29XdDBjSEM2?= =?utf-8?B?bzdqd2lsTFliZkUrZU5pRk8xbkdjYkdwM2NSUXdlWmhOQit1cjZwa25iM2pP?= =?utf-8?B?NitCOXZobmJDdi96TlB1UUZqQlVwMTh4MVd5TnJmUnNXZHNlbUxIOGRGTFNU?= =?utf-8?B?RTRpV29JNEZQV0xQcTVqNDA3WFBpcGdrMmFTcUxwbTVySTZ3N2NpbVo0ZXNy?= =?utf-8?B?V3A0QmRTQXRkd3lFN1MyMWI2d2dUb3hOR29KTERxQ1NjTUl2S2h2SmVac3dq?= =?utf-8?B?VmVPVS9mdmVzb0hRUDJFanM4dUZoQ0hCK0R0WVVmSWdyOW5kTERRWENrSlpJ?= =?utf-8?B?cWtIRGJKWjZTRWxhVHh3cmxycktqZzNNOEhKTjJEMXVhT1grWjNnMWpJd0Zs?= =?utf-8?B?Zkpob1dRNlErSldMVk9BcUp2VVFlaG9IaGtZNmxCOUdyOVV0czZTMXRRdlZV?= =?utf-8?B?RVZWczBXNis1M2NpeGxETjFjZGRJdmgwQjRUN3ZDQlp5WW9WQTUzNURLMHJn?= =?utf-8?B?MWxEQkZ0cEllRTRHK0xVYVRVTEF6UkFvem5GSjNKbWZHU0ExSkQzOGd2bFAx?= =?utf-8?B?ZTNsV3VjZ1VQYytFS0hqV1ByQ2VITDlTeTRSd3JMUVpiZjUxcEdTL2dja0xh?= =?utf-8?B?YUpXR2xoU3JhY0htV2lNQ01INjVseFMvTXlNanZnVDVobUUwK3VKcEVjSGU4?= =?utf-8?B?UmhuTy9HR3hvRm1HRXE0UGFpZGdZbmY3R2NEaFFtenBncjVsVnFuWW02Vld6?= =?utf-8?B?My9UZTQvVGRhRG9TSCszejlEbXFsMmxDQXJueWxCb3NjZ0pEVHdBQkJlWity?= =?utf-8?B?cVZkNm9YQ3l2VHBYM0c4WjMralhlaktjazl2VThVZTRZeUZDZVZrQk1uOFph?= =?utf-8?B?a3FBT2trWmVFdmdja2JXZG9IMDBOM1R0K1FtUGUzdTJPLzJiZzRRd3gvR1Mr?= =?utf-8?B?eFBIbzBGRjd4UmE2cFhmUGZXWFduVkpTQ0N2ck04OE9nWXIrOURwM0lmd2tY?= =?utf-8?B?d0o5bkxENWIrRFRRNndIOGhEcVN6RWNmTzZmcEtIR253bXdRa3hOdE9idTJo?= =?utf-8?B?R1N3Q2FQeEtnQzg2Uzh2bVR6cWNHaUpZa3BIYUFaN2lPKzVxcTMxQ3dnNjhj?= =?utf-8?B?SUlYQUVZTXdGRDlYOWkrZkFYN0JaVloxRitKb3RobEZjeFdxUnJOYUxBOEF3?= =?utf-8?B?TFk0WUFQbkFSY3Ztd0lDcWtQZ2MrVXFEMW9hWjNkUHdYYkdqWE9NTGhVQjIw?= =?utf-8?B?QnMrYkpucGxCMGhPNHZ0OXJOYktvL2JSZmVYNmlBMGJiVzl6K2NYZmQ3V0cv?= =?utf-8?B?RWdpa2dGWjkrbWhRWDNPMW51dDJZUXZJcG9lUVBqYVc3REgvV0d2amNKcVA1?= =?utf-8?B?T0RqTVE1VkNpZ2xUNFEvUU02cTVwSXRodDJzb2NBQ3hqUE5rQ0E1ejNYTUht?= =?utf-8?B?bXlNVjlMTW5kek5iMi9RS010SWs3V2xUdUU3YzAwb3M2SGZ6YWN3OTYzdkpr?= =?utf-8?B?WG5UbWZENXQxcjVZVHRDOTRzcjVQNytGMW5RMFFpalM5UWlwNFVkTnhYTFBa?= =?utf-8?B?ZU5sd0ZiamtZQ1NyTDkxeG5tMlNhaHRuMVpCQmQrQXdJZHlJNUQ0VUp4YWJ3?= =?utf-8?B?b3FUSTNzMU1FOHZCanY1YTQ3dWpKd1NLTkcxaVBmUGxUTzVhQXRmcElSdlJU?= =?utf-8?B?QnAxOGZ1aGI1bTg4S1pZR1JXbEk4aExPam83L0RrcUN0MzhpRFpVRDVreGVG?= =?utf-8?Q?pzFGROsaQU26Z4WUpawlDJppk?= X-OriginatorOrg: suse.com X-MS-Exchange-CrossTenant-Network-Message-Id: 88a83702-e00d-411a-3ce5-08db5218420f X-MS-Exchange-CrossTenant-AuthSource: VE1PR04MB6560.eurprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 11 May 2023 12:07:14.5554 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: f7a17af6-1c5c-4a36-aa8b-f5be247aa4ba X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: +YOKnAJl09OcsZ+ZZzuKHL3FKqG08+tHX1y4K+dqtN+HaGc/c0hfJSjxbKqtebzTKJUiW/8vvY+KZkFpDBpCRg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR04MB7072 X-ZohoMail-DKIM: pass (identity @suse.com) X-ZM-MESSAGEID: 1683806879434100001 Content-Type: text/plain; charset="utf-8" ... in order to also deny Dom0 access through the alias ports. Without this it is only giving the impression of denying access to PIT. Unlike for CMOS/RTC, do detection pretty early, to avoid disturbing normal operation later on (even if typically we won't use much of the PIT). Like for CMOS/RTC a fundamental assumption of the probing is that reads from the probed alias port won't have side effects (beyond such that PIT reads have anyway) in case it does not alias the PIT's. At to the port 0x61 accesses: Unlike other accesses we do, this masks off the top four bits (in addition to the bottom two ones), following Intel chipset documentation saying that these (read-only) bits should only be written with zero. Signed-off-by: Jan Beulich --- If Xen was running on top of another instance of itself (in HVM mode, not PVH, i.e. not as a shim), I'm afraid our vPIT logic would not allow the "Try to further make sure ..." check to pass in the Xen running on top: We don't respect the gate bit being clear when handling counter reads. (There are more unhandled [and unmentioned as being so] aspects of PIT behavior though, yet it's unclear in how far addressing at least some of them would be useful.) --- a/xen/arch/x86/dom0_build.c +++ b/xen/arch/x86/dom0_build.c @@ -504,7 +504,11 @@ int __init dom0_setup_permissions(struct } =20 /* Interval Timer (PIT). */ - rc |=3D ioports_deny_access(d, 0x40, 0x43); + for ( offs =3D 0, i =3D pit_alias_mask & -pit_alias_mask ?: 4; + offs <=3D pit_alias_mask; offs +=3D i ) + if ( !(offs & ~pit_alias_mask) ) + rc |=3D ioports_deny_access(d, 0x40 + offs, 0x43 + offs); + /* PIT Channel 2 / PC Speaker Control. */ rc |=3D ioports_deny_access(d, 0x61, 0x61); =20 --- a/xen/arch/x86/include/asm/setup.h +++ b/xen/arch/x86/include/asm/setup.h @@ -53,6 +53,7 @@ extern unsigned long highmem_start; #endif =20 extern unsigned int pic_alias_mask; +extern unsigned int pit_alias_mask; =20 extern int8_t opt_smt; =20 --- a/xen/arch/x86/time.c +++ b/xen/arch/x86/time.c @@ -425,6 +425,69 @@ static struct platform_timesource __init .resume =3D resume_pit, }; =20 +unsigned int __initdata pit_alias_mask; + +static void __init probe_pit_alias(void) +{ + unsigned int mask =3D 0x1c; + uint8_t val =3D 0; + + /* + * Use channel 2 in mode 0 for probing. In this mode even a non-initi= al + * count is loaded independent of counting being / becoming enabled. = Thus + * we have a 16-bit value fully under our control, to write and then c= heck + * whether we can also read it back unaltered. + */ + + /* Turn off speaker output and disable channel 2 counting. */ + outb(inb(0x61) & 0x0c, 0x61); + + outb((2 << 6) | (3 << 4) | (0 << 1), PIT_MODE); /* Mode 0, LSB/MSB. */ + + do { + uint8_t val2; + unsigned int offs; + + outb(val, PIT_CH2); + outb(val ^ 0xff, PIT_CH2); + + /* Wait for the Null Count bit to clear. */ + do { + /* Latch status. */ + outb((3 << 6) | (1 << 5) | (1 << 3), PIT_MODE); + + /* Try to make sure we're actually having a PIT here. */ + val2 =3D inb(PIT_CH2); + if ( (val2 & ~(3 << 6)) !=3D ((3 << 4) | (0 << 1)) ) + return; + } while ( val2 & (1 << 6) ); + + /* + * Try to further make sure we're actually having a PIT here. + * + * NB: Deliberately |, not ||, as we always want both reads. + */ + val2 =3D inb(PIT_CH2); + if ( (val2 ^ val) | (inb(PIT_CH2) ^ val ^ 0xff) ) + return; + + for ( offs =3D mask & -mask; offs <=3D mask; offs <<=3D 1 ) + { + if ( !(mask & offs) ) + continue; + val2 =3D inb(PIT_CH2 + offs); + if ( (val2 ^ val) | (inb(PIT_CH2 + offs) ^ val ^ 0xff) ) + mask &=3D ~offs; + } + } while ( mask && (val +=3D 0x0b) ); /* Arbitrary uneven number. */ + + if ( mask ) + { + dprintk(XENLOG_INFO, "PIT aliasing mask: %02x\n", mask); + pit_alias_mask =3D mask; + } +} + /************************************************************ * PLATFORM TIMER 2: HIGH PRECISION EVENT TIMER (HPET) */ @@ -2390,6 +2453,8 @@ void __init early_time_init(void) } =20 preinit_pit(); + probe_pit_alias(); + tmp =3D init_platform_timer(); plt_tsc.frequency =3D tmp; From nobody Fri May 17 06:43:16 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; arc=pass (i=1 dmarc=pass fromdomain=suse.com); dmarc=pass(p=quarantine dis=none) header.from=suse.com ARC-Seal: i=2; a=rsa-sha256; t=1683807501; cv=pass; d=zohomail.com; s=zohoarc; b=YlXiBuH8N5dkcFM1iBq6EF5UIrIP9epa1WyKp0bxgpgS0kgjojXqqvppL/3NHGQDgpDQI6KuvLmKsm4Fd0AA6oi3f6mAKpvpQz/VUTuhFKGnyB9kDeGXjDxBYmmQ3xUh/p3aqG+H9tmNMeLl9fAcz+lCPKgK8KozvPK9yEkoSPY= ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1683807501; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=pPOmgpiaeBQetnN9zjEskScvUsHZmKmMjuVbnrq/H8U=; b=UBaxMyCIgU9cy1m3bkTE9gclSxs2wE1Sc2a9q81z5MvTRPHQLB+lcddcCRVjoJrJUZjdjIhsb5MrE1pAqQpmUqwKr+yyGudA9vK0yV9ie9P0bYun7zp1n1MbxmbVbRoLYmXkFZ1L7u5a/l+ssU5GZthVyvYrXgY/PwoYwJ93Gxo= ARC-Authentication-Results: i=2; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; arc=pass (i=1 dmarc=pass fromdomain=suse.com); dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1683807501387292.91624061869334; Thu, 11 May 2023 05:18:21 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.533357.829941 (Exim 4.92) (envelope-from ) id 1px5Eu-0005g7-N9; Thu, 11 May 2023 12:17:44 +0000 Received: by outflank-mailman (output) from mailman id 533357.829941; Thu, 11 May 2023 12:17:44 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1px5Eu-0005g0-K9; Thu, 11 May 2023 12:17:44 +0000 Received: by outflank-mailman (input) for mailman id 533357; Thu, 11 May 2023 12:17:44 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1px55F-0000KI-UC for xen-devel@lists.xenproject.org; Thu, 11 May 2023 12:07:45 +0000 Received: from EUR05-DB8-obe.outbound.protection.outlook.com (mail-db8eur05on20618.outbound.protection.outlook.com [2a01:111:f400:7e1a::618]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id 6f73ea1a-eff4-11ed-8611-37d641c3527e; Thu, 11 May 2023 14:07:44 +0200 (CEST) Received: from VE1PR04MB6560.eurprd04.prod.outlook.com (2603:10a6:803:122::25) by DB9PR04MB9500.eurprd04.prod.outlook.com (2603:10a6:10:361::5) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6363.33; Thu, 11 May 2023 12:07:42 +0000 Received: from VE1PR04MB6560.eurprd04.prod.outlook.com ([fe80::8e41:82b6:a27f:2e0c]) by VE1PR04MB6560.eurprd04.prod.outlook.com ([fe80::8e41:82b6:a27f:2e0c%4]) with mapi id 15.20.6363.033; Thu, 11 May 2023 12:07:42 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 6f73ea1a-eff4-11ed-8611-37d641c3527e ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=GR2fCOrjH1EjhHyTGA87LAASim8ULatA4LHxlljV0dX7ipIPWvC0YsdEMKBNg5Gs09bk8qTdkl4jEHESRStGVNV/ZeYu8sDYv9rA+inKmq3TKuZp9ix8B13kf5GZldES8JwQLbTYzv+TWo25ujvss4Eeufaoxc64CaQbBn9QSDikw989VACNOgAVGHcmowEhmohpjf7okHGAWd1n9a90oiuo0W1Ru5iGEVs7JzbGoe6jr3LMmFYXBq9d9RulKnEI5xR/zRaxLmOWviNLVWKR2WvWW3nFwFdAjS4tjMejnnGebG/4keI6r0tBaNjz8lF4WqKqNtOmOPw2NE6agv6h0w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=pPOmgpiaeBQetnN9zjEskScvUsHZmKmMjuVbnrq/H8U=; b=QNebT1VILMiZ1upECjHAstVW82bZNRgwiq/2YYYVu2apIz+AFXUc8yktsJVr9hHicne3Ruw90IEngXuQWnCzW+NFrXBVMo5qrRllmi+XSI2sded2C+HhjN3S7RkpKdUSt79/SA/EmBmISSnYUN7GXEb10SmYca01VlPMNRBNYvgQ0gNuyS30csDKtfhmuWHdeJ/XdvZn09p3BwX4r/liNlmKRwSr0MwqFv8vT8W67Sjt4QZP575ay0fooqre/sJCnadDHLoDn2vZ7+0HQVDK74G0SUu0nLCloSELv5dBEDhHVe2a/2IexvXZol3Ij+eVs7nnZosNgC4nBSSMwib2GA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=pPOmgpiaeBQetnN9zjEskScvUsHZmKmMjuVbnrq/H8U=; b=UdIaNCxwbR1y0MsusatviTv3mR1QPrCBJwkT5nbL2wV9bm2Ss6KeRB8iHN6UgkDDurbnlVRWWiIjcO7rQNs50ZCtMsH8MQbivQXxLyvFeyyiM1ztO+P8Z2ViaUgy1R+YxemLQp2bcvB9SKKuNkSpjWAkr3grJe4SzrbuHWC2Z70onIoDzqJ1B1RKDu64O2gqX9aSwHgTTO+Ghq83VfqCbjHXoUqI/UD6z/5iRQnarTBH+Z+pS9hcgwm9xqnnMdw+ADDdhkHZjZ1/0t1uICdndJZlXnxeN1deHUPBa8aypVd/vN5WS/rWnMo7a59pF/ucUUVIQqI8kt/8MLtZFmhR/Q== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com; Message-ID: Date: Thu, 11 May 2023 14:07:40 +0200 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.10.1 Subject: [PATCH 6/7] x86: don't allow Dom0 (direct) access to port F0 Content-Language: en-US From: Jan Beulich To: "xen-devel@lists.xenproject.org" Cc: Andrew Cooper , Wei Liu , =?UTF-8?Q?Roger_Pau_Monn=c3=a9?= References: <95129c04-f37c-9e26-e65d-786a1db2f003@suse.com> In-Reply-To: <95129c04-f37c-9e26-e65d-786a1db2f003@suse.com> Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: FR0P281CA0098.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:a9::8) To VE1PR04MB6560.eurprd04.prod.outlook.com (2603:10a6:803:122::25) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: VE1PR04MB6560:EE_|DB9PR04MB9500:EE_ X-MS-Office365-Filtering-Correlation-Id: f0637195-1229-4813-a85f-08db521852ba X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: XaGnyRGTb3nJ82fu7+Dakev2PXrSotYjm45SpBmvv9ZA8AAdE7C/UQIVfhwr3nL3wBXVFd1qn9KGC1o9S4mkhokkxK8DTH43x23kaqhHEz80Khxx0h32oTSJTbQIl5KHeWj3vArIji3gYMWAXUa9Ls3+nQkYmaihH1eRFn03Lx7IzPXiUExXjpHmoNZjn68CZ8rOqnZYtD84tjpWwsLHe261XuetNGuc663qLeSvLvgR4jHHYMbd4yU/TX5LCWNGiCq19Ff7GwMisJZQH8n63v426zCsxlWdEJ1lRPTyCFzHOnsIvTFrffrHMhroQ5fgCiLN/L/mHs3j/e7vhibGniuErlsH+9f/xEb9o7cehh5lnhPAFW1MtJ1/31srLdVAPIrbVCTRbAf0XDK7j6Gn9Rv64RqJqGg5/SxyVjtXeJd3rH83XqMt0IXfyOx0cWAFyg86+vauefqf+ycmebf2jI4QqndvZS0bnKNXW9ZqKQT2y2UH1czwyh5BHwFyTx0EKkkuImcY0rJzSphDv+W4Ep93P1nA4VsRJgnLD2HGfQZYlWVMflh4kMKuzLlJYT19AmMPJwTsKHuYeu1qeGdC+Q61ObYUzI5HQxU53Na81+igXSD+J3f71MLpkdbCkgCQ4+Yhf8RTzjLwuA/7eKVzZQ== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:VE1PR04MB6560.eurprd04.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230028)(366004)(396003)(346002)(136003)(39860400002)(376002)(451199021)(31686004)(6486002)(86362001)(41300700001)(2906002)(31696002)(36756003)(38100700002)(8936002)(8676002)(5660300002)(83380400001)(478600001)(4744005)(66946007)(4326008)(6916009)(26005)(316002)(2616005)(66476007)(6506007)(54906003)(6512007)(186003)(66556008)(43740500002)(45980500001);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?VGFEM0dmV3RMZytuWVRXMWh2d21NVlVCUFNacVkyY1BhTEp3RTcvSTJCVEgr?= =?utf-8?B?RjFFaVlaY2E1ZGtKZWZyOWMvS2RnZURWRElHakV5Uk9lVjc1bk5XVklpaFNC?= =?utf-8?B?YmRUSW5XV2VveHMwKzBoZG1NMGRVcFRMZlY1UVJYelB0TmdHN1ZoK0NTUmRF?= =?utf-8?B?RGRaekFQMlFyTHpJV08rTTY1cTlwcWFtbGgvcDErNzJBeVVKb3U3bGtZV1R4?= =?utf-8?B?Nm9CS1ZqNWxpb2lRWWkyRThBZThQWXFBNDVzWTQ2d1hJaXRRTXFIKzdVcHNS?= =?utf-8?B?eFdyZ3VoUC94bU1kaitxL2w2bEVqQy9helhGVnlTcEFaQUJUa3R3cXlZTDhR?= =?utf-8?B?d2lxaUkwOUxhSGZQZm1zczVhcWdOMWpDTjBlME5GcksxZ3BwZkdWWlNEMHZj?= =?utf-8?B?OFgzR1dFZi9sRk0waGZnc2NEWmlZSCtFVzZUVVlycnVzUE12UGlCTVliSzQx?= =?utf-8?B?dGhuWGwrdXlVeVEzRGpjb0VDS0VQbTZ1d1c2MnVnMXFCend4cGR6SW84bE54?= =?utf-8?B?eEU3YzlhdnZaNlFwN05xREVQaEJYSnZ1T0Nuc2NSdnhZVHNYdmRuTnZwRnpF?= =?utf-8?B?RDEvY0s1TUFSZkVudVVuMDdhT09VcjB0Tm9oSlY5RTZTMlZBTmxCQ3JzdVRK?= =?utf-8?B?ZW41T011S0d2c2c0VDQzWlRiSVFGUURZcXlWeWVVbkVLTHVsS213S2lvM1VG?= =?utf-8?B?WS9WbmNHNGNmdThCcGdBZTBJVkE2ZEVqUVFvcGs3SVk3QTB4Wit6S2hUenlR?= =?utf-8?B?eTRWN0pZSGE5ZHJBbE41N3RtMWF0NEtnbDRWVzZaVnhqOHpBVFhVZFdRa2lN?= =?utf-8?B?TGp3dWRZZ2l6OHArN3daSFhYbmdsKzRHcXA2RXhPaEZwUkJXRmozSG9rNU1x?= =?utf-8?B?SFRaZzZRY2d2V2lKNTFuenBaNXNmV2M5L0JWOHR4N2gxSS9zTWpVTWlCR1JN?= =?utf-8?B?eWpPZjF6ZEtucEZndCtQVC9ka3dlcHZoTnRxbllRR0tPeWRyWE1WSDhBN0FY?= =?utf-8?B?N095UXJmSjZsNjhoR2xqdGM4aUZXSjdrV0VwS1UzR0dTa3d1WlRDN2krQzda?= =?utf-8?B?U1NEMjZvNTZxRWVCQkNNZVNvdTdNdkFGYVFSWHhlUVo3OFdHQXVaZGRXVmh6?= =?utf-8?B?QjVQeWlOd3VZVUd0WDRTQjVOczVIaXV2TVlJMXRYZkZLYlJ4bkJDdkxnbm5H?= =?utf-8?B?RE5SZXRsY3R5TW1oNHQ2d3hWcDE0b1M3LzYxQzczc0JyRlU2MHVFN044QkNi?= =?utf-8?B?ZmF4SWhBQzVKdkFrbWdwQ2VyMHNNSmw2SHZ2bXBZVmZuanFjdmkwTndteXZS?= =?utf-8?B?Qnk1ajBRcGVwVGFNY1ZUeVRRcEFqQjl6bENMd3dqNVJKaW15QzgvZDgvaEk1?= =?utf-8?B?Mjk2amkvc3paU3J4NmtnVzZTazJoazZWNllXTEswY1MrVUJ6Z2hLdCtRRlNZ?= =?utf-8?B?SWt3RXhmVEpPbVBkL0U5dnZCbWFBMFp3eFBvTU1wS3gzbGtoaDlzZWpvS0hh?= =?utf-8?B?dFFoRFZPdFcvU05ITkdxN0hNdm1ZRTNtdG1yc21NREJQellCTFo3eFJnMmRt?= =?utf-8?B?WXltUWxvbUYxK2JqQTR0QzlReDhKN3c2cG5tN3d4czhpMm5wNU1OUnJ6SHM1?= =?utf-8?B?QWdFZ0F5ZkpOdDIySzAzRUxYcWo5cjFCa0ppakJpNWNDd21WVXMrSmpUcW9V?= =?utf-8?B?bVh6THdqZjEyQ3FMa1lTTXhIOEZhbW1ybUUzenlyK20vNXBGdkRGanZSNmE2?= =?utf-8?B?OU1ieWxXajNNTy9kdkxmdTU5VERJdFQ4R05NTlkzb3pSeGUxNFF2OWRlOFZh?= =?utf-8?B?Wko1ODBYelFwTTdmUFJvVG9kaHNsc0hqb0xwNmJEclJQVWlmdmV2ZnFiMGpQ?= =?utf-8?B?OVNmbjY1TC9RN1JJeW44eHZoV3lGdDV6cjBTN3RqYWRadmVPQ3JQNHZsNWVI?= =?utf-8?B?bnc0cVYyaVRxTkt3b2JraGljZldVdGVKUjA3bWVKeFFMellEeWxCbldOdEFx?= =?utf-8?B?ZmZIRUs3enpVOHo4Z0g1Yi9Yb25ML3lHaXpSdDlGcG1SR2FWbXJEeFV2S2h0?= =?utf-8?B?UDNkeldxZU5Ia1ZUdnZuRmxOSVR3MU9Nam9FT1lnUk9zOUFHSzc4S2VVUlVa?= =?utf-8?Q?yB9W9917qaP8nHCsCvwE8DBN5?= X-OriginatorOrg: suse.com X-MS-Exchange-CrossTenant-Network-Message-Id: f0637195-1229-4813-a85f-08db521852ba X-MS-Exchange-CrossTenant-AuthSource: VE1PR04MB6560.eurprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 11 May 2023 12:07:42.5224 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: f7a17af6-1c5c-4a36-aa8b-f5be247aa4ba X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: ELVHirba2NNhQzrQLiVTo2rxZzI9dVCgxyTCYbGPx1ZXzqKUmqVNUReGfFIc42TS8F7cycpcbfJSVqgg+0gPhA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB9PR04MB9500 X-ZohoMail-DKIM: pass (identity @suse.com) X-ZM-MESSAGEID: 1683807503446100001 Content-Type: text/plain; charset="utf-8" This controls the driving of IGNNE# (if such emulation is enabled in hardware), and hence would need proper handling in the hypervisor to be safe to use by Dom0 (and fully emulating for PVH/HVM DomU-s). Signed-off-by: Jan Beulich Acked-by: Roger Pau Monn=C3=A9 --- RFC: Really this disabling of access would want to be conditional upon the functionality actually being enabled. For AMD this looks to be uniformly HWCR[8], but for Intel this is chipset-specific. Port F1 (and perhaps also further ones up to FF) ought to be applicable to external coprocessors only, and hence are left alone here. --- a/xen/arch/x86/dom0_build.c +++ b/xen/arch/x86/dom0_build.c @@ -515,6 +515,9 @@ int __init dom0_setup_permissions(struct /* INIT# and alternative A20M# control. */ rc |=3D ioports_deny_access(d, 0x92, 0x92); =20 + /* IGNNE# control. */ + rc |=3D ioports_deny_access(d, 0xF0, 0xF0); + /* ACPI PM Timer. */ if ( pmtmr_ioport ) rc |=3D ioports_deny_access(d, pmtmr_ioport, pmtmr_ioport + 3); From nobody Fri May 17 06:43:16 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; arc=pass (i=1 dmarc=pass fromdomain=suse.com); dmarc=pass(p=quarantine dis=none) header.from=suse.com ARC-Seal: i=2; a=rsa-sha256; t=1683806926; cv=pass; d=zohomail.com; s=zohoarc; b=G+fp0qoTMe3N9/AjQEocihV92nRw/s7gwttJqBGPX5RJMQNcKLxBHDLg3ZKDPCvDhBri71epXqQVD354II39iuLQvUzKt5KMZjsAXC1C+WmumCQHms4gPyRObwdPZ43+qCMi2jBsh58T5UwWrCvcD4mcJtHShhTcjfV8ep9NEdY= ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1683806926; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=G+zqZGPqfnT5MVrIi37WQFaIf6fuLMsYpLckidDxeS8=; b=YYSmq4vyyZpE5ynZMVG/TJonkGfaOcipD7Kp2JtE6OrZWl1Qp0hvkFzvFVfyIV72vgz7hzmUR1suXV67ImPcvDamqDQ+uYiLG3b90U1Yl+2LK3+2w/ebuP3NxN7kiRHNdEq3zihJAY/lo96MQ/gFVqnBOHzNu3AGoiouneoQ46I= ARC-Authentication-Results: i=2; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; arc=pass (i=1 dmarc=pass fromdomain=suse.com); dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 16838069264501006.7850096193878; Thu, 11 May 2023 05:08:46 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.533340.829911 (Exim 4.92) (envelope-from ) id 1px55j-0002ma-9S; Thu, 11 May 2023 12:08:15 +0000 Received: by outflank-mailman (output) from mailman id 533340.829911; Thu, 11 May 2023 12:08:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1px55j-0002mT-5g; Thu, 11 May 2023 12:08:15 +0000 Received: by outflank-mailman (input) for mailman id 533340; Thu, 11 May 2023 12:08:13 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1px55h-0002N3-Df for xen-devel@lists.xenproject.org; Thu, 11 May 2023 12:08:13 +0000 Received: from EUR05-DB8-obe.outbound.protection.outlook.com (mail-db8eur05on2060b.outbound.protection.outlook.com [2a01:111:f400:7e1a::60b]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id 80769162-eff4-11ed-b229-6b7b168915f2; Thu, 11 May 2023 14:08:12 +0200 (CEST) Received: from VE1PR04MB6560.eurprd04.prod.outlook.com (2603:10a6:803:122::25) by DB9PR04MB9500.eurprd04.prod.outlook.com (2603:10a6:10:361::5) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6363.33; Thu, 11 May 2023 12:08:11 +0000 Received: from VE1PR04MB6560.eurprd04.prod.outlook.com ([fe80::8e41:82b6:a27f:2e0c]) by VE1PR04MB6560.eurprd04.prod.outlook.com ([fe80::8e41:82b6:a27f:2e0c%4]) with mapi id 15.20.6363.033; Thu, 11 May 2023 12:08:11 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 80769162-eff4-11ed-b229-6b7b168915f2 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=GRsdVBXLWggBdeJz9wDXs/c0bpNMEwVxqf8eD7b4kYCdKfyYjJWtNgah0v7RcR+bMpp0KdpJch5HhN2wEUtIxbfbdy1WoObqG2oCiPbCijkScVfqdjRrFUbtIcKYlNb0UeMulNIr7GGwP/omCd7VuhkSBbCqx0dWX3YdJStlIIJntzS/sp2GEtbXX0AUMaCcHqyhazEYU+BQ7rtBoKLjxwNyQV1iyoTzo/Jp4VUw/Lp1dNF/sVQNW4T4Trsa0EdA10DGCAFpF77VTwosQeNAKmGDuoU6K1mPkHlvWNeIQuU/SCr/YSuUwkZlg7vRtHQyKnqmwDayj4XPPbgXNnM96g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=G+zqZGPqfnT5MVrIi37WQFaIf6fuLMsYpLckidDxeS8=; b=j8PqPPaOhWr9n9lovQd0CVjd0QwrMmCRNxnOLj7+qF//i8k7Lj/923RH+TuGwzWNOHRcnHSDyAqr3N23gv1F9h5eoyE23VhESUvQMoCorGZv3HPzjI6O6dY558MvmJruEWC1v64IEyRcI3IQqa89EE7hikq0dwqAWKR6JW07yDktb3o3JIjMp7Dz0gcNhE0INtRJDwEdApiaxAuRfHxSuKJTLZs3E74THuK4qA3vE7UT1Q20t2fQmb/bk0D4I0goo+shSDkQSaItFwwLursLwDhxWvo7jEPGVjRByaJbZL6+Gv3t8hPDQlJHnICBcNXhirkf5nd3KHAQrnZXOubN8w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=G+zqZGPqfnT5MVrIi37WQFaIf6fuLMsYpLckidDxeS8=; b=X/eaUmwPTaHbbav2G5Q7c8e2osiyFc8R2cVrI3PwdMf6VG8+RvbAwQOJiXjIxJgSgoVtkde8jRWO2Yj4aKTgjaIGvUDqBOAYT8NXxPCE8wPvt8xv0MtcS2ejxs3Dg0H0dRNeE+3UZOjEMLD3LuMlLIj5bskjDzcwB0z03Zy8kAaPfY0Amt/9pLs5SAsTEE3hNTNa76ivuhxeqbQykN6zFbJSzdk8OCQf2Lp3hhFGUnjiuwvrdPl7FWcpiiHjWw5gT/4cN4WSqBt2FJF0W7ilMQkusc2YEfgObqEtJTcm9vdZ8xlTQ/G8HbiSBmteYIK7RyoH3mHD9W5dixWgaNSqYg== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com; Message-ID: <118fa3e5-e1ac-ab3e-8b86-1ec751513434@suse.com> Date: Thu, 11 May 2023 14:08:09 +0200 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.10.1 Subject: [PATCH 7/7] x86: don't allow Dom0 access to ELCR ports Content-Language: en-US From: Jan Beulich To: "xen-devel@lists.xenproject.org" Cc: Andrew Cooper , Wei Liu , =?UTF-8?Q?Roger_Pau_Monn=c3=a9?= References: <95129c04-f37c-9e26-e65d-786a1db2f003@suse.com> In-Reply-To: <95129c04-f37c-9e26-e65d-786a1db2f003@suse.com> Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: FR0P281CA0102.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:a9::18) To VE1PR04MB6560.eurprd04.prod.outlook.com (2603:10a6:803:122::25) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: VE1PR04MB6560:EE_|DB9PR04MB9500:EE_ X-MS-Office365-Filtering-Correlation-Id: 473e6907-3e34-46d4-d0cb-08db521863e6 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: cOZvflC5zg2EVPAOnJ36A7aTTo+8zh2mLLhgqvwgKH5bbUJZTTMJxxDyxukYqHUKmZ4mWfK3VWvu7697nS/3JUpz8dhgjH6eWXXWiQvQR/NCvq/z53tj42Bt3Crq6U1i84KSsM+og4RsN9hzAmddkZMLNHgbqk9YDAbGDOwuox3Uc0cuEPM7elksG32O0UrVzC0dimyC5OiZ83tVnn6Wc5C9O7r2U6m9nqU+WcNgphEVdUBORLig/oyKi1GkoocMsIZQdp+S0HhlwCdyp/KtT7vba8rXkdA7eR/Pts7vigsS5wo8CY+nZAJM4V6wWeP4ahjBIu4DFucmCj96Wsj4I9AqGrvRpjbxLF5A1TWLBnQ6eTlC/xnidjmtcn9WjUoCBfM+O+GuOcB7aETOyHpcjYjWSWgXZGB9BP4Ua9pR8RUIWncCV7Y8x0lGRQyTM0ZupuSX0LUc1aEb2HS83G4IhBp0EBOaRVTbkBiVk00WRIqXdFlMYLo/jc1Fuv73PjdgjDJvYEoTfv1VAHy6OVJ38xyxvjS0xY7V+0SjszYup0Pgl75+hBblsTiyRaMCoE66DIeRJtY4HGS9R9eM1qBwyvWwHd7xN658p8RBCt2AWavGpIqWcszBotGqAEF7pcqjUJt8kaStU58y7KCxgTRP1g== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:VE1PR04MB6560.eurprd04.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230028)(366004)(396003)(346002)(136003)(39860400002)(376002)(451199021)(31686004)(6486002)(86362001)(41300700001)(2906002)(31696002)(36756003)(38100700002)(8936002)(8676002)(5660300002)(83380400001)(478600001)(66946007)(4326008)(6916009)(26005)(316002)(2616005)(66476007)(6506007)(54906003)(6512007)(186003)(66556008)(43740500002)(45980500001);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?SUhTSlFYNFhvS2duZkZ3Qys2YndvMC9PekRabzFjTGpRQmZNbG1VM3VpRDRR?= =?utf-8?B?UFVyWnBXOTN5cm9Eeld0ZjJTT2cwSWNGd3JHS05PUlFOcDBFWHo1SjVER3Vp?= =?utf-8?B?UVJhMWFTZi9lNjRXY2J5RG5CUUZmSzZSc0EwRFpMR3pnVXFjb3lEczMrWUh6?= =?utf-8?B?WlhFYjIzZHM0V21lUXloclZ2YVdWUFpjTWZwYmE0VWdSYXdwUSt5RmFPWngx?= =?utf-8?B?Z3ozL2JIZFBkdnN3cWxLVGxVaWlVZDBvVndhcFpldVZjTjRiUnhPTHdRZm92?= =?utf-8?B?dkZMNFMvN0xoNEZNbFc2dWhMY25TWGtkUzhlblBuTVJQbEFUcGhkelJsT2FY?= =?utf-8?B?V3V1MUwzWVUrQ0FRREFCVUJreFdUcmdIdXYrTlFCc3B1cm1aWjY3SUpWYzVl?= =?utf-8?B?RVNRWkt1RE1UYVkzMW5kVlloN2Y5RStpckxuZk9QUkhCT1RHTFBUellYejRQ?= =?utf-8?B?M3BmOFVEZWY4VkxpOVVJUGVPd09UMzYzWTFPRi9kWHVRUVU4dUtBdmRVNmd1?= =?utf-8?B?dDBOOUVUVzFCbHJzMy9JZjdxRUJKUnRuRXlNY29sSXBPQk11bnZlU041VkQw?= =?utf-8?B?cmRFV09oMFRrNkhhblEwSHdsdEtDeWdVcGxzcld4S1ZBUVQ5eDRSZXdMSEFJ?= =?utf-8?B?a3pyWmJVaVE1SUR4UjQzVHN6YjY5endsTG9GTjlmWmdDVk9KVHlHQmlZYlQ4?= =?utf-8?B?REd6RnM3QWNOQlRiRm1YeDBnWGtvUFNUUTFQcDcxSnhGanJ2RVIxV2YvdXhX?= =?utf-8?B?RmtsQkdLVDRBK3pNNE9Lb2doRk9YQ0JGNjVObzlBRmJmcWkybDlmSVFEWmx4?= =?utf-8?B?SFJNUjRRSDcrQVVrbmFvWTBuOWZrTjA1bWVNb3BnOVB2MVZuZlVJNmppUnIz?= =?utf-8?B?VkdVd1hUdGpWSUhncmVXUTdRRWxTVjVJWmEzZ2N1bUdzY3hndllKdUo0WC9p?= =?utf-8?B?R2NIc01lOG42RXcvRkdHUmtOSCtqbUovWlNVeXdBRFQ2cVZsOXhkY1YrZDVG?= =?utf-8?B?YVBnUWEzeEQrU2RwTEhnT2lnSWxXTFYrWnJUZWZlaytHaEVHaWJ1OGhmTnBi?= =?utf-8?B?cFZ0MWQ5MHNEOHphZ2p0d2h2NW01N1JiblVZUE15dGpNL245Mys2L0psQ3NH?= =?utf-8?B?WmxWN2RCMG1zNm05WXlyMDZ4Yy90WnNwdlVIck45UjdkWHNPZFBIVG5SdW02?= =?utf-8?B?Q0RwZVhXQlRzaldDKzgvc1owZlVrOGVOaDhybkZxS3lWbTBVaG1YK282Q1Ix?= =?utf-8?B?TDU3dTIrSHMvWTlpZTFZa2JsSjlqczB5SUJLcGxjNDlVcHFqT05uR0pjL0tq?= =?utf-8?B?R0JrZG15UlVQRHpaa1Z4ZVJsazBhczNyTzA1d0JQVnNOaGVORkFZNjdETW9H?= =?utf-8?B?Sk5IbnJ1YlNZcXRaeUNtUjhmaW9zSmRMRzNjdnB5cSs5Q2ZscTBvQ0lqRlRz?= =?utf-8?B?MW51RkhrcjBRTHhmb2xETTVGYmhYYzB5TG5vcEJGdm5lM1l1YkxCeitxdGhp?= =?utf-8?B?bHEyQXFJRjl1TTkrSjd6WCtabGRLZUxwQkdlSG9FeFFxRHRtQUdvWGcrb0V1?= =?utf-8?B?R3FQeUx4Ukl2Tm9pV012L05DSmZ2NE1iellWSEkyR2pnd3I5VlBYS1V4K3gr?= =?utf-8?B?K0FQWVZvbU9RTTllT0JxZzVPU1p5aVQwYjloRFByZkt6SlptVk5ncjlqek8w?= =?utf-8?B?NVoxRVFRVjhISjZpaHZHMFE1M1JKbnV4NFp1aEVoay9DR3o5b09uUDVydExj?= =?utf-8?B?c3R6em1TbzRyNmdMa0pQdkFTa0lOeDdpNWNodmV2SjNBVVJSM0dISDRvblBn?= =?utf-8?B?azhNS1NZMnlTUWt0ZVFReFFPUXhCNUtPYW1aRXdKWTJOVnhSWnNJbm1aV1Nq?= =?utf-8?B?d0J5SzFrVHBhS2JzOEpWRFR4b2Iyc0lGMUFlMnhGekhjQTlGcjFWS0F2YzYr?= =?utf-8?B?dldDdU5jTXc1cURSME1QSFdTQkg5WEFodzlJY1B6U2FMZHZIbGdMODdQN0Z4?= =?utf-8?B?S2tNQ0dDSUlYMmYwUzVLNVloa3RuOEM4K3haSWtPbFA0NDFoZU04ckJLRVY4?= =?utf-8?B?QzJ0QzR3cDhvamI1YmJoOGdrUEZHK1FsalVWaU9YTXRPZ2NnUHNIQnhSVUFm?= =?utf-8?Q?Co6AAniq/G28ZTPT/sY/smwmZ?= X-OriginatorOrg: suse.com X-MS-Exchange-CrossTenant-Network-Message-Id: 473e6907-3e34-46d4-d0cb-08db521863e6 X-MS-Exchange-CrossTenant-AuthSource: VE1PR04MB6560.eurprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 11 May 2023 12:08:11.3268 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: f7a17af6-1c5c-4a36-aa8b-f5be247aa4ba X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: e8g8PXSXfiaE2KZ+sCDJ+yxYt1jxPbZ9xkNcJHErPsuF80VIhnqxJz7LP0HovPSvZk6CaIWDxs8us17YoRRmAw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB9PR04MB9500 X-ZohoMail-DKIM: pass (identity @suse.com) X-ZM-MESSAGEID: 1683806927516100001 Content-Type: text/plain; charset="utf-8" Much like the other PIC ports, Dom0 has no business touching these. Even our own uses are somewhat questionable, as the corresponding IO-APIC code in Linux is enclosed in a CONFIG_EISA conditional; I don't think there are any x86-64 EISA systems. Signed-off-by: Jan Beulich Acked-by: Roger Pau Monn=C3=A9 --- RFC: For Linux'es (matching our) construct_default_ioirq_mptable() we may need to permit read access at least for PVH, if such default table construction is assumed to be sensible there in the first place (we assume ACPI and no PIC for PVH Dom0, after all). RFC: Linux further has ACPI boot code accessing ELCR (acpi_pic_sci_set_trigger() and acpi_register_gsi_pic()), which we have no equivalent of. Taken together, perhaps the hiding needs to be limited to PVH Dom0? --- a/xen/arch/x86/dom0_build.c +++ b/xen/arch/x86/dom0_build.c @@ -503,6 +503,9 @@ int __init dom0_setup_permissions(struct rc |=3D ioports_deny_access(d, 0xA0 + offs, 0xA1 + offs); } =20 + /* ELCR of both PICs. */ + rc |=3D ioports_deny_access(d, 0x4D0, 0x4D1); + /* Interval Timer (PIT). */ for ( offs =3D 0, i =3D pit_alias_mask & -pit_alias_mask ?: 4; offs <=3D pit_alias_mask; offs +=3D i )