[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xense-devel] [PATCH] txt: 2/6 - explicitly protect TXT addr ranges from dom0

tboot no longer marks the TXT heap/SINIT/private config space as E820_UNUSABLE 
in the e820 table, so Xen must explicitly disallow those regions from dom0.

Signed-off-by: Shane Wang <shane.wang@xxxxxxxxx>
Signed-off-by: Joseph Cihula <joseph.cihula@xxxxxxxxx>

diff -r 3d294dba4255 -r bde0fd053306 xen/arch/x86/domain_build.c
--- a/xen/arch/x86/domain_build.c       Fri Jan 16 13:25:37 2009 -0800
+++ b/xen/arch/x86/domain_build.c       Fri Jan 16 13:34:36 2009 -0800
@@ -29,6 +29,7 @@
 #include <asm/paging.h>
 #include <asm/p2m.h>
 #include <asm/e820.h>
+#include <asm/tboot.h>

 #include <public/version.h>

@@ -1038,6 +1039,20 @@ int __init construct_dom0(
             rc |= iomem_deny_access(dom0, sfn, efn);
     }

+    /* Remove access to TXT Heap/SINIT/Private Space. */
+    if ( tboot_in_measured_env() )
+    {
+        unsigned long sfn, efn;
+
+        for ( i = 0; i < ARRAY_SIZE(txt_protmem_range_starts); i++ )
+        {
+            sfn = paddr_to_pfn(txt_protmem_range_starts[i]);
+            efn = paddr_to_pfn(txt_protmem_range_ends[i]);
+            if ( sfn <= efn )
+                rc |= iomem_deny_access(dom0, sfn, efn);
+        }
+    }
+
     BUG_ON(rc != 0);

     return 0;
diff -r 3d294dba4255 -r bde0fd053306 xen/arch/x86/mm.c
--- a/xen/arch/x86/mm.c Fri Jan 16 13:25:37 2009 -0800
+++ b/xen/arch/x86/mm.c Fri Jan 16 13:34:36 2009 -0800
@@ -109,6 +109,7 @@
 #include <asm/e820.h>
 #include <asm/hypercall.h>
 #include <asm/shared.h>
+#include <asm/tboot.h>
 #include <public/memory.h>
 #include <xsm/xsm.h>
 #include <xen/trace.h>
@@ -216,7 +217,7 @@ void __init arch_init_memory(void)
 {
     extern void subarch_init_memory(void);

-    unsigned long i, pfn, rstart_pfn, rend_pfn, iostart_pfn, ioend_pfn;
+    unsigned long i, pfn, rstart_pfn, rend_pfn, iostart_pfn, ioend_pfn, j;

     /*
      * Initialise our DOMID_XEN domain.
@@ -279,6 +280,19 @@ void __init arch_init_memory(void)
         for ( ; pfn < rstart_pfn; pfn++ )
         {
             BUG_ON(!mfn_valid(pfn));
+            /* Ensure the TXT ranges are not marked as I/O since that memory */
+            /* can't be used in dom0. */
+            if ( tboot_in_measured_env() )
+            {
+                for ( j = 0; j < ARRAY_SIZE(txt_protmem_range_starts); j++ )
+                {
+                    if ( (PFN_DOWN(txt_protmem_range_starts[j]) <= pfn)
+                         && (pfn <= PFN_DOWN(txt_protmem_range_ends[j])) )
+                        break;
+                }
+                if ( j != ARRAY_SIZE(txt_protmem_range_starts) )
+                    continue;
+            }
             share_xen_page_with_guest(
                 mfn_to_page(pfn), dom_io, XENSHARE_writable);
         }
diff -r 3d294dba4255 -r bde0fd053306 xen/arch/x86/tboot.c
--- a/xen/arch/x86/tboot.c      Fri Jan 16 13:25:37 2009 -0800
+++ b/xen/arch/x86/tboot.c      Fri Jan 16 13:34:36 2009 -0800
@@ -15,12 +15,18 @@ string_param("tboot", opt_tboot);
 /* Global pointer to shared data; NULL means no measured launch. */
 tboot_shared_t *g_tboot_shared;

+/* TXT memory ranges which need to be protected from dom0 */
+uint64_t txt_protmem_range_starts[TXT_PROTMEM_RANGE_MAX];
+uint64_t txt_protmem_range_ends[TXT_PROTMEM_RANGE_MAX];
+
 static const uuid_t tboot_shared_uuid = TBOOT_SHARED_UUID;

 void __init tboot_probe(void)
 {
     tboot_shared_t *tboot_shared;
-    unsigned long p_tboot_shared;
+    unsigned long p_tboot_shared, map_addr;
+    uint64_t base, size;
+    uint32_t map_base, map_size;

     /* Look for valid page-aligned address for shared page. */
     p_tboot_shared = simple_strtoul(opt_tboot, NULL, 0);
@@ -48,6 +54,34 @@ void __init tboot_probe(void)
         printk("  tboot_base: 0x%08x\n", tboot_shared->tboot_base);
         printk("  tboot_size: 0x%x\n", tboot_shared->tboot_size);
     }
+
+    /* Get TXT heaps/SINIT/Private Space addresses. */
+    map_base = PFN_DOWN(TXT_PUB_CONFIG_REGS_BASE);
+    map_size = PFN_UP(NR_TXT_CONFIG_PAGES * PAGE_SIZE);
+
+    map_addr = (unsigned long)__va(map_base << PAGE_SHIFT);
+    if ( map_pages_to_xen(map_addr, map_base, map_size, __PAGE_HYPERVISOR) )
+        panic("Could not get TXT heaps/SINIT/Private Space addresses\n");
+
+    /* TXT Heap */
+    base = *(uint64_t *)__va(TXT_PUB_CONFIG_REGS_BASE + TXTCR_HEAP_BASE);
+    size = *(uint64_t *)__va(TXT_PUB_CONFIG_REGS_BASE + TXTCR_HEAP_SIZE);
+    txt_protmem_range_starts[0] = base;
+    txt_protmem_range_ends[0] = base + size - 1;
+
+    /* SINIT */
+    base = *(uint64_t *)__va(TXT_PUB_CONFIG_REGS_BASE + TXTCR_SINIT_BASE);
+    size = *(uint64_t *)__va(TXT_PUB_CONFIG_REGS_BASE + TXTCR_SINIT_SIZE);
+    txt_protmem_range_starts[1] = base;
+    txt_protmem_range_ends[1] = base + size - 1;
+
+    /* TXT Private Space */
+    txt_protmem_range_starts[2] = TXT_PRIV_CONFIG_REGS_BASE;
+    txt_protmem_range_ends[2] = TXT_PRIV_CONFIG_REGS_BASE
+                                + NR_TXT_CONFIG_PAGES * PAGE_SIZE - 1;
+
+    destroy_xen_mappings((unsigned long)__va(map_base << PAGE_SHIFT),
+                         (unsigned long)__va((map_base + map_size) << 
PAGE_SHIFT));
 }

 void tboot_shutdown(uint32_t shutdown_type)
diff -r 3d294dba4255 -r bde0fd053306 xen/include/asm-x86/tboot.h
--- a/xen/include/asm-x86/tboot.h       Fri Jan 16 13:25:37 2009 -0800
+++ b/xen/include/asm-x86/tboot.h       Fri Jan 16 13:34:36 2009 -0800
@@ -2,7 +2,7 @@
  * tboot.h: shared data structure with MLE and kernel and functions
  *          used by kernel for runtime support
  *
- * Copyright (c) 2006-2007, Intel Corporation
+ * Copyright (c) 2006-2009, Intel Corporation
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -90,6 +90,26 @@ void tboot_shutdown(uint32_t shutdown_ty
 void tboot_shutdown(uint32_t shutdown_type);
 int tboot_in_measured_env(void);

+/*
+ * TXT configuration registers (offsets from TXT_{PUB, PRIV}_CONFIG_REGS_BASE)
+ */
+
+#define TXT_PUB_CONFIG_REGS_BASE       0xfed30000
+#define TXT_PRIV_CONFIG_REGS_BASE      0xfed20000
+
+/* # pages for each config regs space - used by fixmap */
+#define NR_TXT_CONFIG_PAGES            ((TXT_PUB_CONFIG_REGS_BASE - \
+                                        TXT_PRIV_CONFIG_REGS_BASE) >>    \
+                                        PAGE_SHIFT)
+#define TXTCR_SINIT_BASE            0x0270
+#define TXTCR_SINIT_SIZE            0x0278
+#define TXTCR_HEAP_BASE             0x0300
+#define TXTCR_HEAP_SIZE             0x0308
+
+#define TXT_PROTMEM_RANGE_MAX 3
+extern uint64_t txt_protmem_range_starts[TXT_PROTMEM_RANGE_MAX];
+extern uint64_t txt_protmem_range_ends[TXT_PROTMEM_RANGE_MAX];
+
 #endif /* __TBOOT_H__ */

 /*

Attachment: xen-txt-02-protect_txt_ranges.patch
Description: xen-txt-02-protect_txt_ranges.patch

_______________________________________________
Xense-devel mailing list
Xense-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xense-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.