[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v4 20/24] arm/acpi: Permit MMIO access of Xen unused devices for Dom0



On Sun, 28 Feb 2016, Shannon Zhao wrote:
> From: Shannon Zhao <shannon.zhao@xxxxxxxxxx>
> 
> Firstly it permits full MMIO capabilities for Dom0. Then deny MMIO
> access of Xen used devices, such as UART, SMMU. Currently, it only
> denies the MMIO access of UART and for other Xen used devices it could
> be added later when they are supported.
> 
> Signed-off-by: Shannon Zhao <shannon.zhao@xxxxxxxxxx>
> ---
> v4: add comments for TODO
> ---
>  xen/arch/arm/domain_build.c | 31 +++++++++++++++++++++++++++++++
>  1 file changed, 31 insertions(+)
> 
> diff --git a/xen/arch/arm/domain_build.c b/xen/arch/arm/domain_build.c
> index 4aaffae..7750798 100644
> --- a/xen/arch/arm/domain_build.c
> +++ b/xen/arch/arm/domain_build.c
> @@ -1359,6 +1359,33 @@ static int prepare_dtb(struct domain *d, struct 
> kernel_info *kinfo)
>  #ifdef CONFIG_ACPI
>  #define ACPI_DOM0_FDT_MIN_SIZE 4096
>  
> +static int acpi_iomem_deny_access(struct domain *d)
> +{
> +    acpi_status status;
> +    struct acpi_table_spcr *spcr=NULL;

coding style


> +    unsigned long gfn;
> +    int rc;
> +
> +    /* Firstly permit full MMIO capabilities. */
> +    rc = iomem_permit_access(d, 0UL, ~0UL);
> +    if (rc)
> +        return rc;
> +
> +    /* TODO: Deny MMIO access for SMMU, GIC ITS */
> +    status = acpi_get_table(ACPI_SIG_SPCR, 0,
> +                            (struct acpi_table_header **)&spcr);
> +
> +    if ( ACPI_FAILURE(status) )
> +    {
> +        printk("Failed to get SPCR table\n");
> +        return -EINVAL;
> +    }
> +
> +    gfn = spcr->serial_port.address >> PAGE_SHIFT;
> +    /* Deny MMIO access for UART */
> +    return iomem_deny_access(d, gfn, gfn + 1);

It would be nice if at least the GIC regions were protected.


> +}
> +
>  static int acpi_permit_spi_access(struct domain *d)
>  {
>      int i, res;
> @@ -1880,6 +1907,10 @@ static int prepare_acpi(struct domain *d, struct 
> kernel_info *kinfo)
>      if ( rc != 0 )
>          return rc;
>  
> +    rc = acpi_iomem_deny_access(d);
> +    if ( rc != 0 )
> +        return rc;
> +
>      return 0;
>  }
>  #else
> -- 
> 2.0.4
> 
> 
> 
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@xxxxxxxxxxxxx
> http://lists.xen.org/xen-devel
> 

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.