[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v2 1/6] x86/P2M: relax guarding of MMIO entries
- To: Jan Beulich <jbeulich@xxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>
- From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
- Date: Mon, 6 Sep 2021 16:54:44 +0100
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=iFu3zhxevD19T38OTBC4f/Ly8O9/qxuVANg6BKssmGw=; b=ZUPZ3aRZzzYGKTl3U65UZIA2jKcEB3cxy+Nveyw5s5JyKZa/4noOyzW2FgmoqqwaqzwzNCA4yC7gNQmygh6ly82i33j8QXt9+S3lrI233dtilcZsy9NAqg/kW74YcWVTT0ZNdoSOUSlMWQ+OMuyNLsjbCjYWDIU6YDqG+blF0v6QEysy/yBN+cTa/xLL4MJtd8vFPQS+MLdQPS/y/9ET0PD7RuJQd+B5HbAT1bzFG7/WVDSBgfKC1VFiRQVu+jtAfvavPOKKsTLi6L61+wpMukgQtlLfRYwH2WF650Q5dziu/MuBSnt4pFF/aOF80y06c+EjQTsToNMKVm/sUyBDJQ==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Xpord6Lul3uguoS/aSYBYiKyYp8hupYGMY0kTcgsKLDVRe1CNsVhJLOKVw2yPHykxhGcQ6KdXPMVO/koux+BZsFR5/sckE2l7NzSsRpLm2pR1S6cxfX8Jh9laL1HE8fAxJllMJePAapmlocuIa4Og2Yuoes0w07VPToLj5syxBS9uhMqRRtcCVkO70EDQp/K2aSEcuJuO++1yqPC6qGhalBEdgwIBgBfvLzvWBDeyEDlAUukXLO6C94gLUu3ia4hDY5jhzwHn5ncroyTM3A/3jp7Hm2mCckCOemnnWxrTP8ZvRpDcWLCu4kopuhfbRsJVEx2FsLZaoICfOUruW51gA==
- Authentication-results: esa2.hc3370-68.iphmx.com; dkim=pass (signature verified) header.i=@citrix.onmicrosoft.com
- Cc: Wei Liu <wl@xxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>
- Delivery-date: Mon, 06 Sep 2021 15:55:05 +0000
- Ironport-hdrordr: A9a23:lGbq5arUxEKnUT+NoQ7iNocaV5uiL9V00zEX/kB9WHVpm5Oj+f xGzc516farslossREb+expOMG7MBXhHO1OkPcs1NCZLXbbUQqTXf1fBO7ZogEIdBeOjdK1uZ 0QFpSWTeeAcGSS7vyKkzVQcexQuOVvmZrA7Yy1ogYPPGMaGZ2IrT0JczpzencGNDWubqBJcK Z0iPA3wAZINU5nFPhSURI+Lpn+TpDw5d3bSC9DIyRixBiFjDuu5rK/Ox+E3i0GWzcK5bs562 DKnyHw+63m6piAu17h/l6Wy64TtMrqy9NFCsDJos8JKg/0ggLtQIh6QbWNsB08venqwlc3l9 vnpQsmIq1Imj3sV1DwhSGo9xjr0T4o5XOn4ViEgUH7qci8fz4+A9opv/MSTjLpr24b+P1s2q NC2GyU87BNCwnboSj779/UEzl3i0uduxMZ4Kwupk0adbFbRK5arIQZ8k8QOowHBjjG5IcuF/ QrJN3A5cxRbUiRYxnizypSKeSXLzAO9yq9Mw8/UpT/6UkRoJk59TpZ+CUnpAZEyHpnIKM0vt gtMcxT5fpzp4EtHPpA7Epoe7rANoX3e2O5DIulGyWuKEg2AQO5l3fJ2sRD2AiLQu1E8HJgou WMbLtn3VRCMn4GT/f+h6F2zg==
- Ironport-sdr: 3cgpXJT0NZj5KsX2WolJ0HvD6SNovf9HEoo8OhyUGiOwJXc+C6exDVtoXnZ1RKejOczXPEK59A PAbiECxEFUOAM67eAYix485vlzLBpYiyaZ0KFPdDZhA9SRRytuOs5mNJMW0OBq5F8/uhoYinUL GcEszmLYpGo9S1rmabOj+DFCRz04i/rDi+dp3ljtWyjZOrhmCyVM2WBP9sKfV27tO3muhwWGlr AuWMFncw3Q+UCFWa13pl0AyuXIWX4utryogBaZPVdmOXd0coKZfDn8hme3UF7a9oZPyx4TUElF RALj7WFsUe+DjO7CxoCskDl7
- List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 02/09/2021 09:32, Jan Beulich wrote:
> One of the changes comprising the fixes for XSA-378 disallows replacing
> MMIO mappings by code paths not intended for this purpose. At least in
> the case of PVH Dom0 hitting an RMRR covered by an E820 ACPI region,
> this is too strict. Generally short-circuit requests establishing the
> same kind of mapping that's already in place, while otherwise adjusting
> permissions without - as before - allowing MFN or type to change.
"Generally short-circuit requests establishing the same kind of mapping
(mfn, type) but allow the permissions to differ".
> While there, also add a log message to the other domain_crash()
> invocation that did prevent PVH Dom0 from coming up after the XSA-378
> changes.
>
> Fixes: 753cb68e6530 ("x86/p2m: guard (in particular) identity mapping
> entries")
> Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
> ---
> I may have gone too far by allowing "access" to change for all special
> types now.
I think this is appropriate. After all, it is the pre-existing
behaviour, and the type change is the important thing to restrict.
Acked-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
|
