Xen project Mailing List

Re: [XEN PATCH] tools/libs/light/libxl_pci.c: explicitly grant access to Intel IGD opregion

To: Chuck Zmudzinski <brchuckz@xxxxxxxxxxxx>

Date: Tue, 15 Mar 2022 12:38:30 +0100

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=dZvx1MHyumdEYfCvg/DWVJqlP4uJVcd3ZDKREXVk+XA=; b=lNwATcGPHEQYRvm7DKdYfXcB60JlULb8VI++lqkIoCruNUwThSrtF++7U+mZDBPRI5JH9lLzmJEvoBQlPRdnMwM8y2cJ4/B0dlwdhWH9eHXWfogeBvwz3jqOnD4AaHH6jJ9EZeoFzO2LzrheIkLBqgriZTpE57UZozD4pieZTJxKqgiHNT3zCIZM/5AuFzsMcITPPSXSrukyoYTJnoIYE0vbJzuxDnokBiFf5t8bFAaWSR+a2BznxBpwep1eIpx+8Zb9geeO8pLqT6jPSHvQX+txxZ/igWG5g+k4eF/w0PqBh5jtBeCbWq8z7gQVeyGwENXl6xDvs4hsYYj2m9RPYQ==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=j6lUMSKjKarx0mW/9pmhTQgapbcW5Nu8L9tkP7ETe78IRTSvlz5kD9LSE4Y5D2WD+2ZcmGbtL6WrlZXDBcKNCwjg628q+bYK4TZ6O71V+Gl+iuhv1i8vzq5GFRQMSS7/e7iniOM3z3ihXcwsXVrshBNWxw/Bdh/XXdIEzoISb6Bw2xczHB3u2mG96X7F3INZI6tzegqlrhNCTre1Ljw2tL2PJCQ7lKtGm2w9LmvM20NcCkNRXxwo0nHpLRnL7kzBgVbj/Zc0rACJDfX0R6/Q3QOzwV21bNawDWtCWETnhgS4r2x1zdj9uTGxGJbHU/P2uYqpHwfFWKTOVjw8jYNnLQ==

Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;

Cc: Wei Liu <wl@xxxxxxx>, Anthony PERARD <anthony.perard@xxxxxxxxxx>, Juergen Gross <jgross@xxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx

Delivery-date: Tue, 15 Mar 2022 11:38:46 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 14.03.2022 04:41, Chuck Zmudzinski wrote: > Fixes: abfb006f1ff4 (tools/libxl: explicitly grant access to needed > I/O-memory ranges) > Fixes: 0561e1f01e87 (xen/common: do not implicitly permit access to mapped > I/O memory) > Backport: 4.12+ Just fyi: This is fine to have as a tag, but it wouldn't be backported farther than to 4.15. Apart from this largely some style issues (see below), but please realize that I'm not a libxl maintainer and hence I may not have good enough knowledge of, in particular, potential unwritten conventions. > @@ -610,6 +612,45 @@ out: > return ret; > } > > +static uint32_t sysfs_dev_get_igd_opregion(libxl__gc *gc, > + libxl_device_pci *pci) > +{ > + char *pci_device_config_path = > + GCSPRINTF(SYSFS_PCI_DEV"/"PCI_BDF"/config", > + pci->domain, pci->bus, pci->dev, pci->func); > + size_t read_items; > + uint32_t igd_opregion; > + uint32_t error = 0xffffffff; I think this constant wants to gain a #define, to be able to correlate the use sites. I'm also not sure of the value - in principle the register can hold this value, but of course then it won't be 3 pages. Maybe the error check further down should be to see whether adding 2 to the value would overflow in 32 bits? (In that case a #define may not be needed anymore, as there wouldn't be multiple instances of the constant in the code.) > + > + FILE *f = fopen(pci_device_config_path, "r"); > + if (!f) { While libxl has some special style rules, I think it still wants a blank line between declaration(s) and statement(s), just like we expect elsewhere. Effectively you want to simply move the blank line you have one line down. > @@ -2531,6 +2572,37 @@ int libxl__grant_vga_iomem_permission(libxl__gc *gc, > const uint32_t domid, > domid, vga_iomem_start, (vga_iomem_start + 0x20 - 1)); > return ret; > } > + > + /* If this is an Intel IGD, allow access to the IGD opregion */ > + if (!libxl__is_igd_vga_passthru(gc, d_config)) return 0; Despite the provision for "return" or alike to go on the same line as an error code check, I don't think this is okay here. It would be if, as iirc generally expected in libxl, you latched the function return value into a local variable named "rc" (I think). > + uint32_t igd_opregion = sysfs_dev_get_igd_opregion(gc, pci); > + uint32_t error = 0xffffffff; Please don't mix declarations and statements. I also don't think "error" is really necessary as a local variable, but with the change suggested above it might disappear anyway. > + if (igd_opregion == error) break; Like above I'm not sure this is okay to all live on one line. I also think it would be nice if you used "return 0" or "break" consistently. Of course a related question is whether failure here should actually be reported to the caller. > + vga_iomem_start = ( (uint64_t) igd_opregion ) >> XC_PAGE_SHIFT; There's no need for a cast here, as you're right-shifting. Also (just fyi) there would have been three to many spaces here. I'm additionally not certain whether re-using a variable for a purpose not matching its name is deemed acceptable by libxl maintainers. > + ret = xc_domain_iomem_permission(CTX->xch, stubdom_domid, > + vga_iomem_start, > + IGD_OPREGION_PAGES, 1); > + if (ret < 0) { > + LOGED(ERROR, domid, > + "failed to give stubdom%d access to iomem range " > + "%"PRIx64"-%"PRIx64" for IGD passthru", > + stubdom_domid, vga_iomem_start, (vga_iomem_start + > + IGD_OPREGION_PAGES - 1)); > + return ret; > + } I have to admit that I find it odd that this is done unconditionally, but I notice the same is done in pre-existing code. I would have expected this to happen only when there actually is a device model stub domain. Jan > + ret = xc_domain_iomem_permission(CTX->xch, domid, > + vga_iomem_start, > + IGD_OPREGION_PAGES, 1); > + if (ret < 0) { > + LOGED(ERROR, domid, > + "failed to give dom%d access to iomem range " > + "%"PRIx64"-%"PRIx64" for IGD passthru", > + domid, vga_iomem_start, (vga_iomem_start + > + IGD_OPREGION_PAGES - 1)); > + return ret; > + } > break; > } >

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.