From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-8.5 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SIGNED_OFF_BY,SPF_HELO_NONE, SPF_PASS,USER_AGENT_SANE_1 autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id CB0AAC433E2 for ; Fri, 17 Jul 2020 13:11:02 +0000 (UTC) Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 97EE72076D for ; Fri, 17 Jul 2020 13:11:02 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 97EE72076D Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=suse.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1jwQ8R-0007or-Df; Fri, 17 Jul 2020 13:10:43 +0000 Received: from us1-rack-iad1.inumbo.com ([172.99.69.81]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1jwQ8Q-0007om-BU for xen-devel@lists.xenproject.org; Fri, 17 Jul 2020 13:10:42 +0000 X-Inumbo-ID: ea270a6a-c82e-11ea-8496-bc764e2007e4 Received: from mx2.suse.de (unknown [195.135.220.15]) by us1-rack-iad1.inumbo.com (Halon) with ESMTPS id ea270a6a-c82e-11ea-8496-bc764e2007e4; Fri, 17 Jul 2020 13:10:41 +0000 (UTC) X-Virus-Scanned: by amavisd-new at test-mx.suse.de Received: from relay2.suse.de (unknown [195.135.221.27]) by mx2.suse.de (Postfix) with ESMTP id 2D6CCB6AB; Fri, 17 Jul 2020 13:10:45 +0000 (UTC) To: "xen-devel@lists.xenproject.org" From: Jan Beulich Subject: [PATCH] x86: guard against port I/O overlapping the RTC/CMOS range Message-ID: <38c73e17-30b8-27b4-bc7c-e6ef7817fa1e@suse.com> Date: Fri, 17 Jul 2020 15:10:43 +0200 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit X-BeenThere: xen-devel@lists.xenproject.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Cc: Andrew Cooper , Wei Liu , =?UTF-8?Q?Roger_Pau_Monn=c3=a9?= Errors-To: xen-devel-bounces@lists.xenproject.org Sender: "Xen-devel" Since we intercept RTC/CMOS port accesses, let's do so consistently in all cases, i.e. also for e.g. a dword access to [006E,0071]. To avoid the risk of unintended impact on Dom0 code actually doing so (despite the belief that none ought to exist), also extend guest_io_{read,write}() to decompose accesses where some ports are allowed to be directly accessed and some aren't. Signed-off-by: Jan Beulich --- a/xen/arch/x86/pv/emul-priv-op.c +++ b/xen/arch/x86/pv/emul-priv-op.c @@ -210,7 +210,7 @@ static bool admin_io_okay(unsigned int p return false; /* We also never permit direct access to the RTC/CMOS registers. */ - if ( ((port & ~1) == RTC_PORT(0)) ) + if ( port <= RTC_PORT(1) && port + bytes > RTC_PORT(0) ) return false; return ioports_access_permitted(d, port, port + bytes - 1); @@ -297,6 +297,17 @@ static uint32_t guest_io_read(unsigned i if ( pci_cfg_ok(currd, port & 3, size, NULL) ) sub_data = pci_conf_read(currd->arch.pci_cf8, port & 3, size); } + else if ( ioports_access_permitted(currd, port, port) ) + { + if ( bytes > 1 && !(port & 1) && + ioports_access_permitted(currd, port, port + 1) ) + { + sub_data = inw(port); + size = 2; + } + else + sub_data = inb(port); + } if ( size == 4 ) return sub_data; @@ -373,25 +384,31 @@ static int read_io(unsigned int port, un return X86EMUL_OKAY; } +static void _guest_io_write(unsigned int port, unsigned int bytes, + uint32_t data) +{ + switch ( bytes ) + { + case 1: + outb((uint8_t)data, port); + if ( amd_acpi_c1e_quirk ) + amd_check_disable_c1e(port, (uint8_t)data); + break; + case 2: + outw((uint16_t)data, port); + break; + case 4: + outl(data, port); + break; + } +} + static void guest_io_write(unsigned int port, unsigned int bytes, uint32_t data, struct domain *currd) { if ( admin_io_okay(port, bytes, currd) ) { - switch ( bytes ) - { - case 1: - outb((uint8_t)data, port); - if ( amd_acpi_c1e_quirk ) - amd_check_disable_c1e(port, (uint8_t)data); - break; - case 2: - outw((uint16_t)data, port); - break; - case 4: - outl(data, port); - break; - } + _guest_io_write(port, bytes, data); return; } @@ -420,6 +437,13 @@ static void guest_io_write(unsigned int if ( pci_cfg_ok(currd, port & 3, size, &data) ) pci_conf_write(currd->arch.pci_cf8, port & 3, size, data); } + else if ( ioports_access_permitted(currd, port, port) ) + { + if ( bytes > 1 && !(port & 1) && + ioports_access_permitted(currd, port, port + 1) ) + size = 2; + _guest_io_write(port, size, data); + } if ( size == 4 ) return;