From: Jan Beulich <jbeulich@suse.com>
To: "Roger Pau Monné" <roger.pau@citrix.com>
Cc: "xen-devel@lists.xenproject.org" <xen-devel@lists.xenproject.org>,
Andrew Cooper <andrew.cooper3@citrix.com>,
Paul Durrant <paul@xen.org>, Wei Liu <wl@xen.org>
Subject: Re: [PATCH v4] x86: detect CMOS aliasing on ports other than 0x70/0x71
Date: Thu, 23 Mar 2023 15:26:19 +0100 [thread overview]
Message-ID: <a15f4c53-3ef8-7123-a47b-1e697314222f@suse.com> (raw)
In-Reply-To: <ZBxGR2j1dnvLgy/A@Air-de-Roger>
On 23.03.2023 13:29, Roger Pau Monné wrote:
> On Wed, Mar 22, 2023 at 10:55:42AM +0100, Jan Beulich wrote:
>> On 21.03.2023 15:12, Roger Pau Monné wrote:
>>> On Mon, Mar 20, 2023 at 09:32:26AM +0100, Jan Beulich wrote:
>>>> ... in order to also intercept Dom0 accesses through the alias ports.
>>>
>>> I'm trying to get some documentation about this aliasing, but so far I
>>> haven't been able to find any. Do you have any references of where I
>>> might be able to find it?
>>
>> I think several ICH datasheet documents mention this. Right now I'm
>> looking at the ICH10 one (319973-003), section 13.6.1 ("I/O Register
>> Address Map" under "Real Time Clock Registers").
>
> Thanks, I had to fetch this from elsewhere as I haven't been able to
> find it on the Intel documentation site, maybe it's too old?
>
>> But such aliasing (really: lack of decoding) has been present on
>> various of the low 1024 ports from the very early days of x86. So we
>> may want to take care of such elsewhere as well, e.g. for the PIC
>> (where aforementioned doc also explicitly mentions the aliases).
>
> I wonder how relevant those aliases are for OSes, do we know of any OS
> that uses them?
>
> For example we don't seem to provide them to HVM guests at all, and we
> seem to get away with it.
There are two aspects here: One is the functionality that becomes available
specifically via using the aliases here (and I'm not 100% certain this isn't
chipset dependent in the first place), allowing access to the full 256 bytes
of CMOS storage (i.e. no parts clipped off for the RTC registers). The other
aspect is simply disallowing access to ports we mean Dom0 to not have access
to. That would be the sole purpose e.g. for the PIC port ranges. Otherwise
there's little point disallowing access to the base ranges, imo.
>>>> Also stop intercepting accesses to the CMOS ports if we won't ourselves
>>>> use the CMOS RTC.
>>>
>>> Could this create any concerns with the ability to disable NMIs if we
>>> no longer filter accesses to the RTC?
>>
>> Hmm, that's a valid concern, but I'm not sure in how far we need to
>> be worried about giving Dom0 this level of control. As long as we
>> don't use it ourselves of course (I'm unaware of us using this
>> anywhere). If we're worried, we could continue to intercept port
>> 0x70 alone, just to mask off the top bit for writes.
>
> I would be mostly worried about dom0 disabling NMI and thus causing
> the Xen watchdog to trigger for example. I don't think we should
> allow dom0 to disable NMIs at all.
I'll see what I can do, preferably without keeping the intercepts fully
engaged.
Jan
next prev parent reply other threads:[~2023-03-23 14:26 UTC|newest]
Thread overview: 42+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-07-15 11:54 [PATCH v3 0/2] x86: RTC handling adjustments Jan Beulich
2020-07-15 11:56 ` [PATCH v3 1/2] x86: restore pv_rtc_handler() invocation Jan Beulich
2020-07-15 12:13 ` Roger Pau Monné
2020-07-15 12:36 ` Jan Beulich
2020-07-15 13:32 ` Roger Pau Monné
2020-07-15 13:51 ` Jan Beulich
2020-07-15 14:51 ` Roger Pau Monné
2020-07-16 10:06 ` Jan Beulich
2020-07-16 10:31 ` Roger Pau Monné
2020-07-16 10:52 ` Jan Beulich
2020-07-20 15:28 ` Andrew Cooper
2020-07-20 16:27 ` Jan Beulich
2020-07-21 6:36 ` Jan Beulich
2020-07-15 12:31 ` Paul Durrant
2020-07-15 11:57 ` [PATCH v3 2/2] x86: detect CMOS aliasing on ports other than 0x70/0x71 Jan Beulich
2020-07-20 11:11 ` Roger Pau Monné
2023-03-17 16:12 ` Roger Pau Monné
2023-03-20 8:32 ` [PATCH v4] " Jan Beulich
2023-03-21 14:12 ` Roger Pau Monné
2023-03-22 9:55 ` Jan Beulich
2023-03-23 12:29 ` Roger Pau Monné
2023-03-23 14:26 ` Jan Beulich [this message]
2023-03-27 15:44 ` Jan Beulich
2023-03-23 14:49 ` Roger Pau Monné
2023-03-23 16:08 ` Jan Beulich
2023-03-23 16:40 ` Roger Pau Monné
2023-03-27 15:46 ` Jan Beulich
2023-03-27 15:44 ` Jan Beulich
2023-03-30 10:40 ` [PATCH v5] " Jan Beulich
2023-04-03 11:09 ` Roger Pau Monné
2023-04-03 11:26 ` Jan Beulich
2023-04-03 11:44 ` Roger Pau Monné
2023-04-03 12:24 ` Jan Beulich
2023-04-18 9:24 ` [PATCH v6] " Jan Beulich
2023-04-18 11:35 ` Roger Pau Monné
2023-04-19 7:56 ` Jan Beulich
2023-04-19 10:45 ` Roger Pau Monné
2023-04-19 13:58 ` Jan Beulich
2023-04-19 15:55 ` Roger Pau Monné
2023-04-20 8:31 ` Jan Beulich
2023-04-20 14:31 ` Roger Pau Monné
2023-04-20 14:55 ` Jan Beulich
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=a15f4c53-3ef8-7123-a47b-1e697314222f@suse.com \
--to=jbeulich@suse.com \
--cc=andrew.cooper3@citrix.com \
--cc=paul@xen.org \
--cc=roger.pau@citrix.com \
--cc=wl@xen.org \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.