From: Jan Beulich <jbeulich@suse.com>
To: "xen-devel@lists.xenproject.org" <xen-devel@lists.xenproject.org>
Cc: "Andrew Cooper" <andrew.cooper3@citrix.com>,
"Wei Liu" <wl@xen.org>, "Roger Pau Monné" <roger.pau@citrix.com>
Subject: [PATCH v2 2/3] x86: detect PIC aliasing on ports other than 0x[2A][01]
Date: Mon, 18 Dec 2023 15:48:05 +0100 [thread overview]
Message-ID: <c29ced52-6e1e-4997-81ab-8882df2d38a7@suse.com> (raw)
In-Reply-To: <0c45155a-2beb-4e69-bca3-cdf42ba22f2b@suse.com>
... in order to also deny Dom0 access through the alias ports. Without
this it is only giving the impression of denying access to both PICs.
Unlike for CMOS/RTC, do detection very early, to avoid disturbing normal
operation later on.
Like for CMOS/RTC a fundamental assumption of the probing is that reads
from the probed alias port won't have side effects in case it does not
alias the respective PIC's one.
Signed-off-by: Jan Beulich <jbeulich@suse.com>
---
v2: Use new command line option. s/pic/8252A/. Re-base over new earlier
patch. Use ISOLATE_LSB().
--- a/xen/arch/x86/dom0_build.c
+++ b/xen/arch/x86/dom0_build.c
@@ -467,7 +467,7 @@ static void __init process_dom0_ioports_
int __init dom0_setup_permissions(struct domain *d)
{
unsigned long mfn;
- unsigned int i;
+ unsigned int i, offs;
int rc;
if ( pv_shim )
@@ -480,10 +480,16 @@ int __init dom0_setup_permissions(struct
/* Modify I/O port access permissions. */
- /* Master Interrupt Controller (PIC). */
- rc |= ioports_deny_access(d, 0x20, 0x21);
- /* Slave Interrupt Controller (PIC). */
- rc |= ioports_deny_access(d, 0xA0, 0xA1);
+ for ( offs = 0, i = ISOLATE_LSB(i8259A_alias_mask) ?: 2;
+ offs <= i8259A_alias_mask; offs += i )
+ {
+ if ( offs & ~i8259A_alias_mask )
+ continue;
+ /* Master Interrupt Controller (PIC). */
+ rc |= ioports_deny_access(d, 0x20 + offs, 0x21 + offs);
+ /* Slave Interrupt Controller (PIC). */
+ rc |= ioports_deny_access(d, 0xA0 + offs, 0xA1 + offs);
+ }
/* ELCR of both PICs. */
rc |= ioports_deny_access(d, 0x4D0, 0x4D1);
--- a/xen/arch/x86/i8259.c
+++ b/xen/arch/x86/i8259.c
@@ -19,6 +19,7 @@
#include <xen/delay.h>
#include <asm/apic.h>
#include <asm/asm_defns.h>
+#include <asm/setup.h>
#include <io_ports.h>
#include <irq_vectors.h>
@@ -333,6 +334,58 @@ void __init make_8259A_irq(unsigned int
irq_to_desc(irq)->handler = &i8259A_irq_type;
}
+unsigned int __initdata i8259A_alias_mask;
+
+static void __init probe_8259A_alias(void)
+{
+ unsigned int mask = 0x1e;
+ uint8_t val = 0;
+
+ if ( !opt_probe_port_aliases )
+ return;
+
+ /*
+ * The only properly r/w register is OCW1. While keeping the master
+ * fully masked (thus also masking anything coming through the slave),
+ * write all possible 256 values to the slave's base port, and check
+ * whether the same value can then be read back through any of the
+ * possible alias ports. Probing just the slave of course builds on the
+ * assumption that aliasing is identical for master and slave.
+ */
+
+ outb(0xff, 0x21); /* Fully mask master. */
+
+ do {
+ unsigned int offs;
+
+ outb(val, 0xa1);
+
+ /* Try to make sure we're actually having a PIC here. */
+ if ( inb(0xa1) != val )
+ {
+ mask = 0;
+ break;
+ }
+
+ for ( offs = ISOLATE_LSB(mask); offs <= mask; offs <<= 1 )
+ {
+ if ( !(mask & offs) )
+ continue;
+ if ( inb(0xa1 + offs) != val )
+ mask &= ~offs;
+ }
+ } while ( mask && (val += 0x0d) ); /* Arbitrary uneven number. */
+
+ outb(cached_A1, 0xa1); /* Restore slave IRQ mask. */
+ outb(cached_21, 0x21); /* Restore master IRQ mask. */
+
+ if ( mask )
+ {
+ dprintk(XENLOG_INFO, "PIC aliasing mask: %02x\n", mask);
+ i8259A_alias_mask = mask;
+ }
+}
+
static struct irqaction __read_mostly cascade = { no_action, "cascade", NULL};
void __init init_IRQ(void)
@@ -343,6 +396,8 @@ void __init init_IRQ(void)
init_8259A(0);
+ probe_8259A_alias();
+
for (irq = 0; platform_legacy_irq(irq); irq++) {
struct irq_desc *desc = irq_to_desc(irq);
--- a/xen/arch/x86/include/asm/setup.h
+++ b/xen/arch/x86/include/asm/setup.h
@@ -46,6 +46,8 @@ extern uint8_t kbd_shift_flags;
extern unsigned long highmem_start;
#endif
+extern unsigned int i8259A_alias_mask;
+
extern int8_t opt_smt;
extern int8_t opt_probe_port_aliases;
next prev parent reply other threads:[~2023-12-18 14:48 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-12-18 14:45 [PATCH v2 0/3] x86: Dom0 I/O port access permissions Jan Beulich
2023-12-18 14:47 ` [PATCH v2 1/3] x86: allow to suppress port-alias probing Jan Beulich
2024-05-08 20:13 ` Jason Andryuk
2023-12-18 14:48 ` Jan Beulich [this message]
2024-04-29 19:41 ` [PATCH v2 2/3] x86: detect PIC aliasing on ports other than 0x[2A][01] Nicola Vetrini
2024-05-09 16:06 ` Jason Andryuk
2023-12-18 14:48 ` [PATCH v2 3/3] x86: detect PIT aliasing on ports other than 0x4[0-3] Jan Beulich
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=c29ced52-6e1e-4997-81ab-8882df2d38a7@suse.com \
--to=jbeulich@suse.com \
--cc=andrew.cooper3@citrix.com \
--cc=roger.pau@citrix.com \
--cc=wl@xen.org \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.