xen-devel.lists.xenproject.org archive mirror
 help / color / mirror / Atom feed
From: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
To: Shannon Zhao <shannon.zhao@linaro.org>
Cc: julien.grall@arm.com, zhaoshenglong@huawei.com,
	stefano.stabellini@citrix.com, peter.huangpeng@huawei.com,
	xen-devel@lists.xen.org
Subject: Re: [PATCH v7 17/22] arm/gic: Add a new callback to deny Dom0 access to GIC regions
Date: Sat, 26 Mar 2016 13:04:27 +0000	[thread overview]
Message-ID: <alpine.DEB.2.02.1603261304070.18380@kaball.uk.xensource.com> (raw)
In-Reply-To: <1458913735-2678-18-git-send-email-shannon.zhao@linaro.org>

On Fri, 25 Mar 2016, Shannon Zhao wrote:
> Add a new member in gic_hw_operations which is used to deny Dom0 access
> to GIC regions.
> 
> Signed-off-by: Shannon Zhao <shannon.zhao@linaro.org>

Reviewed-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>


> v7: move them out of CONFIG_ACPI
> ---
>  xen/arch/arm/gic-v2.c     | 27 +++++++++++++++++++++++++++
>  xen/arch/arm/gic-v3.c     | 41 +++++++++++++++++++++++++++++++++++++++++
>  xen/arch/arm/gic.c        |  5 +++++
>  xen/include/asm-arm/gic.h |  3 +++
>  4 files changed, 76 insertions(+)
> 
> diff --git a/xen/arch/arm/gic-v2.c b/xen/arch/arm/gic-v2.c
> index 38e3216..450755f 100644
> --- a/xen/arch/arm/gic-v2.c
> +++ b/xen/arch/arm/gic-v2.c
> @@ -22,6 +22,7 @@
>  #include <xen/init.h>
>  #include <xen/mm.h>
>  #include <xen/irq.h>
> +#include <xen/iocap.h>
>  #include <xen/sched.h>
>  #include <xen/errno.h>
>  #include <xen/softirq.h>
> @@ -684,6 +685,31 @@ static void __init gicv2_dt_init(void)
>                 csize, vsize);
>  }
>  
> +static int gicv2_iomem_deny_access(const struct domain *d)
> +{
> +    int rc;
> +    unsigned long gfn, nr;
> +
> +    gfn = dbase >> PAGE_SHIFT;
> +    rc = iomem_deny_access(d, gfn, gfn + 1);
> +    if ( rc )
> +        return rc;
> +
> +    gfn = hbase >> PAGE_SHIFT;
> +    rc = iomem_deny_access(d, gfn, gfn + 1);
> +    if ( rc )
> +        return rc;
> +
> +    gfn = cbase >> PAGE_SHIFT;
> +    nr = DIV_ROUND_UP(csize, PAGE_SIZE);
> +    rc = iomem_deny_access(d, gfn, gfn + nr);
> +    if ( rc )
> +        return rc;
> +
> +    gfn = vbase >> PAGE_SHIFT;
> +    return iomem_deny_access(d, gfn, gfn + nr);
> +}
> +
>  #ifdef CONFIG_ACPI
>  static int gicv2_make_hwdom_madt(const struct domain *d, u32 offset)
>  {
> @@ -910,6 +936,7 @@ const static struct gic_hw_operations gicv2_ops = {
>      .read_apr            = gicv2_read_apr,
>      .make_hwdom_dt_node  = gicv2_make_hwdom_dt_node,
>      .make_hwdom_madt     = gicv2_make_hwdom_madt,
> +    .iomem_deny_access   = gicv2_iomem_deny_access,
>  };
>  
>  /* Set up the GIC */
> diff --git a/xen/arch/arm/gic-v3.c b/xen/arch/arm/gic-v3.c
> index 52ee23c..a095064 100644
> --- a/xen/arch/arm/gic-v3.c
> +++ b/xen/arch/arm/gic-v3.c
> @@ -27,6 +27,7 @@
>  #include <xen/cpu.h>
>  #include <xen/mm.h>
>  #include <xen/irq.h>
> +#include <xen/iocap.h>
>  #include <xen/sched.h>
>  #include <xen/errno.h>
>  #include <xen/delay.h>
> @@ -1235,6 +1236,45 @@ static void __init gicv3_dt_init(void)
>                            &vbase, &vsize);
>  }
>  
> +static int gicv3_iomem_deny_access(const struct domain *d)
> +{
> +    int rc, i;
> +    unsigned long gfn, nr;
> +
> +    gfn = dbase >> PAGE_SHIFT;
> +    nr = DIV_ROUND_UP(SZ_64K, PAGE_SIZE);
> +    rc = iomem_deny_access(d, gfn, gfn + nr);
> +    if ( rc )
> +        return rc;
> +
> +    for ( i = 0; i < gicv3.rdist_count; i++ )
> +    {
> +        gfn = gicv3.rdist_regions[i].base >> PAGE_SHIFT;
> +        nr = DIV_ROUND_UP(gicv3.rdist_regions[i].size, PAGE_SIZE);
> +        rc = iomem_deny_access(d, gfn, gfn + nr);
> +        if ( rc )
> +            return rc;
> +    }
> +
> +    if ( cbase != INVALID_PADDR )
> +    {
> +        gfn = cbase >> PAGE_SHIFT;
> +        nr = DIV_ROUND_UP(csize, PAGE_SIZE);
> +        rc = iomem_deny_access(d, gfn, gfn + nr);
> +        if ( rc )
> +            return rc;
> +    }
> +
> +    if ( vbase != INVALID_PADDR )
> +    {
> +        gfn = vbase >> PAGE_SHIFT;
> +        nr = DIV_ROUND_UP(csize, PAGE_SIZE);
> +        return iomem_deny_access(d, gfn, gfn + nr);
> +    }
> +
> +    return 0;
> +}
> +
>  #ifdef CONFIG_ACPI
>  static int gicv3_make_hwdom_madt(const struct domain *d, u32 offset)
>  {
> @@ -1530,6 +1570,7 @@ static const struct gic_hw_operations gicv3_ops = {
>      .secondary_init      = gicv3_secondary_cpu_init,
>      .make_hwdom_dt_node  = gicv3_make_hwdom_dt_node,
>      .make_hwdom_madt     = gicv3_make_hwdom_madt,
> +    .iomem_deny_access   = gicv3_iomem_deny_access,
>  };
>  
>  static int __init gicv3_dt_preinit(struct dt_device_node *node, const void *data)
> diff --git a/xen/arch/arm/gic.c b/xen/arch/arm/gic.c
> index b3c1eb3..2bfe4de 100644
> --- a/xen/arch/arm/gic.c
> +++ b/xen/arch/arm/gic.c
> @@ -744,6 +744,11 @@ int gic_make_hwdom_madt(const struct domain *d, u32 offset)
>      return gic_hw_ops->make_hwdom_madt(d, offset);
>  }
>  
> +int gic_iomem_deny_access(const struct domain *d)
> +{
> +    return gic_hw_ops->iomem_deny_access(d);
> +}
> +
>  /*
>   * Local variables:
>   * mode: C
> diff --git a/xen/include/asm-arm/gic.h b/xen/include/asm-arm/gic.h
> index 8130136..cd97bb2 100644
> --- a/xen/include/asm-arm/gic.h
> +++ b/xen/include/asm-arm/gic.h
> @@ -360,6 +360,8 @@ struct gic_hw_operations {
>                                const struct dt_device_node *gic, void *fdt);
>      /* Create MADT table for the hardware domain */
>      int (*make_hwdom_madt)(const struct domain *d, u32 offset);
> +    /* Deny access to GIC regions */
> +    int (*iomem_deny_access)(const struct domain *d);
>  };
>  
>  void register_gic_ops(const struct gic_hw_operations *ops);
> @@ -367,6 +369,7 @@ int gic_make_hwdom_dt_node(const struct domain *d,
>                             const struct dt_device_node *gic,
>                             void *fdt);
>  int gic_make_hwdom_madt(const struct domain *d, u32 offset);
> +int gic_iomem_deny_access(const struct domain *d);
>  
>  #endif /* __ASSEMBLY__ */
>  #endif
> -- 
> 2.1.4
> 

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel

  reply	other threads:[~2016-03-26 13:04 UTC|newest]

Thread overview: 45+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-03-25 13:48 [PATCH v7 00/22] Prepare UEFI and ACPI tables for Dom0 on ARM64 Shannon Zhao
2016-03-25 13:48 ` [PATCH v7 01/22] arm/acpi: Estimate memory required for acpi/efi tables Shannon Zhao
2016-03-26 13:02   ` Stefano Stabellini
2016-03-29 10:24   ` Julien Grall
2016-03-25 13:48 ` [PATCH v7 02/22] arm/acpi: Add a helper function to get the acpi table offset Shannon Zhao
2016-03-29 10:48   ` Julien Grall
2016-03-25 13:48 ` [PATCH v7 03/22] arm/acpi: Prepare FADT table for Dom0 Shannon Zhao
2016-03-25 13:48 ` [PATCH v7 04/22] arm/gic: Add a new callback for creating MADT " Shannon Zhao
2016-03-29 12:47   ` Julien Grall
2016-03-25 13:48 ` [PATCH v7 05/22] arm/acpi: Prepare " Shannon Zhao
2016-03-25 13:48 ` [PATCH v7 06/22] arm/acpi: Prepare STAO " Shannon Zhao
2016-03-25 13:48 ` [PATCH v7 07/22] arm/acpi: Prepare XSDT " Shannon Zhao
2016-03-25 13:48 ` [PATCH v7 08/22] arm/acpi: Prepare RSDP " Shannon Zhao
2016-03-25 13:48 ` [PATCH v7 09/22] arm/p2m: Add helper functions to map memory regions Shannon Zhao
2016-03-29 12:49   ` Julien Grall
2016-03-25 13:48 ` [PATCH v7 10/22] arm/acpi: Map all other tables for Dom0 Shannon Zhao
2016-03-29 13:02   ` Julien Grall
2016-03-25 13:48 ` [PATCH v7 11/22] arm/acpi: Prepare EFI system table " Shannon Zhao
2016-03-29 14:54   ` Julien Grall
2016-03-25 13:48 ` [PATCH v7 12/22] arm/acpi: Prepare EFI memory descriptor " Shannon Zhao
2016-03-29 14:54   ` Julien Grall
2016-03-25 13:48 ` [PATCH v7 13/22] arm/acpi: Map the new created EFI and ACPI tables to Dom0 Shannon Zhao
2016-03-29 15:01   ` Julien Grall
2016-03-25 13:48 ` [PATCH v7 14/22] arm/acpi: Create min DT stub for Dom0 Shannon Zhao
2016-03-29 16:10   ` Julien Grall
2016-03-25 13:48 ` [PATCH v7 15/22] arm/acpi: Permit access all Xen unused SPIs " Shannon Zhao
2016-03-29 16:10   ` Julien Grall
2016-03-25 13:48 ` [PATCH v7 16/22] arm/acpi: Configure SPI interrupt type and route to Dom0 dynamically Shannon Zhao
2016-03-29 16:12   ` Julien Grall
2016-03-25 13:48 ` [PATCH v7 17/22] arm/gic: Add a new callback to deny Dom0 access to GIC regions Shannon Zhao
2016-03-26 13:04   ` Stefano Stabellini [this message]
2016-03-29 16:13   ` Julien Grall
2016-03-25 13:48 ` [PATCH v7 18/22] arm/acpi: Permit MMIO access of Xen unused devices for Dom0 Shannon Zhao
2016-03-25 13:48 ` [PATCH v7 19/22] hvm/params: Add a new delivery type for event-channel in HVM_PARAM_CALLBACK_IRQ Shannon Zhao
2016-03-29 16:16   ` Julien Grall
2016-03-25 13:48 ` [PATCH v7 20/22] xen/acpi: Fix event-channel interrupt when booting with ACPI Shannon Zhao
2016-03-29 16:16   ` Julien Grall
2016-03-25 13:48 ` [PATCH v7 21/22] xen/arm: Add a hypercall for device mmio mapping Shannon Zhao
2016-03-30 16:05   ` Konrad Rzeszutek Wilk
2016-03-30 16:07   ` Konrad Rzeszutek Wilk
2016-03-25 13:48 ` [PATCH v7 22/22] xen/arm64: Add ACPI support Shannon Zhao
2016-03-29 16:20   ` Julien Grall
2016-03-29  7:12 ` [PATCH v7 00/22] Prepare UEFI and ACPI tables for Dom0 on ARM64 Jan Beulich
2016-03-29 16:22   ` Julien Grall
2016-03-30  7:55     ` Jan Beulich

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=alpine.DEB.2.02.1603261304070.18380@kaball.uk.xensource.com \
    --to=stefano.stabellini@eu.citrix.com \
    --cc=julien.grall@arm.com \
    --cc=peter.huangpeng@huawei.com \
    --cc=shannon.zhao@linaro.org \
    --cc=stefano.stabellini@citrix.com \
    --cc=xen-devel@lists.xen.org \
    --cc=zhaoshenglong@huawei.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).