[Xen-changelog] [xen-unstable] VT-d: remove Xen and tboot range from dom0's VT-d table

[Xen patchbot-unstable <patchbot-unstable@xxxxxxxxxxxxxxxxxxx>]

# HG changeset patch
# User Keir Fraser <keir.fraser@xxxxxxxxxx>
# Date 1211786695 -3600
# Node ID c0c0f4fa88509b6f5e4fa9bf0687c7a6df53eeb8
# Parent  28083093cc5de08465c60793a02089a4745ebf3a
VT-d: remove Xen and tboot range from dom0's VT-d table

This a step forward to fix the security hole introduced by dom0's 1:1
mapping VT-d table: remove the critical code and data from it. The
more flexible solution is to update dom0's VT-d table on demand as what
will be done for other PV domains. However, there could bring a
performance issue even with software optimization. Iotlb flush of some
hardware is time-consuming.

Signed-off-by: Yang, Xiaowei <xiaowei.yang@xxxxxxxxx>
---
 xen/arch/x86/setup.c                |    8 ++++++++
 xen/arch/x86/tboot.c                |   12 ++++++++++++
 xen/drivers/passthrough/vtd/iommu.c |   14 +++++++++++++-
 3 files changed, 33 insertions(+), 1 deletion(-)

diff -r 28083093cc5d -r c0c0f4fa8850 xen/arch/x86/setup.c
--- a/xen/arch/x86/setup.c      Sat May 24 09:45:37 2008 +0100
+++ b/xen/arch/x86/setup.c      Mon May 26 08:24:55 2008 +0100
@@ -1100,6 +1100,14 @@ void arch_get_xen_caps(xen_capabilities_
 #endif
 }
 
+int xen_in_range(unsigned long start, unsigned long end)
+{
+    start = max_t(unsigned long, start, xenheap_phys_start);
+    end = min_t(unsigned long, end, xenheap_phys_end);
+ 
+    return start < end; 
+}
+
 /*
  * Local variables:
  * mode: C
diff -r 28083093cc5d -r c0c0f4fa8850 xen/arch/x86/tboot.c
--- a/xen/arch/x86/tboot.c      Sat May 24 09:45:37 2008 +0100
+++ b/xen/arch/x86/tboot.c      Mon May 26 08:24:55 2008 +0100
@@ -96,6 +96,18 @@ int tboot_in_measured_env(void)
     return (g_tboot_shared != NULL);
 }
 
+int tboot_in_range(unsigned long start, unsigned long end)
+{
+    if ( g_tboot_shared == NULL || g_tboot_shared->version < 0x02 )
+        return 0;
+
+    start = max_t(unsigned long, start, g_tboot_shared->tboot_base);
+    end = min_t(unsigned long, end, 
+                g_tboot_shared->tboot_base + g_tboot_shared->tboot_size);
+ 
+    return start < end; 
+}
+
 /*
  * Local variables:
  * mode: C
diff -r 28083093cc5d -r c0c0f4fa8850 xen/drivers/passthrough/vtd/iommu.c
--- a/xen/drivers/passthrough/vtd/iommu.c       Sat May 24 09:45:37 2008 +0100
+++ b/xen/drivers/passthrough/vtd/iommu.c       Mon May 26 08:24:55 2008 +0100
@@ -1097,9 +1097,21 @@ static int intel_iommu_domain_init(struc
 
     if ( d->domain_id == 0 )
     {
-        /* Set up 1:1 page table for dom0. */
+        extern int xen_in_range(unsigned long start, unsigned long end);
+        extern int tboot_in_range(unsigned long start, unsigned long end);
+
+        /* 
+         * Set up 1:1 page table for dom0 except the critical segments
+         * like Xen and tboot.
+         */
         for ( i = 0; i < max_page; i++ )
+        {
+            if ( xen_in_range(i << PAGE_SHIFT_4K, (i + 1) << PAGE_SHIFT_4K) ||
+                 tboot_in_range(i << PAGE_SHIFT_4K, (i + 1) << PAGE_SHIFT_4K) )
+                continue;
+
             iommu_map_page(d, i, i);
+        }
 
         setup_dom0_devices(d);
         setup_dom0_rmrr(d);

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog