ia64/xen-unstable

changeset 6568:a51e78a2a01a

Disallow domain 0 access to certain I/O port ranges
(Master/Slave PICs, PIT, Speaker Control). Modifying
these can seriously harm Xen's health.

Signed-off-by: Keir Fraser <keir@xensource.com>
author kaf24@firebug.cl.cam.ac.uk
date Wed Aug 31 12:56:42 2005 +0000 (2005-08-31)
parents d6752f193ffa
children 6fdbb0e35083
files xen/arch/x86/domain_build.c
line diff
     1.1 --- a/xen/arch/x86/domain_build.c	Wed Aug 31 10:39:53 2005 +0000
     1.2 +++ b/xen/arch/x86/domain_build.c	Wed Aug 31 12:56:42 2005 +0000
     1.3 @@ -20,6 +20,7 @@
     1.4  #include <asm/processor.h>
     1.5  #include <asm/desc.h>
     1.6  #include <asm/i387.h>
     1.7 +#include <asm/physdev.h>
     1.8  #include <asm/shadow.h>
     1.9  
    1.10  static long dom0_nrpages;
    1.11 @@ -707,6 +708,18 @@ int construct_dom0(struct domain *d,
    1.12          printk("dom0: shadow setup done\n");
    1.13      }
    1.14  
    1.15 +    /*
    1.16 +     * Modify I/O port access permissions.
    1.17 +     */
    1.18 +    /* Master Interrupt Controller (PIC). */
    1.19 +    physdev_modify_ioport_access_range(dom0, 0, 0x20, 2);
    1.20 +    /* Slave Interrupt Controller (PIC). */
    1.21 +    physdev_modify_ioport_access_range(dom0, 0, 0xA0, 2);
    1.22 +    /* Interval Timer (PIT). */
    1.23 +    physdev_modify_ioport_access_range(dom0, 0, 0x40, 4);
    1.24 +    /* PIT Channel 2 / PC Speaker Control. */
    1.25 +    physdev_modify_ioport_access_range(dom0, 0, 0x61, 1);
    1.26 +
    1.27      return 0;
    1.28  }
    1.29