ia64/xen-unstable

changeset 17729:c0c0f4fa8850

VT-d: remove Xen and tboot range from dom0's VT-d table

This a step forward to fix the security hole introduced by dom0's 1:1
mapping VT-d table: remove the critical code and data from it. The
more flexible solution is to update dom0's VT-d table on demand as what
will be done for other PV domains. However, there could bring a
performance issue even with software optimization. Iotlb flush of some
hardware is time-consuming.

Signed-off-by: Yang, Xiaowei <xiaowei.yang@intel.com>
author Keir Fraser <keir.fraser@citrix.com>
date Mon May 26 08:24:55 2008 +0100 (2008-05-26)
parents 28083093cc5d
children 9a7a6f729d2c
files xen/arch/x86/setup.c xen/arch/x86/tboot.c xen/drivers/passthrough/vtd/iommu.c
line diff
     1.1 --- a/xen/arch/x86/setup.c	Sat May 24 09:45:37 2008 +0100
     1.2 +++ b/xen/arch/x86/setup.c	Mon May 26 08:24:55 2008 +0100
     1.3 @@ -1100,6 +1100,14 @@ void arch_get_xen_caps(xen_capabilities_
     1.4  #endif
     1.5  }
     1.6  
     1.7 +int xen_in_range(unsigned long start, unsigned long end)
     1.8 +{
     1.9 +    start = max_t(unsigned long, start, xenheap_phys_start);
    1.10 +    end = min_t(unsigned long, end, xenheap_phys_end);
    1.11 + 
    1.12 +    return start < end; 
    1.13 +}
    1.14 +
    1.15  /*
    1.16   * Local variables:
    1.17   * mode: C
     2.1 --- a/xen/arch/x86/tboot.c	Sat May 24 09:45:37 2008 +0100
     2.2 +++ b/xen/arch/x86/tboot.c	Mon May 26 08:24:55 2008 +0100
     2.3 @@ -96,6 +96,18 @@ int tboot_in_measured_env(void)
     2.4      return (g_tboot_shared != NULL);
     2.5  }
     2.6  
     2.7 +int tboot_in_range(unsigned long start, unsigned long end)
     2.8 +{
     2.9 +    if ( g_tboot_shared == NULL || g_tboot_shared->version < 0x02 )
    2.10 +        return 0;
    2.11 +
    2.12 +    start = max_t(unsigned long, start, g_tboot_shared->tboot_base);
    2.13 +    end = min_t(unsigned long, end, 
    2.14 +                g_tboot_shared->tboot_base + g_tboot_shared->tboot_size);
    2.15 + 
    2.16 +    return start < end; 
    2.17 +}
    2.18 +
    2.19  /*
    2.20   * Local variables:
    2.21   * mode: C
     3.1 --- a/xen/drivers/passthrough/vtd/iommu.c	Sat May 24 09:45:37 2008 +0100
     3.2 +++ b/xen/drivers/passthrough/vtd/iommu.c	Mon May 26 08:24:55 2008 +0100
     3.3 @@ -1097,9 +1097,21 @@ static int intel_iommu_domain_init(struc
     3.4  
     3.5      if ( d->domain_id == 0 )
     3.6      {
     3.7 -        /* Set up 1:1 page table for dom0. */
     3.8 +        extern int xen_in_range(unsigned long start, unsigned long end);
     3.9 +        extern int tboot_in_range(unsigned long start, unsigned long end);
    3.10 +
    3.11 +        /* 
    3.12 +         * Set up 1:1 page table for dom0 except the critical segments
    3.13 +         * like Xen and tboot.
    3.14 +         */
    3.15          for ( i = 0; i < max_page; i++ )
    3.16 +        {
    3.17 +            if ( xen_in_range(i << PAGE_SHIFT_4K, (i + 1) << PAGE_SHIFT_4K) ||
    3.18 +                 tboot_in_range(i << PAGE_SHIFT_4K, (i + 1) << PAGE_SHIFT_4K) )
    3.19 +                continue;
    3.20 +
    3.21              iommu_map_page(d, i, i);
    3.22 +        }
    3.23  
    3.24          setup_dom0_devices(d);
    3.25          setup_dom0_rmrr(d);