ia64/xen-unstable
changeset 17729:c0c0f4fa8850
VT-d: remove Xen and tboot range from dom0's VT-d table
This a step forward to fix the security hole introduced by dom0's 1:1
mapping VT-d table: remove the critical code and data from it. The
more flexible solution is to update dom0's VT-d table on demand as what
will be done for other PV domains. However, there could bring a
performance issue even with software optimization. Iotlb flush of some
hardware is time-consuming.
Signed-off-by: Yang, Xiaowei <xiaowei.yang@intel.com>
This a step forward to fix the security hole introduced by dom0's 1:1
mapping VT-d table: remove the critical code and data from it. The
more flexible solution is to update dom0's VT-d table on demand as what
will be done for other PV domains. However, there could bring a
performance issue even with software optimization. Iotlb flush of some
hardware is time-consuming.
Signed-off-by: Yang, Xiaowei <xiaowei.yang@intel.com>
| author | Keir Fraser <keir.fraser@citrix.com> |
|---|---|
| date | Mon May 26 08:24:55 2008 +0100 (2008-05-26) |
| parents | 28083093cc5d |
| children | 9a7a6f729d2c |
| files | xen/arch/x86/setup.c xen/arch/x86/tboot.c xen/drivers/passthrough/vtd/iommu.c |
line diff
1.1 --- a/xen/arch/x86/setup.c Sat May 24 09:45:37 2008 +0100 1.2 +++ b/xen/arch/x86/setup.c Mon May 26 08:24:55 2008 +0100 1.3 @@ -1100,6 +1100,14 @@ void arch_get_xen_caps(xen_capabilities_ 1.4 #endif 1.5 } 1.6 1.7 +int xen_in_range(unsigned long start, unsigned long end) 1.8 +{ 1.9 + start = max_t(unsigned long, start, xenheap_phys_start); 1.10 + end = min_t(unsigned long, end, xenheap_phys_end); 1.11 + 1.12 + return start < end; 1.13 +} 1.14 + 1.15 /* 1.16 * Local variables: 1.17 * mode: C
2.1 --- a/xen/arch/x86/tboot.c Sat May 24 09:45:37 2008 +0100 2.2 +++ b/xen/arch/x86/tboot.c Mon May 26 08:24:55 2008 +0100 2.3 @@ -96,6 +96,18 @@ int tboot_in_measured_env(void) 2.4 return (g_tboot_shared != NULL); 2.5 } 2.6 2.7 +int tboot_in_range(unsigned long start, unsigned long end) 2.8 +{ 2.9 + if ( g_tboot_shared == NULL || g_tboot_shared->version < 0x02 ) 2.10 + return 0; 2.11 + 2.12 + start = max_t(unsigned long, start, g_tboot_shared->tboot_base); 2.13 + end = min_t(unsigned long, end, 2.14 + g_tboot_shared->tboot_base + g_tboot_shared->tboot_size); 2.15 + 2.16 + return start < end; 2.17 +} 2.18 + 2.19 /* 2.20 * Local variables: 2.21 * mode: C
3.1 --- a/xen/drivers/passthrough/vtd/iommu.c Sat May 24 09:45:37 2008 +0100 3.2 +++ b/xen/drivers/passthrough/vtd/iommu.c Mon May 26 08:24:55 2008 +0100 3.3 @@ -1097,9 +1097,21 @@ static int intel_iommu_domain_init(struc 3.4 3.5 if ( d->domain_id == 0 ) 3.6 { 3.7 - /* Set up 1:1 page table for dom0. */ 3.8 + extern int xen_in_range(unsigned long start, unsigned long end); 3.9 + extern int tboot_in_range(unsigned long start, unsigned long end); 3.10 + 3.11 + /* 3.12 + * Set up 1:1 page table for dom0 except the critical segments 3.13 + * like Xen and tboot. 3.14 + */ 3.15 for ( i = 0; i < max_page; i++ ) 3.16 + { 3.17 + if ( xen_in_range(i << PAGE_SHIFT_4K, (i + 1) << PAGE_SHIFT_4K) || 3.18 + tboot_in_range(i << PAGE_SHIFT_4K, (i + 1) << PAGE_SHIFT_4K) ) 3.19 + continue; 3.20 + 3.21 iommu_map_page(d, i, i); 3.22 + } 3.23 3.24 setup_dom0_devices(d); 3.25 setup_dom0_rmrr(d);