x86/PCI: make all config space writes subject to XSM checking

Now that we intercept them all, there's no reason not to also uniformly
hand them to XSM. Reads (which are expected to be of less interest) get
handled as before (MMCFG accesses un-audited).

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Acked-by: Andrew Cooper <andrew.cooper3@citrix.com>

diff --git a/xen/arch/x86/pci.c b/xen/arch/x86/pci.c
index 5bcecbb5ce8096a1d734c69539b0579dde183f5e..4b87cab75c2af463abb1b8272f5cd8cd184dd400 100644 (file)
--- a/xen/arch/x86/pci.c
+++ b/xen/arch/x86/pci.c
@@ -7,6 +7,7 @@
 #include <xen/spinlock.h>
 #include <xen/pci.h>
 #include <asm/io.h>
+#include <xsm/xsm.h>
 
 static DEFINE_SPINLOCK(pci_config_lock);
 
@@ -73,7 +74,12 @@ int pci_conf_write_intercept(unsigned int seg, unsigned int bdf,
                              uint32_t *data)
 {
     struct pci_dev *pdev;
-    int rc = 0;
+    int rc = xsm_pci_config_permission(XSM_HOOK, current->domain, bdf,
+                                       reg, reg + size - 1, 1);
+
+    if ( rc < 0 )
+        return rc;
+    ASSERT(!rc);
 
     /*
      * Avoid expensive operations when no hook is going to do anything

diff --git a/xen/arch/x86/traps.c b/xen/arch/x86/traps.c
index e1038349c9c5a910fbbd52c736c62e47aedccf12..e105b953c6319430a530bac5d938603df89f4af9 100644 (file)
--- a/xen/arch/x86/traps.c
+++ b/xen/arch/x86/traps.c
@@ -1812,11 +1812,9 @@ static bool_t pci_cfg_ok(struct domain *currd, unsigned int start,
             start |= CF8_ADDR_HI(currd->arch.pci_cf8);
     }
 
-    if ( xsm_pci_config_permission(XSM_HOOK, currd, machine_bdf,
-                                   start, start + size - 1, !!write) != 0 )
-         return 0;
-
-    return !write ||
+    return !write ?
+           xsm_pci_config_permission(XSM_HOOK, currd, machine_bdf,
+                                     start, start + size - 1, 0) == 0 :
            pci_conf_write_intercept(0, machine_bdf, start, size, write) >= 0;
 }