passthrough: fix security issue with stubdoms

this patch series fixes the outstanding security problem with stubdoms
and pci passthrough.
The idea is to allow mmio, irq and ioport remapping not only if the
current domain IS_PRIV_FOR but also if the current domain has
permissions over those mmio areas, irqs and ioports.
This way a stubdom can only remap resources that currently "owns".
This patch series also moves the de\assign_device hypercalls from the
list of hypercalls made by qemu\stubdom to xend.

The two patches must be applied at the same time otherwise pci
passthrough won't work for HVM guests.

[PATCH 2 of 2] qemu: do not call xc_assign_device

This patch removes the call to xc_assign_device from qemu.

Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>

diff --git a/hw/pass-through.c b/hw/pass-through.c
index a207b2c5f15c93458e9ad980f877534b9777f7bf..cdf0f31bc3b8ea426a4f11b71c4387633bcadb87 100644 (file)
--- a/hw/pass-through.c
+++ b/hw/pass-through.c
@@ -4168,7 +4168,6 @@ static struct pt_dev * register_real_device(PCIBus *e_bus,
     struct pt_dev *assigned_device = NULL;
     struct pci_dev *pci_dev;
     uint8_t e_device, e_intx;
-    struct pci_config_cf8 machine_bdf;
     char *key, *val;
     int msi_translate, power_mgmt;
 
@@ -4253,15 +4252,6 @@ static struct pt_dev * register_real_device(PCIBus *e_bus,
     assigned_device->is_virtfn = pt_dev_is_virtfn(pci_dev);
     pt_iomul_init(assigned_device, r_bus, r_dev, r_func);
 
-    /* Assign device */
-    machine_bdf.reg = 0;
-    machine_bdf.bus = r_bus;
-    machine_bdf.dev = r_dev;
-    machine_bdf.func = r_func;
-    rc = xc_assign_device(xc_handle, domid, machine_bdf.value);
-    if ( rc < 0 )
-        PT_LOG("Error: xc_assign_device error %d\n", rc);
-
     /* Initialize virtualized PCI configuration (Extended 256 Bytes) */
     for ( i = 0; i < PCI_CONFIG_SIZE; i++ )
         assigned_device->dev.config[i] = pci_read_byte(pci_dev, i);